CN106650432B - Method and device for analyzing classified information - Google Patents

Method and device for analyzing classified information Download PDF

Info

Publication number
CN106650432B
CN106650432B CN201610877674.9A CN201610877674A CN106650432B CN 106650432 B CN106650432 B CN 106650432B CN 201610877674 A CN201610877674 A CN 201610877674A CN 106650432 B CN106650432 B CN 106650432B
Authority
CN
China
Prior art keywords
information
secret
access
period
event
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610877674.9A
Other languages
Chinese (zh)
Other versions
CN106650432A (en
Inventor
张巨世
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Qihoo Technology Co Ltd
Beijing Qianxin Technology Co Ltd
Original Assignee
Beijing Qihoo Technology Co Ltd
Beijing Qianxin Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Qihoo Technology Co Ltd, Beijing Qianxin Technology Co Ltd filed Critical Beijing Qihoo Technology Co Ltd
Priority to CN201610877674.9A priority Critical patent/CN106650432B/en
Publication of CN106650432A publication Critical patent/CN106650432A/en
Application granted granted Critical
Publication of CN106650432B publication Critical patent/CN106650432B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

本发明公开了一种涉密信息的分析方法及装置,涉及信息技术领域,可以提高查询泄密原因的效率。所述方法包括:获取涉密信息对应的涉密周期信息;根据所述涉密周期信息,对所述涉密信息进行分析;当所述涉密信息在涉密周期内出现未授权访问事件时,确定发生泄密事件;根据与所述未授权访问事件对应的访问信息,输出所述泄密事件的泄密原因的分析结果。本发明适用于涉密信息的分析。

Figure 201610877674

The invention discloses a method and a device for analyzing secret-related information, which relate to the field of information technology and can improve the efficiency of querying the cause of secret leakage. The method includes: acquiring secret-related period information corresponding to secret-related information; analyzing the secret-related information according to the secret-related period information; and when an unauthorized access event occurs on the secret-related information within the secret-related period , determine the occurrence of a leaking event; output an analysis result of the leaking cause of the leaking event according to the access information corresponding to the unauthorized access event. The present invention is suitable for the analysis of classified information.

Figure 201610877674

Description

涉密信息的分析方法及装置Method and device for analyzing classified information

技术领域technical field

本发明涉及一种信息技术领域,特别是涉及一种涉密信息的分析方法及装置。The invention relates to the field of information technology, in particular to a method and device for analyzing classified information.

背景技术Background technique

随着信息技术的不断发展,涉密信息的安全性越来越得到人们的重视。所谓涉密信息是指涉及到保密的信息,例如,企业投资重组计划,关键金融类指数信息,企业产品的具体计划、规格、技术方案、研发人员构成等信息,金融证券投资等决议或消息等。通常涉密信息会存在涉密周期,当涉密信息处在其对应的涉密周期内时属于保密阶段,当涉密信息处在其对应的涉密周期外时属于公开阶段。With the continuous development of information technology, the security of classified information has been paid more and more attention by people. The so-called confidential information refers to confidential information, such as corporate investment and restructuring plans, key financial index information, specific plans, specifications, technical solutions, R&D personnel composition and other information of corporate products, financial securities investment and other resolutions or news, etc. . Usually, confidential information will have a confidential period. When the confidential information is within its corresponding confidential period, it belongs to the confidential stage, and when the confidential information is outside its corresponding confidential period, it belongs to the public stage.

目前,用户在得知关于涉密信息发生泄密事件后,用户可以通过查询的方式追查原始数据中访问该涉密信息的历史情况,从而确定泄密原因,然而,这种方式需要用户主动去查询,原始数据通常是以台账模式为主的业务体现,因此,海量的数据需要由用户进行甄别,进而会造成查询泄密原因的效率较低。At present, after the user learns that the confidential information has been leaked, the user can trace the historical situation of accessing the confidential information in the original data by means of query, so as to determine the cause of the leakage. However, this method requires the user to take the initiative to inquire, The original data is usually embodied in the ledger mode. Therefore, the massive data needs to be screened by users, which will lead to low efficiency in querying the reasons for leaks.

发明内容SUMMARY OF THE INVENTION

有鉴于此,本发明提供了一种涉密信息的分析方法及装置,主要目的在于解决目前需要通过人工方式主动去查询涉密信息发生泄密事件的泄密原因,海量的数据需要由用户进行甄别,进而会造成查询泄密原因的效率较低的问题。In view of this, the present invention provides a method and device for analyzing secret-related information, the main purpose of which is to solve the current need to actively query secret-related information through manual means to leak the cause of secret information, and massive data needs to be screened by users. This will lead to a problem of low efficiency in querying the cause of leaks.

为达到上述目的,依据本发明一个方面,提供了一种涉密信息的分析方法,该方法包括:In order to achieve the above object, according to one aspect of the present invention, a method for analyzing classified information is provided, the method comprising:

获取涉密信息对应的涉密周期信息;Obtain the secret-related period information corresponding to the secret-related information;

根据所述涉密周期信息,对所述涉密信息进行分析;analyzing the secret-related information according to the secret-related period information;

当所述涉密信息在涉密周期内出现未授权访问事件时,确定发生泄密事件;When an unauthorized access event occurs to the classified information within the classified information period, it is determined that a leakage event occurs;

根据与所述未授权访问事件对应的访问信息,输出所述泄密事件的泄密原因的分析结果。According to the access information corresponding to the unauthorized access event, an analysis result of the leakage cause of the leakage event is output.

依据本发明另一个方面,提供了一种涉密信息的分析装置,该装置包括:According to another aspect of the present invention, a device for analyzing classified information is provided, the device comprising:

获取单元,用于获取涉密信息对应的涉密周期信息;an obtaining unit, used to obtain the secret-related period information corresponding to the secret-related information;

分析单元,用于根据所述获取单元获取的涉密周期信息,对所述涉密信息进行分析;an analysis unit, configured to analyze the secret-related information according to the secret-related period information obtained by the obtaining unit;

确定单元,用于当所述涉密信息在涉密周期内出现未授权访问事件时,确定发生泄密事件;a determining unit, configured to determine that a leakage event occurs when an unauthorized access event occurs to the classified information within the classified information period;

输出单元,用于根据与所述未授权访问事件对应的访问信息,输出所述泄密事件的泄密原因的分析结果。An output unit, configured to output an analysis result of the leakage cause of the leakage event according to the access information corresponding to the unauthorized access event.

借由上述技术方案,本发明实施例提供的技术方案至少具有下列优点:With the above technical solutions, the technical solutions provided by the embodiments of the present invention have at least the following advantages:

本发明提供的一种涉密信息的分析方法及装置,首先获取涉密信息对应的涉密周期信息;然后根据所述涉密周期信息,对所述涉密信息进行分析;当所述涉密信息在涉密周期内出现未授权访问事件时,确定发生泄密事件;根据与所述未授权访问事件对应的访问信息,输出所述泄密事件的泄密原因的分析结果。与目前通过人工方式主动去查询涉密信息发生泄密事件的泄密原因相比,本发明根据涉密信息所在的涉密周期,对涉密信息进行分析,从分析得到的结果中,得到发生泄密事件的原因并可以自动展现给用户,可以实现泄密原因的自动分析,无需用户对海量的数据进行一一甄别,可以提高查询泄密原因的效率,并且当涉密信息在涉密周期内出现未授权访问事件时,确定发生泄密事件,可以实现及时通知用户涉密信息已经发生了泄密事件,进而可以及时进行有效拦截。A method and device for analyzing secret-related information provided by the present invention firstly obtains the secret-related period information corresponding to the secret-related information; then analyzes the secret-related information according to the secret-related period information; When an unauthorized access event occurs in the information during the confidential period, it is determined that a leakage event occurs; according to the access information corresponding to the unauthorized access event, an analysis result of the leakage cause of the leakage event is output. Compared with the current manual method to actively inquire about the leakage cause of the leakage incident of the secret-related information, the present invention analyzes the secret-related information according to the period of the secret-related information in which the secret-related information is located, and obtains the leakage incident from the results obtained from the analysis. The reason of the leak can be automatically displayed to the user, which can realize the automatic analysis of the leak cause, without the need for the user to screen the massive data one by one, which can improve the efficiency of querying the leak cause, and when the confidential information is unauthorized access during the confidential period In the event of an incident, it is determined that a leaking incident has occurred, so that the user can be notified in time that a leaking incident has occurred in the confidential information, and then effective interception can be carried out in a timely manner.

上述说明仅是本发明技术方案的概述,为了能够更清楚了解本发明的技术手段,而可依照说明书的内容予以实施,并且为了让本发明的上述和其它目的、特征和优点能够更明显易懂,以下特举本发明的具体实施方式。The above description is only an overview of the technical solutions of the present invention, in order to be able to understand the technical means of the present invention more clearly, it can be implemented according to the content of the description, and in order to make the above and other purposes, features and advantages of the present invention more obvious and easy to understand , the following specific embodiments of the present invention are given.

