CN106650432B - Method and device for analyzing confidential information - Google Patents
Method and device for analyzing confidential information Download PDFInfo
- Publication number
- CN106650432B CN106650432B CN201610877674.9A CN201610877674A CN106650432B CN 106650432 B CN106650432 B CN 106650432B CN 201610877674 A CN201610877674 A CN 201610877674A CN 106650432 B CN106650432 B CN 106650432B
- Authority
- CN
- China
- Prior art keywords
- information
- secret
- event
- access
- confidential
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a method and a device for analyzing secret-related information, relates to the technical field of information, and can improve the efficiency of inquiring secret leakage reasons. The method comprises the following steps: acquiring secret-related period information corresponding to the secret-related information; analyzing the confidential information according to the confidential period information; when an unauthorized access event occurs in the secret-related information in a secret-related period, determining that a secret leakage event occurs; and outputting an analysis result of the divulgence reason of the divulgence event according to the access information corresponding to the unauthorized access event. The method is suitable for analyzing the confidential information.
Description
Technical Field
The present invention relates to the field of information technologies, and in particular, to a method and an apparatus for analyzing confidential information.
Background
With the continuous development of information technology, the security of confidential information is more and more emphasized by people. The confidential information refers to confidential information, such as enterprise investment and reorganization plans, key financial index information, information such as specific plans, specifications, technical schemes, and developer configurations of enterprise products, resolution or messages such as financial security investment, and the like. Generally, secret-related information has a secret-related period, belongs to a secret stage when the secret-related information is in the corresponding secret-related period, and belongs to a public stage when the secret-related information is out of the corresponding secret-related period.
At present, after a user knows that a secret leakage event occurs on secret-related information, the user can trace the historical situation of accessing the secret-related information in original data in a query mode to determine the secret leakage reason, however, the mode needs the user to actively query, the original data is usually embodied by a business which is mainly in a standing book mode, and therefore massive data needs to be screened by the user, and the efficiency of querying the secret leakage reason is low.
Disclosure of Invention
In view of the above, the present invention provides a method and an apparatus for analyzing confidential information, and mainly aims to solve the problem that the efficiency of querying the reason for the confidential information is low because massive data needs to be screened by a user when the reason for the confidential information is actively queried manually.
In order to achieve the above object, according to an aspect of the present invention, there is provided a method for analyzing confidential information, the method including:
acquiring secret-related period information corresponding to the secret-related information;
analyzing the confidential information according to the confidential period information;
when an unauthorized access event occurs in the secret-related information in a secret-related period, determining that a secret leakage event occurs;
and outputting an analysis result of the divulgence reason of the divulgence event according to the access information corresponding to the unauthorized access event.
According to another aspect of the present invention, there is provided an apparatus for analyzing confidential information, the apparatus including:
the acquisition unit is used for acquiring secret-related period information corresponding to the secret-related information;
the analysis unit is used for analyzing the confidential information according to the confidential period information acquired by the acquisition unit;
the determining unit is used for determining that a secret leakage event occurs when the secret-related information has an unauthorized access event in a secret-related period;
and the output unit is used for outputting an analysis result of the divulgence reason of the divulgence event according to the access information corresponding to the unauthorized access event.
By the technical scheme, the technical scheme provided by the embodiment of the invention at least has the following advantages:
the invention provides a method and a device for analyzing confidential information, which comprises the steps of firstly, acquiring confidential period information corresponding to the confidential information; then, analyzing the confidential information according to the confidential period information; when an unauthorized access event occurs in the secret-related information in a secret-related period, determining that a secret leakage event occurs; and outputting an analysis result of the divulgence reason of the divulgence event according to the access information corresponding to the unauthorized access event. Compared with the prior art that the secret divulging reason of the secret divulging event of the secret divulging information is actively inquired in a manual mode, the secret divulging reason is analyzed according to the secret divulging period of the secret divulging information, the reason of the secret divulging event is obtained from the analysis result and can be automatically displayed to a user, the automatic analysis of the secret divulging reason can be realized, the user does not need to screen mass data one by one, the efficiency of inquiring the secret divulging reason can be improved, the secret divulging event is determined to occur when the secret divulging event occurs in the secret divulging period, the user can be timely informed that the secret divulging event occurs to the secret divulging information, and further, the secret divulging event can be timely and effectively intercepted.
The foregoing description is only an overview of the technical solutions of the present invention, and the embodiments of the present invention are described below in order to make the technical means of the present invention more clearly understood and to make the above and other objects, features, and advantages of the present invention more clearly understandable.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
fig. 1 is a schematic flow chart illustrating an analysis method of confidential information according to an embodiment of the present invention;
fig. 2 is a schematic flow chart illustrating another method for analyzing confidential information according to an embodiment of the present invention;
FIG. 3 is a schematic diagram illustrating analysis of access time of compromised information according to an embodiment of the present invention;
FIG. 4 is a schematic diagram illustrating a secret-related periodic access analysis of a compromised content according to an embodiment of the present invention;
fig. 5 is a schematic view illustrating access analysis of confidential information of an access source according to an embodiment of the present invention;
fig. 6 is a schematic diagram