附图说明Description of drawings

通过阅读下文优选实施方式的详细描述,各种其他的优点和益处对于本领域普通技术人员将变得清楚明了。附图仅用于示出优选实施方式的目的,而并不认为是对本发明的限制。而且在整个附图中,用相同的参考符号表示相同的部件。在附图中:Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are for the purpose of illustrating preferred embodiments only and are not to be considered limiting of the invention. Also, the same components are denoted by the same reference numerals throughout the drawings. In the attached image:

图1示出了本发明实施例提供的一种涉密信息的分析方法流程示意图;1 shows a schematic flowchart of a method for analyzing classified information provided by an embodiment of the present invention;

图2示出了本发明实施例提供的另一种涉密信息的分析方法流程示意图;FIG. 2 shows a schematic flowchart of another method for analyzing classified information provided by an embodiment of the present invention;

图3示出了本发明实施例提供的一种泄密信息访问时间的分析示意图;FIG. 3 shows a schematic diagram of analysis of the access time of leaked information provided by an embodiment of the present invention;

图4示出了本发明实施例提供的一种泄密内容涉密周期访问分析示意图;FIG. 4 shows a schematic diagram of periodic access analysis of leaked content according to an embodiment of the present invention;

图5示出了本发明实施例提供的一种访问源涉密信息访问分析示意图;FIG. 5 shows a schematic diagram of access analysis of confidential information of an access source provided by an embodiment of the present invention;

图6示出了本发明实施例提供的一种涉密信息访问量分析示意图;FIG. 6 shows a schematic diagram of an analysis of access volume of confidential information provided by an embodiment of the present invention;

图7示出了本发明实施例提供的一种涉密信息的分析装置结构示意图;FIG. 7 shows a schematic structural diagram of an apparatus for analyzing classified information provided by an embodiment of the present invention;

图8示出了本发明实施例提供的另一种涉密信息的分析装置结构示意图。FIG. 8 shows a schematic structural diagram of another apparatus for analyzing classified information provided by an embodiment of the present invention.

具体实施方式Detailed ways

下面将参照附图更详细地描述本公开的示例性实施例。虽然附图中显示了本公开的示例性实施例,然而应当理解,可以以各种形式实现本公开而不应被这里阐述的实施例所限制。相反,提供这些实施例是为了能够更透彻地理解本公开,并且能够将本公开的范围完整的传达给本领域的技术人员。Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited by the embodiments set forth herein. Rather, these embodiments are provided so that the present disclosure will be more thoroughly understood, and will fully convey the scope of the present disclosure to those skilled in the art.

本发明实施例提供了一种涉密信息的分析方法,如图1所示,所述方法包括:An embodiment of the present invention provides a method for analyzing classified information, as shown in FIG. 1 , the method includes:

101、获取涉密信息对应的涉密周期信息。101. Obtain secret-related period information corresponding to the secret-related information.

其中,所述涉密周期信息中可以包含涉密信息从涉密状态到公开状态的时间范围。具体地,按照密级的不同,所述涉密周期信息中具体可以包含绝密周期信息、和/或机密周期信息,和/或普密周期信息等。例如,涉密信息A对应的涉密周期为从2015年10月1日至2016年3月1日这段时间,具体地,从2015年10月1日至2016年2月1日这段时间为绝密期,从2016年2月2日至2016年3月1日这段时间为机密期。Wherein, the secret-related period information may include the time range of the secret-related information from the secret-related state to the public state. Specifically, according to different secret levels, the secret-related period information may specifically include top secret period information, and/or secret period information, and/or general secret period information, and the like. For example, the confidential period corresponding to confidential information A is from October 1, 2015 to March 1, 2016, specifically, from October 1, 2015 to February 1, 2016 It is a top secret period, and the period from February 2, 2016 to March 1, 2016 is a confidential period.

需要说明的是,对于本发明实施例,涉密信息在组织内首次产生,被使用,根据密级在涉密周期内需要被授权访问,涉密信息被引用到组织内,被修改使用,根据密级需要在涉密周期内被保护,涉密信息之间通过关联可以形成新的涉密信息,其中,可以根据涉密信息访问权限的限定和涉密周期的限定,形成涉密信息对应的密级。It should be noted that, for this embodiment of the present invention, the classified information is first generated in the organization, used, and needs to be authorized to access during the classified period according to the classification level. It needs to be protected within the secret-related period, and new secret-related information can be formed through association between secret-related information. The secret level corresponding to the secret-related information can be formed according to the limitation of the access authority of the secret-related information and the limitation of the secret-related period.

102、根据涉密周期信息,对涉密信息进行分析。102. Analyze the secret-related information according to the secret-related period information.

具体地,根据涉密周期信息,可以结合涉密信息对应的行为日志信息,对涉密信息进行分析,其中,该行为日志信息中可以记录涉密信息被引用情况、被授权访问情况、被非授权访问情况、被传递情况、引用频次、访问频次、传递频次等。Specifically, according to the secret-related period information, the secret-related information can be analyzed in combination with the behavior log information corresponding to the secret-related information. Authorized access status, delivery status, reference frequency, access frequency, delivery frequency, etc.

例如,对于产品的具体计划、规格、技术方案、研发人员构成等信息,在发布前具有保密要求,在发布后数据密级降低或进入脱密期,涉密周期为产品立项至发布,为了分析出这些信息中是否存在泄露事件,可以结合这些信息所在的涉密周期对这些信息进行分析,具体地,可以结合这些信息在涉密周期内是否被授权访问进行判断。For example, for the specific plans, specifications, technical solutions, R&D personnel composition and other information of the product, there are confidentiality requirements before the release. After the release, the data security level is lowered or enters the declassification period. Whether there is a leakage event in the information can be analyzed based on the secret-related period in which the information is located. Specifically, it can be judged based on whether the information is authorized to be accessed during the secret-related period.

需要说明的是,对于本发明实施例,根据涉密周期信息,对涉密信息进行分析的过程,具体可以在涉密信息公开后,即在涉密周期外对其进行分析,也可以在涉密信息未被公开时,即在涉密周期内对其进行分析,进而可以达到实时监控是否发生泄密事件的目的,从而可以实现涉密信息在涉密周期内可监管,在涉密周期外可分析。It should be noted that, for the embodiment of the present invention, the process of analyzing the secret-related information according to the secret-related period information may specifically be analyzed after the secret-related information is disclosed, that is, outside the secret-related period, or it can be analyzed in the secret-related period. When confidential information is not disclosed, it is analyzed during the confidential period, so as to achieve the purpose of real-time monitoring of whether there is a leakage incident, so that the confidential information can be supervised during the confidential period, and can be monitored outside the confidential period. analyze.

103、当涉密信息在涉密周期内出现未授权访问事件时,确定发生泄密事件。103. When an unauthorized access event occurs to the confidential information within the confidential period, it is determined that a leakage event occurs.

在本发明实施例中,可以预先设定授权用户,即这些授权用户在涉密周期内访问泄密信息是合法的,而其他用户在涉密周期内访问泄密信息是非法的。In this embodiment of the present invention, authorized users may be preset, that is, it is legal for these authorized users to access the leaked information during the secret-related period, while it is illegal for other users to access the leaked information during the secret-related period.

例如,当涉密信息在涉密周期内被访问,并且是被未授权的用户访问时,说明系统可能遭受到了黑客攻击,黑客窃取了该涉密信息,进而可以确定发生了泄密事件。For example, when the confidential information is accessed during the confidential period and is accessed by an unauthorized user, it means that the system may have been attacked by hackers, and the hacker has stolen the confidential information, and then it can be determined that a leakage incident has occurred.

104、根据与未授权访问事件对应的访问信息,输出泄密事件的泄密原因的分析结果。104. According to the access information corresponding to the unauthorized access event, output an analysis result of the leakage cause of the leakage event.

其中,所述访问信息可以包括访客身份、访问路径、访问时间、访问源等信息。The access information may include information such as visitor identity, access path, access time, and access source.

在本发明实施例中,分析结果的展现形式可以为文字加图表的展现形式,以便用户更直观了解泄密事件。In this embodiment of the present invention, the presentation form of the analysis result may be a presentation form of text and graphs, so that the user can understand the leaking event more intuitively.

例如,当涉密信息在涉密周期内被访问,并且是被未授权的用户访问时,确定发生泄密事件,通过分析得到该用户的身份信息、利用哪些手段访问到涉密信息、访问涉密信息的时间、访问时的路径、涉密信息的访问源等信息,并输出相应的分析结果,以便将泄密事件及其分析结果自动展现给用户。For example, when confidential information is accessed during the confidential period and is accessed by an unauthorized user, it is determined that a leakage event has occurred, and the user's identity information can be obtained through analysis, and what methods are used to access confidential information and access confidential information. Information time, access path, access source of confidential information, etc., and output the corresponding analysis results, so as to automatically display the leakage incident and its analysis results to the user.

本发明实施例提供的一种涉密信息的分析方法,首先获取涉密信息对应的涉密周期信息;然后根据所述涉密周期信息,对所述涉密信息进行分析;当所述涉密信息在涉密周期内出现未授权访问事件时,确定发生泄密事件;根据与所述未授权访问事件对应的访问信息,输出所述泄密事件的泄密原因的分析结果。与目前通过人工方式主动去查询涉密信息发生泄密事件的泄密原因相比,本发明根据涉密信息所在的涉密周期,对涉密信息进行分析,从分析得到的结果中,得到发生泄密事件的原因并可以自动展现给用户,可以实现泄密原因的自动分析,无需用户对海量的数据进行一一甄别,可以提高查询泄密原因的效率,并且当涉密信息在涉密周期内出现未授权访问事件时,确定发生泄密事件,可以实现及时通知用户涉密信息已经发生了泄密事件,进而可以及时进行有效拦截。A method for analyzing secret-related information provided by an embodiment of the present invention first obtains secret-related period information corresponding to secret-related information; then analyzes the secret-related information according to the secret-related period information; When an unauthorized access event occurs in the information during the confidential period, it is determined that a leakage event occurs; according to the access information corresponding to the unauthorized access event, an analysis result of the leakage cause of the leakage event is output. Compared with the current manual method to actively inquire about the leakage cause of the leakage incident of the secret-related information, the present invention analyzes the secret-related information according to the period of the secret-related information in which the secret-related information is located, and obtains the leakage incident from the results obtained from the analysis. The reason of the leak can be automatically displayed to the user, which can realize the automatic analysis of the leak cause, without the need for the user to screen the massive data one by one, which can improve the efficiency of querying the leak cause, and when the confidential information is unauthorized access during the confidential period In the event of an incident, it is determined that a leaking incident has occurred, so that the user can be notified in time that a leaking incident has occurred in the confidential information, and then effective interception can be carried out in a timely manner.

具体地,本发明实施例提供了另一种涉密信息的分析方法,如图2所示,所述方法包括:Specifically, an embodiment of the present invention provides another method for analyzing classified information, as shown in FIG. 2 , the method includes:

201、根据预置行业规则库中的特征规则,对行业数据进行匹配。201. Match industry data according to feature rules in a preset industry rule base.

其中,所述预置行业规则库中保存有不同行业的涉密信息分别对应的特征规则。所述行业数据可以为医疗行业的数据、建筑行业的数据、银行行业的数据、电商行业的数据等,本发明实施例不做具体限定。对于本发明实施例,所述预置行业规则库中的特征规则是根据各行业中所涉及的涉密信息的特征归纳得到的,预置行业规则库中存储的是行业涉密信息对应的特征规则,而非各行业的涉密信息。预置行业规则库中的特征规则越完善,根据特征规则匹配行业数据确定的涉密信息就越准确。在本发明实施例中,通过建立预置行业规则库,能够在审计策略中对行业数据做到智能监测,准确的判断出与预置行业规则库匹配的行业数据是否为涉密信息。Wherein, the preset industry rule base stores characteristic rules corresponding to secret-related information of different industries respectively. The industry data may be data of the medical industry, data of the construction industry, data of the banking industry, data of the e-commerce industry, etc., which are not specifically limited in the embodiment of the present invention. For the embodiment of the present invention, the feature rules in the preset industry rule base are obtained by induction according to the features of confidential information involved in various industries, and the preset industry rule base stores the features corresponding to the industry confidential information Rules, not classified information of various industries. The more complete the feature rules in the preset industry rule base, the more accurate the classified information determined by matching industry data according to the feature rules. In the embodiment of the present invention, by establishing a preset industry rule base, it is possible to intelligently monitor industry data in the audit strategy, and accurately determine whether the industry data matching the preset industry rule base is classified information.

202、将与特征规则匹配成功的行业数据确定为涉密信息。202. Determine the industry data that is successfully matched with the characteristic rule as confidential information.

在本发明实施例中,当行业数据与预置行业规则库中的特征规则匹配成功时,说明行业数据中包含涉密信息,因此可以将该行业数据确定为涉密信息。In the embodiment of the present invention, when the industry data is successfully matched with the feature rules in the preset industry rule base, it means that the industry data contains confidential information, so the industry data can be determined as confidential information.

需要说明的是,根据预置行业规则库中的特征规则,对行业数据进行匹配,并将与特征规则匹配成功的行业数据确定为涉密信息,可以实现对这些涉密信息进行自动分析,进而可以查询出哪些涉密信息出现了泄密事件,从而可以实现集成大数据分析平台,分析结果更有效,数据获取完整,分析结果更准确。It should be noted that, according to the feature rules in the preset industry rule base, the industry data is matched, and the industry data that successfully matches the feature rules is determined as confidential information, which can realize automatic analysis of these confidential information, and then It is possible to query which classified information has been leaked, so as to realize the integration of the big data analysis platform, the analysis results are more effective, the data acquisition is complete, and the analysis results are more accurate.

203、获取确定的涉密信息对应的涉密周期信息。203. Acquire secret-related period information corresponding to the determined secret-related information.

其中,所述涉密周期信息中包含一种或多种密级周期信息。例如,涉密周期信息中具体可以包含绝密周期信息、和/或机密周期信息,和/或普密周期信息等。Wherein, the secret-related period information includes one or more types of secret-level period information. For example, the secret-related period information may specifically include top secret period information, and/or secret period information, and/or common secret period information, and the like.

例如,用户购买标书到投标结束,采取的投标商务和技术条款,在开标前处于涉密周期,在开标后密级降为公开。而在开标前,用户除比较关心采取投标策略外,也更为关心条款是否泄露。For example, when a user purchases a bid to the end of the bid, the commercial and technical terms of the bid are in a confidential period before the bid is opened, and the secret level is downgraded to the public after the bid is opened. Before the opening of the bid, users are more concerned about whether the terms are leaked in addition to adopting a bidding strategy.

204、根据涉密周期信息,对涉密信息进行分析。204. Analyze the secret-related information according to the secret-related period information.

具体地,根据涉密周期信息,可以结合涉密信息对应的行为日志信息,对涉密信息进行分析。Specifically, according to the secret-related period information, the secret-related information can be analyzed in combination with the behavior log information corresponding to the secret-related information.

例如,智能手机产品设计、设计、材料等保密到产品交付后,任何一个规格泄露,都是实实在在的商务损失,为了分析出相关的信息中是否存在泄露事件,可以结合这些信息所在的涉密周期对这些信息进行分析,具体地,可以结合这些信息在涉密周期内是否被授权访问进行判断。For example, after the product design, design, materials, etc. of the smartphone are kept secret until the product is delivered, any specification leakage is a real business loss. The information is analyzed during the secret period, and specifically, it can be judged in combination with whether the information is authorized to be accessed during the secret period.

进一步地,在步骤204之后,还可以包括:当所述涉密信息在涉密周期内出现异常存储事件时,确定发生泄密事件;根据与所述异常存储事件对应的存储位置信息和存储时间信息,输出所述泄密事件的泄密原因的分析结果。Further, after step 204, it may also include: when an abnormal storage event occurs in the confidential information within the confidential period, it is determined that a leakage event occurs; according to the storage location information and storage time information corresponding to the abnormal storage event , and output the analysis result of the leaking cause of the leaking event.

例如,涉密信息被存储在企业的中心服务器中或存储在某个固定的计算机当中,当检测出在涉密周期内涉密信息的存储位置发生迁移,涉密信息被复制或剪切到移动硬盘、光盘、U盘等外部存储设备时,可以确定发生了泄密事件,并可以结合外部存储设备的标识,输出所述泄密事件的泄密原因的分析结果。For example, confidential information is stored in the central server of the enterprise or in a fixed computer. When it is detected that the storage location of confidential information has migrated during the confidential period, the confidential information is copied or cut to the mobile When using external storage devices such as hard disks, optical discs, and U-disks, it can be determined that a leakage event has occurred, and an analysis result of the leakage cause of the leakage event can be output in combination with the identification of the external storage device.

进一步地,在步骤204之后,还可以包括:当所述涉密信息在涉密周期内出现异常传递事件时,确定发生泄密事件;根据与所述异常传递事件对应的传递路径信息、传递方式信息及传递时间信息,输出所述泄密事件的泄密原因的分析结果。Further, after step 204, it may also include: when an abnormal transmission event occurs in the confidential information within the confidential period, it is determined that a leakage event occurs; according to the transmission path information and transmission method information corresponding to the abnormal transmission event and transmission time information, and output the analysis result of the leaking cause of the leaking event.

例如,涉密信息被存储在电脑A中,用户通过局域网登录到电脑A中,并将涉密信息传递到了自己的电脑B中,之后该涉密信息又由电脑B通过局域网传递到了电脑C中,其中,电脑A、B、C为公司内部电脑,最后在电脑C中通过互联网将该涉密信息利用电子邮件方式传递了出去,由于该涉密信息不可以外泄,因此,此时可以确定发生了泄密事件,可以结合“电脑A->电脑B->电脑C”的传递路径,以及局域网传递和电子邮件传递的传递方式,输出泄密事件的泄密原因的分析结果。For example, the confidential information is stored in computer A, the user logs in to computer A through the local area network, and transmits the confidential information to his computer B, and then the confidential information is transmitted from computer B to computer C through the local area network. , among them, computers A, B, and C are the internal computers of the company. Finally, the confidential information is sent out by e-mail through the Internet in computer C. Since the confidential information cannot be leaked, it can be determined that the occurrence of In case of leaks, you can combine the transmission path of "computer A->computer B->computer C", as well as the transmission methods of local area network transmission and e-mail transmission, to output the analysis result of the leaking cause of the leaking incident.

205、当涉密信息在涉密周期内出现未授权访问事件时,确定发生泄密事件。205. When an unauthorized access event occurs to the confidential information within the confidential period, it is determined that a leakage event occurs.

进一步地,所述确定发生泄密事件之后,还可以输出发生泄密事件的告警信息,以便及时提示用户已经发生了泄密事件。其中,所述告警信息可以文本告警信息、图片告警信息、音频告警信息、视频告警信息等。Further, after it is determined that the leakage event occurs, alarm information of the occurrence of the leakage event may also be output, so as to prompt the user that the leakage event has occurred in time. The alarm information may be text alarm information, picture alarm information, audio alarm information, video alarm information, and the like.

例如,当涉密信息在涉密周期内被访问,并且是被未授权的用户访问时,说明系统可能遭受到了攻击,入侵者窃取了该涉密信息,进而可以确定发生了泄密事件。For example, when the confidential information is accessed during the confidential period and is accessed by an unauthorized user, it means that the system may be attacked, and the intruder steals the confidential information, and then it can be determined that a leakage incident has occurred.

206、根据与未授权访问事件对应的访问信息,输出所述泄密事件的泄密原因的分析结果。206. According to the access information corresponding to the unauthorized access event, output an analysis result of the leaking cause of the leaking event.

其中,所述访问信息中包含访客信息、访问时间信息、访问路径信息及访问源信息。对于本发明实施例,可以输出泄密信息访问时间的分析图、涉密内容涉密周期访问分析图、访问源涉密信息访问分析图等。Wherein, the access information includes visitor information, access time information, access path information and access source information. For the embodiment of the present invention, an analysis graph of the access time of the leaked information, an analysis graph of the periodic access to the secret-related content, and an access analysis graph of the secret-related information of the access source can be output.

例如,如图3所示,为一种泄密信息访问时间的分析示意图,在该图中,横坐标表示涉密周期的每一天,如3月1日、3月2日等,纵坐标表示一天中的具体时刻,如1:00、2:00等,图中可以记录访问源的涉密信息一天中被访问时的时间段,具体可以用竖线条表示,竖线条的长短对应访问时长,竖线条的起始位置和终止位置分别对应访问的起始时间和终止时间。当发生未授权访问事件时,可以通过线形差异或颜色差异的方式,表示出现异样的竖线条,进一步地,可以统计容易发生泄密事件的访问时间特征等。For example, as shown in Figure 3, it is a schematic diagram of the analysis of the access time of leaked information. In this figure, the abscissa represents each day of the confidential period, such as March 1, March 2, etc., and the ordinate represents one day The specific time, such as 1:00, 2:00, etc., in the figure can record the time period when the confidential information of the access source is accessed in a day, which can be represented by vertical lines. The length of the vertical line corresponds to the length of the access. The start position and end position of the line correspond to the start time and end time of the access, respectively. When an unauthorized access event occurs, abnormal vertical lines can be represented by linear differences or color differences, and further, access time characteristics that are prone to leakage events can be counted.

如图4所示,为一种泄密内容涉密周期访问分析示意图,在该图中,横坐标可以表示涉密周期的时间,纵坐标表示涉密信息每一天中的访问量,具体可以用竖线条来表示,竖线条的长短对应访问量的多少,且纵坐标正半轴可以表示已授权的访问量,负半轴可以表示未授权的访问量,以及还可以按照不同密级周期划分不同区间,如绝密期区间、机密期区间、普密期区间等,其中,每个竖线条还可以具体显示当天的访问统计、如访问量、访客IP(Internet Protocol,网络之间互连的协议)地址等信息。对于纵坐标负半轴出现的访问量竖线条可以用特殊记号标记,表示出现未授权访问事件,以便提示异常。As shown in Figure 4, it is a schematic diagram for the analysis of the periodical access of the leaked content. In this figure, the abscissa can represent the time of the confidential period, and the ordinate represents the amount of access to the confidential information in each day. The length of the vertical line corresponds to the amount of access, and the positive half-axis of the ordinate can represent the amount of authorized access, and the negative half-axis can represent the amount of unauthorized access, and can also be divided into different intervals according to different security levels. For example, the top secret period interval, the confidential period interval, the general secret period interval, etc., among which, each vertical line can also specifically display the visit statistics of the day, such as the number of visits, visitor IP (Internet Protocol, the protocol for interconnection between networks) address, etc. information. The vertical line of the amount of access that appears on the negative half-axis of the ordinate can be marked with a special mark, indicating that an unauthorized access event occurs, so as to prompt an exception.

如图5所示,为一种访问源涉密信息访问分析示意图,在该图中,横坐标可以表示涉密周期的时间,纵坐标可以表示在访问源本地保存的不同涉密信息分别对应的访问量,具体可以用竖线条来表示,竖线条的长短对应访问量的多少,并且纵坐标正半轴可以表示已授权的访问量,负半轴可以表示未授权的访问量,以及还可以标注涉密信息对应的密级周期,如绝密期、机密期、普密期等。对于纵坐标负半轴出现的访问量竖线条可以用特殊记号标记,表示出现未授权访问事件,以便提示异常。As shown in Figure 5, it is a schematic diagram of access analysis of access source secret-related information. In this figure, the abscissa can represent the time of the secret-related cycle, and the ordinate can represent the corresponding secret-related information stored locally in the access source. The number of visits can be represented by vertical lines. The length of the vertical lines corresponds to the number of visits, and the positive half-axis of the ordinate can represent the amount of authorized visits, and the negative half-axis can indicate the amount of unauthorized visits, and can also be marked The period of the secret level corresponding to the classified information, such as top secret period, secret period, general secret period, etc. The vertical line of the amount of access that appears on the negative half-axis of the ordinate can be marked with a special mark, indicating that an unauthorized access event occurs, so as to prompt an exception.

具体地,所述步骤206具体可以包括:根据所述访问时间信息,确定所述泄密事件对应的密级周期信息;根据与所述泄密事件对应的密级周期信息,确定所述泄密事件对应的影响级别信息,例如,当根据未授权访问事件对应的访问时间,确定此时处于绝密期时,这段时间发生泄密事件,其后果很严重,影响级别较高,而当根据未授权访问事件对应的访问时间,确定此时处于普密期时,这段时间发生泄密事件,其后果不算严重,影响级别较低。Specifically, the step 206 may specifically include: determining the security level period information corresponding to the leaking event according to the access time information; determining the impact level corresponding to the leaking event according to the security level period information corresponding to the leaking event Information, for example, when it is determined that it is in the top-secret period according to the access time corresponding to the unauthorized access event, and a leaking event occurs during this time, the consequences are very serious and the impact level is high. When it is determined that it is in the general secret period at this time, and a leak occurs during this time, the consequences are not serious and the impact level is low.

然后根据所述影响级别信息、所述访客信息、所述访问时间信息、所述访问路径信息及所述访问源信息,输出所述泄密事件的泄密原因的分析结果。例如,通过分析得到访问用户的身份信息、利用哪些手段访问到涉密信息、访问涉密信息的时间、访问时的路径、涉密信息的访问源等信息,并输出相应的分析结果,以便将泄密事件及其分析结果自动展现给用户。Then, according to the impact level information, the visitor information, the access time information, the access path information, and the access source information, an analysis result of the leakage cause of the leakage event is output. For example, the identity information of the accessing user, the means used to access the confidential information, the time of accessing the confidential information, the path of the access, the access source of the confidential information and other information are obtained through analysis, and the corresponding analysis results are output, so as to Leak events and their analysis results are automatically presented to users.

进一步地,所述方法还可以包括:获取所述涉密信息在不同密级周期内分别对应的访问量;根据所述访问量,输出所述涉密信息的价值分析结果,以便实现涉密信息价值性分析的需求。Further, the method may further include: acquiring the respective access volumes of the secret-related information in different security-level periods; and outputting the value analysis result of the secret-related information according to the access volume, so as to realize the value of the secret-related information. Sexual analysis needs.

在本发明实施例中,可以获取未授权访问的访问量以及授权访问的访问量,还可以获取涉密信息公开后的被访问量,根据这些被访问量,确定涉密信息的价值,例如,涉密信息在机密期内的访问量大于一定的阈值,其中,该涉密信息在机密期内属于付费访问的阶段,说明大量用户付费访问该涉密信息,进而可以确定该涉密信息的价值性很高,并输出相关的价值分析结果。In this embodiment of the present invention, the number of visits for unauthorized access and the number of visits for authorized access can be obtained, and the number of visits after the disclosure of confidential information can also be obtained. The amount of access to confidential information during the confidential period is greater than a certain threshold. The confidential information belongs to the stage of paid access during the confidential period, indicating that a large number of users pay to access the confidential information, and then the value of the confidential information can be determined. High performance and output relevant value analysis results.

进一步地,在本发明实施例中,还可以统计不同涉密信息分别对应的访问量,并输出涉密信息访问量分析图,具体以气泡图的形式进行显示,每个气泡对应一个涉密信息的访问量,其中还可以显示授权访问和非授权访问的占比等信息,以便根据该涉密信息访问量监视图,分析得到不同涉密信息分别对应的价值性。Further, in this embodiment of the present invention, it is also possible to count the access volumes corresponding to different secret-related information, and output an analysis graph of access volume of secret-related information, which is specifically displayed in the form of a bubble graph, and each bubble corresponds to one secret-related information. It can also display information such as the proportion of authorized access and unauthorized access, so as to analyze and obtain the corresponding value of different confidential information according to the monitoring graph of the access volume of confidential information.

例如,如图6所示,为一种涉密信息访问量分析示意图,在该图中,有关“T主楼设计方案”的涉密信息,其访问量是2675398,其中,未授权访问量占13.15%。For example, as shown in Figure 6, it is a schematic diagram of the analysis of the amount of access to confidential information. In this figure, the amount of access to the confidential information related to "T main building design plan" is 2,675,398, of which unauthorized access accounts for 13.15%. %.

进一步地,所述方法还可以包括:统计发生泄密事件的不同涉密信息分别对应的文件格式信息,其中,所述文件格式信息可以包括word文件格式、excel文件格式、pdf文件格式;根据所述文件格式信息对应的涉密信息数量,输出不同文件格式信息分别对应的泄密容易度的分析结果,以便用户根据该分析结果加强相应防范措施。例如,根据统计结果,dwg格式的文件中出现泄密事件的比例较大,说明该格式的涉密信息文件容易被泄露。Further, the method may further include: counting the file format information corresponding to different secret-related information in which a leak event occurs, wherein the file format information may include word file format, excel file format, and pdf file format; according to the The amount of confidential information corresponding to the file format information, and output the analysis results of the leakage ease corresponding to different file format information, so that users can strengthen corresponding preventive measures according to the analysis results. For example, according to the statistical results, the proportion of leakage incidents in files in dwg format is relatively large, indicating that confidential information files in this format are easily leaked.

本发明实施例提供的另一种涉密信息的分析方法,首先获取涉密信息对应的涉密周期信息;然后根据所述涉密周期信息,对所述涉密信息进行分析;当所述涉密信息在涉密周期内出现未授权访问事件时,确定发生泄密事件;根据与所述未授权访问事件对应的访问信息,输出所述泄密事件的泄密原因的分析结果。与目前通过人工方式主动去查询涉密信息发生泄密事件的泄密原因相比,本发明根据涉密信息所在的涉密周期,对涉密信息进行分析,从分析得到的结果中,得到发生泄密事件的原因并可以自动展现给用户,可以实现泄密原因的自动分析,无需用户对海量的数据进行一一甄别,可以提高查询泄密原因的效率,并且当涉密信息在涉密周期内出现未授权访问事件时,确定发生泄密事件,可以实现及时通知用户涉密信息已经发生了泄密事件,进而可以及时进行有效拦截。Another method for analyzing secret-related information provided by the embodiment of the present invention first obtains secret-related period information corresponding to secret-related information; then analyzes the secret-related information according to the secret-related period information; When an unauthorized access event occurs in the confidential information during the confidential period, it is determined that a leakage event occurs; according to the access information corresponding to the unauthorized access event, an analysis result of the leakage cause of the confidential information leakage event is output. Compared with the current manual method to actively inquire about the leakage cause of the leakage incident of the secret-related information, the present invention analyzes the secret-related information according to the period of the secret-related information in which the secret-related information is located, and obtains the leakage incident from the results obtained from the analysis. The reason of the leak can be automatically displayed to the user, which can realize the automatic analysis of the leak cause, without the need for the user to screen the massive data one by one, which can improve the efficiency of querying the leak cause, and when the confidential information is unauthorized access during the confidential period In the event of an incident, it is determined that a leaking incident has occurred, so that the user can be notified in time that a leaking incident has occurred in the confidential information, and then effective interception can be carried out in a timely manner.

进一步地,作为图1所述方法的具体实现,本发明实施例提供了一种涉密信息的分析装置,如图7所示,所述装置包括:获取单元71、分析单元72、确定单元73、输出单元74。Further, as a specific implementation of the method described in FIG. 1 , an embodiment of the present invention provides an apparatus for analyzing classified information. As shown in FIG. 7 , the apparatus includes: an acquisition unit 71 , an analysis unit 72 , and a determination unit 73 , the output unit 74 .

所述获取单元71,可以用于获取涉密信息对应的涉密周期信息。The obtaining unit 71 may be configured to obtain the secret-related period information corresponding to the secret-related information.

所述分析单元72,可以用于根据所述获取单元71获取的涉密周期信息,对所述涉密信息进行分析。The analyzing unit 72 may be configured to analyze the secret-related information according to the secret-related period information obtained by the obtaining unit 71 .

所述确定单元73,可以用于当所述涉密信息在涉密周期内出现未授权访问事件时,确定发生泄密事件。The determining unit 73 may be configured to determine that a secret leakage event occurs when an unauthorized access event occurs to the secret-related information within the secret-related period.

所述输出单元74,可以用于根据与所述未授权访问事件对应的访问信息,输出所述泄密事件的泄密原因的分析结果。The output unit 74 may be configured to output the analysis result of the leakage cause of the leakage event according to the access information corresponding to the unauthorized access event.

需要说明的是,本发明实施例提供的一种涉密信息的分析装置所涉及各功能单元的其他相应描述,可以参考图1中的对应描述,在此不再赘述。It should be noted that, for other corresponding descriptions of the functional units involved in the apparatus for analyzing classified information provided by the embodiment of the present invention, reference may be made to the corresponding descriptions in FIG. 1 , and details are not repeated here.

本发明实施例提供的一种涉密信息的分析装置,首先获取涉密信息对应的涉密周期信息;然后根据所述涉密周期信息,对所述涉密信息进行分析;当所述涉密信息在涉密周期内出现未授权访问事件时,确定发生泄密事件;根据与所述未授权访问事件对应的访问信息,输出所述泄密事件的泄密原因的分析结果。与目前通过人工方式主动去查询涉密信息发生泄密事件的泄密原因相比,本发明根据涉密信息所在的涉密周期,对涉密信息进行分析,从分析得到的结果中,得到发生泄密事件的原因并可以自动展现给用户,可以实现泄密原因的自动分析,无需用户对海量的数据进行一一甄别,可以提高查询泄密原因的效率,并且当涉密信息在涉密周期内出现未授权访问事件时,确定发生泄密事件,可以实现及时通知用户涉密信息已经发生了泄密事件,进而可以及时进行有效拦截。An apparatus for analyzing secret-related information provided by an embodiment of the present invention first obtains secret-related period information corresponding to secret-related information; then analyzes the secret-related information according to the secret-related period information; When an unauthorized access event occurs in the information during the confidential period, it is determined that a leakage event occurs; according to the access information corresponding to the unauthorized access event, an analysis result of the leakage cause of the leakage event is output. Compared with the current manual method to actively inquire about the leakage cause of the leakage incident of the secret-related information, the present invention analyzes the secret-related information according to the period of the secret-related information in which the secret-related information is located, and obtains the leakage incident from the results obtained from the analysis. The reason of the leak can be automatically displayed to the user, which can realize the automatic analysis of the leak cause, without the need for the user to screen the massive data one by one, which can improve the efficiency of querying the leak cause, and when the confidential information is unauthorized access during the confidential period In the event of an incident, it is determined that a leaking incident has occurred, so that the user can be notified in time that a leaking incident has occurred in the confidential information, and then effective interception can be carried out in a timely manner.

进一步地,作为图2所述方法的具体实现,本发明实施例提供了另一种涉密信息的分析装置,如图8所示,所述装置包括:获取单元81、分析单元82、确定单元83、输出单元84。Further, as a specific implementation of the method described in FIG. 2 , an embodiment of the present invention provides another apparatus for analyzing classified information. As shown in FIG. 8 , the apparatus includes: an acquisition unit 81 , an analysis unit 82 , and a determination unit 83. Output unit 84.

所述获取单元81,可以用于获取涉密信息对应的涉密周期信息。The obtaining unit 81 may be configured to obtain the secret-related period information corresponding to the secret-related information.

所述分析单元82,可以用于根据所述获取单元81获取的涉密周期信息,对所述涉密信息进行分析。The analyzing unit 82 may be configured to analyze the secret-related information according to the secret-related period information obtained by the obtaining unit 81 .

所述确定单元83,可以用于当所述涉密信息在涉密周期内出现未授权访问事件时,确定发生泄密事件。The determining unit 83 may be configured to determine that a secret leakage event occurs when an unauthorized access event occurs to the secret-related information within the secret-related period.

所述输出单元84,可以用于根据与所述未授权访问事件对应的访问信息,输出所述泄密事件的泄密原因的分析结果。The output unit 84 may be configured to output an analysis result of the leakage cause of the leakage event according to the access information corresponding to the unauthorized access event.

可选地,所述访问信息中包含访客信息、访问时间信息、访问路径信息及访问源信息。Optionally, the access information includes visitor information, access time information, access path information and access source information.

可选地,所述涉密周期信息中包含一种或多种密级周期信息。Optionally, the secret-related period information includes one or more types of secret-level period information.

具体地,所述输出单元84包括:确定模块841、输出模块842。Specifically, the output unit 84 includes: a determination module 841 and an output module 842 .

所述确定模块841,可以用于根据所述访问时间信息,确定所述泄密事件对应的密级周期信息。The determining module 841 may be configured to determine, according to the access time information, the security level period information corresponding to the leaking event.

所述确定模块841,还可以用于根据与所述泄密事件对应的密级周期信息,确定所述泄密事件对应的影响级别信息。The determining module 841 may also be configured to determine the impact level information corresponding to the leaking event according to the security level period information corresponding to the leaking event.

所述输出模块842,可以用于根据所述影响级别信息、所述访客信息、所述访问时间信息、所述访问路径信息及所述访问源信息,输出所述泄密事件的泄密原因的分析结果。The output module 842 can be configured to output the analysis result of the leakage cause of the leakage event according to the impact level information, the visitor information, the access time information, the access path information and the access source information .

所述获取单元81,还可以用于获取所述涉密信息在不同密级周期内分别对应的访问量。The obtaining unit 81 may also be configured to obtain the respective access amounts of the secret-related information in different secret-level periods.

所述输出单元84,还可以用于根据所述获取单元81获取的访问量,输出所述涉密信息的价值分析结果。The output unit 84 may also be configured to output the value analysis result of the secret-related information according to the amount of visits obtained by the obtaining unit 81 .

进一步地,所述装置还包括:匹配单元85。Further, the apparatus further includes: a matching unit 85 .

所述匹配单元85,可以用于根据预置行业规则库中的特征规则,对行业数据进行匹配,所述预置行业规则库中保存有不同行业的涉密信息分别对应的特征规则。The matching unit 85 may be configured to match the industry data according to the feature rules in the preset industry rule base, which stores the feature rules corresponding to the confidential information of different industries respectively.

所述确定单元83,还可以用于将与所述特征规则匹配成功的行业数据确定为涉密信息。The determining unit 83 may also be configured to determine the industry data that is successfully matched with the feature rule as confidential information.

所述获取单元81,具体可以用于获取确定的所述涉密信息对应的涉密周期信息。The obtaining unit 81 may be specifically configured to obtain the secret-related period information corresponding to the determined secret-related information.

进一步地,所述装置还包括:统计单元86。Further, the apparatus further includes: a statistical unit 86 .

所述统计单元86,可以用于统计发生泄密事件的不同涉密信息分别对应的文件格式信息。The statistics unit 86 may be configured to count the file format information corresponding to different secret-related information in which a leak event occurs.

所述输出单元84,还可以用于根据所述统计单元86统计的文件格式信息对应的涉密信息数量,输出不同文件格式信息分别对应的泄密容易度的分析结果。The output unit 84 may also be configured to output the analysis results of the ease of leaking corresponding to different file format information according to the number of secret-related information corresponding to the file format information counted by the statistics unit 86 .

所述确定单元83,还可以用于当所述涉密信息在涉密周期内出现异常存储事件时,确定发生泄密事件。The determining unit 83 may also be configured to determine that a secret leakage event occurs when an abnormal storage event occurs in the secret-related information within the secret-related period.

所述输出单元84,还可以用于根据与所述异常存储事件对应的存储位置信息和存储时间信息,输出所述泄密事件的泄密原因的分析结果。The output unit 84 may also be configured to output an analysis result of the leakage cause of the leakage event according to the storage location information and storage time information corresponding to the abnormal storage event.

所述确定单元83,还可以用于当所述涉密信息在涉密周期内出现异常传递事件时,确定发生泄密事件。The determining unit 83 may also be configured to determine that a secret leakage event occurs when an abnormal transmission event occurs in the secret-related information within the secret-related period.

所述输出单元84,还可以用于根据与所述异常传递事件对应的传递路径信息、传递方式信息及传递时间信息,输出所述泄密事件的泄密原因的分析结果。The output unit 84 may also be configured to output an analysis result of the leakage cause of the leakage event according to the delivery path information, delivery method information and delivery time information corresponding to the abnormal delivery event.

所述输出单元84,还可以用于输出发生泄密事件的告警信息。The output unit 84 may also be used to output alarm information of a leaking event.

需要说明的是,本发明实施例提供的另一种涉密信息的分析装置所涉及各功能单元的其他相应描述,可以参考图2中的对应描述,在此不再赘述。It should be noted that, for other corresponding descriptions of the functional units involved in another apparatus for analyzing classified information provided by the embodiment of the present invention, reference may be made to the corresponding descriptions in FIG. 2 , which will not be repeated here.

本发明实施例提供的另一种涉密信息的分析装置,首先获取涉密信息对应的涉密周期信息;然后根据所述涉密周期信息,对所述涉密信息进行分析;当所述涉密信息在涉密周期内出现未授权访问事件时,确定发生泄密事件;根据与所述未授权访问事件对应的访问信息,输出所述泄密事件的泄密原因的分析结果。与目前通过人工方式主动去查询涉密信息发生泄密事件的泄密原因相比,本发明根据涉密信息所在的涉密周期,对涉密信息进行分析,从分析得到的结果中,得到发生泄密事件的原因并可以自动展现给用户,可以实现泄密原因的自动分析,无需用户对海量的数据进行一一甄别,可以提高查询泄密原因的效率,并且当涉密信息在涉密周期内出现未授权访问事件时,确定发生泄密事件,可以实现及时通知用户涉密信息已经发生了泄密事件,进而可以及时进行有效拦截。Another apparatus for analyzing secret-related information provided by an embodiment of the present invention first obtains secret-related period information corresponding to secret-related information; then analyzes the secret-related information according to the secret-related period information; When an unauthorized access event occurs in the confidential information during the confidential period, it is determined that a leakage event occurs; according to the access information corresponding to the unauthorized access event, an analysis result of the leakage cause of the confidential information leakage event is output. Compared with the current manual method to actively inquire about the leakage cause of the leakage incident of the confidential information, the present invention analyzes the confidential information according to the confidential period in which the confidential information is located, and obtains the leakage incident from the results obtained from the analysis. The reason of the leak can be automatically displayed to the user, which can realize the automatic analysis of the leak cause, without the need for the user to screen the massive data one by one, which can improve the efficiency of querying the leak cause, and when the confidential information is unauthorized access during the confidential period In the event of an incident, it is determined that a leaking incident has occurred, so that the user can be notified in time that a leaking incident has occurred in the confidential information, and then effective interception can be carried out in a timely manner.

在上述实施例中,对各个实施例的描述都各有侧重,某个实施例中没有详述的部分,可以参见其他实施例的相关描述。In the above-mentioned embodiments, the description of each embodiment has its own emphasis. For parts that are not described in detail in a certain embodiment, reference may be made to the relevant descriptions of other embodiments.

可以理解的是,上述方法及装置中的相关特征可以相互参考。另外,上述实施例中的“第一”、“第二”等是用于区分各实施例,而并不代表各实施例的优劣。It can be understood that the relevant features in the above-mentioned methods and apparatuses may refer to each other. In addition, "first", "second", etc. in the above-mentioned embodiments are used to distinguish each embodiment, and do not represent the advantages and disadvantages of each embodiment.

所属领域的技术人员可以清楚地了解到,为描述的方便和简洁,上述描述的系统,装置和单元的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。Those skilled in the art can clearly understand that, for the convenience and brevity of description, the specific working process of the system, device and unit described above may refer to the corresponding process in the foregoing method embodiments, which will not be repeated here.

在此提供的算法和显示不与任何特定计算机、虚拟系统或者其它设备固有相关。各种通用系统也可以与基于在此的示教一起使用。根据上面的描述,构造这类系统所要求的结构是显而易见的。此外,本发明也不针对任何特定编程语言。应当明白,可以利用各种编程语言实现在此描述的本发明的内容,并且上面对特定语言所做的描述是为了披露本发明的最佳实施方式。The algorithms and displays provided herein are not inherently related to any particular computer, virtual system, or other device. Various general-purpose systems can also be used with teaching based on this. The structure required to construct such a system is apparent from the above description. Furthermore, the present invention is not directed to any particular programming language. It is to be understood that various programming languages may be used to implement the inventions described herein, and that the descriptions of specific languages above are intended to disclose the best mode for carrying out the invention.

在此处所提供的说明书中,说明了大量具体细节。然而,能够理解,本发明的实施例可以在没有这些具体细节的情况下实践。在一些实例中,并未详细示出公知的方法、结构和技术,以便不模糊对本说明书的理解。In the description provided herein, numerous specific details are set forth. It will be understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.

类似地,应当理解,为了精简本公开并帮助理解各个发明方面中的一个或多个,在上面对本发明的示例性实施例的描述中,本发明的各个特征有时被一起分组到单个实施例、图、或者对其的描述中。然而,并不应将该公开的方法解释成反映如下意图:即所要求保护的本发明要求比在每个权利要求中所明确记载的特征更多的特征。更确切地说,如下面的权利要求书所反映的那样,发明方面在于少于前面公开的单个实施例的所有特征。因此,遵循具体实施方式的权利要求书由此明确地并入该具体实施方式,其中每个权利要求本身都作为本发明的单独实施例。Similarly, it is to be understood that in the above description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together into a single embodiment, figure, or its description. This disclosure, however, should not be construed as reflecting an intention that the invention as claimed requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the Detailed Description are hereby expressly incorporated into this Detailed Description, with each claim standing on its own as a separate embodiment of this invention.

本领域那些技术人员可以理解,可以对实施例中的设备中的模块进行自适应性地改变并且把它们设置在与该实施例不同的一个或多个设备中。可以把实施例中的模块或单元或组件组合成一个模块或单元或组件,以及此外可以把它们分成多个子模块或子单元或子组件。除了这样的特征和/或过程或者单元中的至少一些是相互排斥之外,可以采用任何组合对本说明书(包括伴随的权利要求、摘要和附图)中公开的所有特征以及如此公开的任何方法或者设备的所有过程或单元进行组合。除非另外明确陈述,本说明书(包括伴随的权利要求、摘要和附图)中公开的每个特征可以由提供相同、等同或相似目的的替代特征来代替。Those skilled in the art will understand that the modules in the device in the embodiment can be adaptively changed and arranged in one or more devices different from the embodiment. The modules or units or components in the embodiments may be combined into one module or unit or component, and further they may be divided into multiple sub-modules or sub-units or sub-assemblies. All features disclosed in this specification (including accompanying claims, abstract and drawings) and any method so disclosed may be employed in any combination, unless at least some of such features and/or procedures or elements are mutually exclusive. All processes or units of equipment are combined. Each feature disclosed in this specification (including accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.

此外,本领域的技术人员能够理解,尽管在此所述的一些实施例包括其它实施例中所包括的某些特征而不是其它特征,但是不同实施例的特征的组合意味着处于本发明的范围之内并且形成不同的实施例。例如,在下面的权利要求书中,所要求保护的实施例的任意之一都可以以任意的组合方式来使用。Furthermore, those skilled in the art will appreciate that although some of the embodiments described herein include certain features, but not others, included in other embodiments, that combinations of features of different embodiments are intended to be within the scope of the invention within and form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.

本发明的各个部件实施例可以以硬件实现,或者以在一个或者多个处理器上运行的软件模块实现,或者以它们的组合实现。本领域的技术人员应当理解,可以在实践中使用微处理器或者数字信号处理器(DSP)来实现根据本发明实施例的一种涉密信息的分析方法及装置中的一些或者全部部件的一些或者全部功能。本发明还可以实现为用于执行这里所描述的方法的一部分或者全部的设备或者装置程序(例如,计算机程序和计算机程序产品)。这样的实现本发明的程序可以存储在计算机可读介质上,或者可以具有一个或者多个信号的形式。这样的信号可以从因特网网站上下载得到,或者在载体信号上提供,或者以任何其他形式提供。Various component embodiments of the present invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art should understand that a microprocessor or a digital signal processor (DSP) may be used in practice to implement some or all of the components in a method and apparatus for analyzing classified information according to the embodiments of the present invention or full functionality. The present invention can also be implemented as apparatus or apparatus programs (eg, computer programs and computer program products) for performing part or all of the methods described herein. Such a program implementing the present invention may be stored on a computer-readable medium, or may be in the form of one or more signals. Such signals may be downloaded from Internet sites, or provided on carrier signals, or in any other form.

应该注意的是上述实施例对本发明进行说明而不是对本发明进行限制,并且本领域技术人员在不脱离所附权利要求的范围的情况下可设计出替换实施例。在权利要求中,不应将位于括号之间的任何参考符号构造成对权利要求的限制。单词“包含”不排除存在未列在权利要求中的元件或步骤。位于元件之前的单词“一”或“一个”不排除存在多个这样的元件。本发明可以借助于包括有若干不同元件的硬件以及借助于适当编程的计算机来实现。在列举了若干装置的单元权利要求中,这些装置中的若干个可以是通过同一个硬件项来具体体现。单词第一、第二、以及第三等的使用不表示任何顺序。可将这些单词解释为名称。It should be noted that the above-described embodiments illustrate rather than limit the invention, and that alternative embodiments may be devised by those skilled in the art without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention can be implemented by means of hardware comprising several different elements and by means of a suitably programmed computer. In a unit claim enumerating several means, several of these means may be embodied by one and the same item of hardware. The use of the words first, second, and third, etc. do not denote any order. These words can be interpreted as names.

Claims (14)

1.一种涉密信息的分析方法,其特征在于,包括:1. an analysis method of confidential information, is characterized in that, comprises: 根据预置行业规则库中的特征规则,对行业数据进行匹配,所述预置行业规则库中保存有不同行业的涉密信息分别对应的特征规则;Matching industry data according to the feature rules in the preset industry rule base, where the preset industry rule base stores the feature rules corresponding to the confidential information of different industries respectively; 将与所述特征规则匹配成功的行业数据确定为涉密信息;Determine the industry data that successfully matches the feature rule as confidential information; 获取涉密信息对应的涉密周期信息,包括:获取确定的所述涉密信息对应的涉密周期信息;Obtaining the secret-related period information corresponding to the secret-related information includes: obtaining the secret-related period information corresponding to the determined secret-related information; 根据所述涉密周期信息,对所述涉密信息进行分析;analyzing the secret-related information according to the secret-related period information; 当所述涉密信息在涉密周期内出现异常存储事件时,确定发生泄密事件;When an abnormal storage event occurs in the confidential information within the confidential period, it is determined that a leakage event occurs; 根据与所述异常存储事件对应的存储位置信息和存储时间信息,输出所述泄密事件的泄密原因的分析结果;According to the storage location information and storage time information corresponding to the abnormal storage event, output the analysis result of the leakage cause of the leakage event; 当所述涉密信息在涉密周期内出现未授权访问事件时,确定发生泄密事件;When an unauthorized access event occurs to the classified information within the classified information period, it is determined that a leakage event occurs; 根据与所述未授权访问事件对应的访问信息,输出所述泄密事件的泄密原因的分析结果,具体包括:According to the access information corresponding to the unauthorized access event, output the analysis result of the leakage cause of the leakage event, specifically including: 以横坐标表示涉密周期的每一天和以纵坐标表示一天中的具体时刻;The abscissa represents each day of the confidential period and the ordinate represents the specific moment of the day; 记录访问源的涉密信息一天被访问时的时间段,具体包括:以竖线条长短对应访问时长,竖线条的起始位置和终止位置分别对应访问的起始时间和终止时间;Record the time period when the confidential information of the access source is accessed in one day, specifically including: the length of the vertical line corresponds to the length of the access, and the starting position and ending position of the vertical line correspond to the starting time and ending time of the access respectively; 当发生未授权访问事件时,通过线形差异或颜色差异的方式以表示出现异样的竖线条,所述异样的竖线条用于统计容易发生泄密事件的访问时间特征。When an unauthorized access event occurs, an unusual vertical line is represented by a linear difference or a color difference, and the unusual vertical line is used to count access time characteristics that are prone to leaking events. 2.根据权利要求1所述的涉密信息的分析方法,其特征在于,所述访问信息中包含访客信息、访问时间信息、访问路径信息及访问源信息。2 . The method for analyzing confidential information according to claim 1 , wherein the access information includes visitor information, access time information, access path information and access source information. 3 . 3.根据权利要求2所述的涉密信息的分析方法,其特征在于,所述涉密周期信息中包含一种或多种密级周期信息,所述根据与所述未授权访问事件对应的访问信息,输出所述泄密事件的泄密原因的分析结果包括:3. The method for analyzing secret-related information according to claim 2, wherein the secret-related period information includes one or more types of secret-level period information. information, and output the analysis result of the leaking cause of the leaking event including: 根据所述访问时间信息,确定所述泄密事件对应的密级周期信息;According to the access time information, determine the security level period information corresponding to the leaking event; 根据与所述泄密事件对应的密级周期信息,确定所述泄密事件对应的影响级别信息;determining the impact level information corresponding to the leaking event according to the secret level period information corresponding to the leaking event; 根据所述影响级别信息、所述访客信息、所述访问时间信息、所述访问路径信息及所述访问源信息,输出所述泄密事件的泄密原因的分析结果。According to the impact level information, the visitor information, the access time information, the access path information, and the access source information, an analysis result of the leakage cause of the leakage event is output. 4.根据权利要求3所述的涉密信息的分析方法,其特征在于,所述方法还包括:4. The method for analyzing classified information according to claim 3, wherein the method further comprises: 获取所述涉密信息在不同密级周期内分别对应的访问量;Acquiring the respective access volumes of the secret-related information in different secret-level periods; 根据所述访问量,输出所述涉密信息的价值分析结果。According to the amount of visits, the value analysis result of the confidential information is output. 5.根据权利要求1所述的涉密信息的分析方法,其特征在于,所述方法还包括:5. The method for analyzing classified information according to claim 1, wherein the method further comprises: 统计发生泄密事件的不同涉密信息分别对应的文件格式信息;Statistical file format information corresponding to different secret-related information in the event of a leak; 根据所述文件格式信息对应的涉密信息数量,输出不同文件格式信息分别对应的泄密容易度的分析结果。According to the quantity of secret-related information corresponding to the file format information, the analysis results of the degree of leakage of secrets corresponding to different file format information respectively are output. 6.根据权利要求1所述的涉密信息的分析方法,其特征在于,所述根据所述涉密周期信息,对所述涉密信息进行分析之后,所述方法还包括:6 . The method for analyzing classified information according to claim 1 , wherein after analyzing the classified information according to the classified periodic information, the method further comprises: 6 . 当所述涉密信息在涉密周期内出现异常传递事件时,确定发生泄密事件;When an abnormal transmission event occurs in the confidential information within the confidential period, it is determined that a leakage event occurs; 根据与所述异常传递事件对应的传递路径信息、传递方式信息及传递时间信息,输出所述泄密事件的泄密原因的分析结果。According to the delivery path information, delivery method information and delivery time information corresponding to the abnormal delivery event, an analysis result of the leakage cause of the leakage event is output. 7.根据权利要求1所述的涉密信息的分析方法,其特征在于,所述确定发生泄密事件之后,所述方法还包括:7. The method for analyzing classified information according to claim 1, characterized in that, after said determining that a leakage event occurs, the method further comprises: 输出发生泄密事件的告警信息。Output the alarm information of the leakage event. 8.一种涉密信息的分析装置,其特征在于,包括:8. A device for analyzing classified information, comprising: 匹配单元,用于根据预置行业规则库中的特征规则,对行业数据进行匹配,所述预置行业规则库中保存有不同行业的涉密信息分别对应的特征规则;a matching unit, configured to match industry data according to feature rules in a preset industry rule base, where the preset industry rule base stores feature rules corresponding to secret-related information of different industries; 确定单元,还用于将与所述特征规则匹配成功的行业数据确定为涉密信息;The determining unit is further configured to determine the industry data that is successfully matched with the feature rule as confidential information; 获取单元,用于获取涉密信息对应的涉密周期信息,具体用于获取确定的所述涉密信息对应的涉密周期信息;an obtaining unit, configured to obtain the secret-related period information corresponding to the secret-related information, and is specifically configured to obtain the secret-related period information corresponding to the determined secret-related information; 分析单元,用于根据所述获取单元获取的涉密周期信息,对所述涉密信息进行分析;an analysis unit, configured to analyze the secret-related information according to the secret-related period information obtained by the obtaining unit; 所述确定单元,还用于当所述涉密信息在涉密周期内出现异常存储事件时,确定发生泄密事件;The determining unit is further configured to determine that a leaking event occurs when an abnormal storage event occurs in the secret-related information within the secret-related period; 输出单元,还用于根据与所述异常存储事件对应的存储位置信息和存储时间信息,输出所述泄密事件的泄密原因的分析结果;an output unit, further configured to output an analysis result of the leakage cause of the leakage event according to the storage location information and storage time information corresponding to the abnormal storage event; 所述确定单元,还用于当所述涉密信息在涉密周期内出现未授权访问事件时,确定发生泄密事件;The determining unit is further configured to determine that a leaking event occurs when an unauthorized access event occurs to the secret-related information within the secret-related period; 所述输出单元,用于根据与所述未授权访问事件对应的访问信息,输出所述泄密事件的泄密原因的分析结果,具体包括:The output unit is configured to output the analysis result of the leakage cause of the leakage event according to the access information corresponding to the unauthorized access event, specifically including: 以横坐标表示涉密周期的每一天和以纵坐标表示一天中的具体时刻;The abscissa represents each day of the confidential period and the ordinate represents the specific moment of the day; 记录访问源的涉密信息一天被访问时的时间段,具体包括:以竖线条长短对应访问时长,竖线条的起始位置和终止位置分别对应访问的起始时间和终止时间;Record the time period when the confidential information of the access source is accessed in one day, specifically including: the length of the vertical line corresponds to the length of the access, and the starting position and ending position of the vertical line correspond to the starting time and ending time of the access respectively; 当发生未授权访问事件时,通过线形差异或颜色差异的方式以表示出现异样的竖线条,所述异样的竖线条用于统计容易发生泄密事件的访问时间特征。When an unauthorized access event occurs, an unusual vertical line is represented by a linear difference or a color difference, and the unusual vertical line is used to count access time characteristics that are prone to leaking events. 9.根据权利要求8所述的涉密信息的分析装置,其特征在于,所述访问信息中包含访客信息、访问时间信息、访问路径信息及访问源信息。9 . The apparatus for analyzing confidential information according to claim 8 , wherein the access information includes visitor information, access time information, access path information and access source information. 10 . 10.根据权利要求9所述的涉密信息的分析装置,其特征在于,所述涉密周期信息中包含一种或多种密级周期信息,所述输出单元包括:10 . The apparatus for analyzing classified information according to claim 9 , wherein the classified period information includes one or more types of classified period information, and the output unit comprises: 10 . 确定模块,用于根据所述访问时间信息,确定所述泄密事件对应的密级周期信息;a determining module, configured to determine the security level period information corresponding to the leaking event according to the access time information; 所述确定模块,还用于根据与所述泄密事件对应的密级周期信息,确定所述泄密事件对应的影响级别信息;The determining module is further configured to determine the impact level information corresponding to the leaking event according to the secret level period information corresponding to the leaking event; 输出模块,用于根据所述影响级别信息、所述访客信息、所述访问时间信息、所述访问路径信息及所述访问源信息,输出所述泄密事件的泄密原因的分析结果。An output module, configured to output an analysis result of the leakage cause of the leakage event according to the impact level information, the visitor information, the access time information, the access path information and the access source information. 11.根据权利要求10所述的涉密信息的分析装置,其特征在于,11. The apparatus for analyzing classified information according to claim 10, characterized in that: 所述获取单元,还用于获取所述涉密信息在不同密级周期内分别对应的访问量;The obtaining unit is further configured to obtain the respective access amounts of the secret-related information in different secret-level periods; 所述输出单元,还用于根据所述获取单元获取的访问量,输出所述涉密信息的价值分析结果。The output unit is further configured to output the value analysis result of the secret-related information according to the amount of visits obtained by the obtaining unit. 12.根据权利要求8所述的涉密信息的分析装置,其特征在于,所述装置还包括:统计单元;12. The apparatus for analyzing classified information according to claim 8, wherein the apparatus further comprises: a statistical unit; 所述统计单元,用于统计发生泄密事件的不同涉密信息分别对应的文件格式信息;The statistical unit is used to count the file format information corresponding to different secret-related information in which the leaking event occurs; 所述输出单元,还用于根据所述统计单元统计的文件格式信息对应的涉密信息数量,输出不同文件格式信息分别对应的泄密容易度的分析结果。The output unit is further configured to output an analysis result of the ease of leakage corresponding to different file format information according to the amount of secret-related information corresponding to the file format information counted by the statistics unit. 13.根据权利要求8所述的涉密信息的分析装置,其特征在于,13. The apparatus for analyzing classified information according to claim 8, characterized in that: 所述确定单元,还用于当所述涉密信息在涉密周期内出现异常传递事件时,确定发生泄密事件;The determining unit is further configured to determine that a leaking event occurs when an abnormal transmission event occurs in the secret-related information within the secret-related period; 所述输出单元,还用于根据与所述异常传递事件对应的传递路径信息、传递方式信息及传递时间信息,输出所述泄密事件的泄密原因的分析结果。The output unit is further configured to output an analysis result of the leakage cause of the leakage event according to the delivery path information, delivery method information and delivery time information corresponding to the abnormal delivery event. 14.根据权利要求8所述的涉密信息的分析装置,其特征在于,14. The apparatus for analyzing classified information according to claim 8, characterized in that: 所述输出单元,还用于输出发生泄密事件的告警信息。The output unit is further configured to output the alarm information of the leakage event.
CN201610877674.9A 2016-09-30 2016-09-30 Method and device for analyzing classified information Active CN106650432B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610877674.9A CN106650432B (en) 2016-09-30 2016-09-30 Method and device for analyzing classified information

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610877674.9A CN106650432B (en) 2016-09-30 2016-09-30 Method and device for analyzing classified information

Publications (2)

Publication Number Publication Date
CN106650432A CN106650432A (en) 2017-05-10
CN106650432B true CN106650432B (en) 2020-11-10

Family

ID=58854729

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610877674.9A Active CN106650432B (en) 2016-09-30 2016-09-30 Method and device for analyzing classified information

Country Status (1)

Country Link
CN (1) CN106650432B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111353174B (en) * 2020-03-16 2021-06-11 杭州康晟健康管理咨询有限公司 Private customer information management system and method for medical institution

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8356358B2 (en) * 2009-12-04 2013-01-15 Altera Corporation Preventing information leakage between components on a programmable chip in the presence of faults
CN102185867A (en) * 2011-05-19 2011-09-14 苏州九州安华信息安全技术有限公司 Method for realizing network security and star network
JP2013031151A (en) * 2011-06-20 2013-02-07 Renesas Electronics Corp Encryption communication system and encryption communication method
CN102436599A (en) * 2011-10-28 2012-05-02 中国舰船研究设计中心 Secret determination information accounting method based on cascade secret determination information synchronous processing system
US8627455B1 (en) * 2012-06-14 2014-01-07 Kabushiki Kaisha Toshiba Manufacturing method of a memory device to be authenticated
US8650398B2 (en) * 2012-06-14 2014-02-11 Kabushiki Kaisha Toshiba Device authentication using restricted memory
CN102819604B (en) * 2012-08-20 2015-06-10 徐亮 Method for retrieving confidential information of file and judging and marking security classification based on content correlation
CN103902917B (en) * 2012-12-27 2017-04-12 北京中船信息科技有限公司 Full-view monitoring method for access range and motion trails of cross-domain files
CN103164515B (en) * 2013-03-01 2015-03-25 傅如毅 Computer system confidential file knowledge base searching method
JP2014206967A (en) * 2013-03-18 2014-10-30 株式会社Genusion Storage device

Also Published As

Publication number Publication date
CN106650432A (en) 2017-05-10

Similar Documents

Publication Publication Date Title
US11755770B2 (en) Dynamic management of data with context-based processing
CN106487775B (en) Service data processing method and device based on cloud platform
US8868728B2 (en) Systems and methods for detecting and investigating insider fraud
US11244270B2 (en) Systems, structures, and processes for interconnected devices and risk management
CN105183625B (en) A kind of daily record data treating method and apparatus
Kindervag et al. No more chewy centers: The zero trust model of information security
JP2019013009A (en) Automatic fraudulent digital certificate detection
Kim et al. Data governance framework for big data implementation with a case of Korea
CN105049228A (en) Method and apparatus for auditing operation and maintenance operation
US20220038486A1 (en) Method and system for determining cybersecurity maturity
CN113792308A (en) Government affair sensitive data oriented security behavior risk analysis method
Mantelero et al. The common EU approach to personal data and cybersecurity regulation
CN106485144A (en) The analysis method of classified information and device
CN108390778A (en) A kind of computer network security prior-warning device
CN106650432B (en) Method and device for analyzing classified information
Dorigo Security information and event management
CN106355089A (en) Secret-associated information analysis method and device
AlSalamah Security risk management in online system
CN108494797A (en) Data monitoring and managing method, system, equipment and storage medium based on virtualization technology
Mogull Understanding and selecting a database activity monitoring solution
Cram Data security and quality
Al Kinoon A Comprehensive and Comparative Examination of Healthcare Data Breaches: Assessing Security, Privacy, and Performance
US20250023888A1 (en) Data devaluation through smart contracts
US20240420161A1 (en) Generative AI business insight report using LLMs
Horan Open-source intelligence investigations: Development and application of efficient tools

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant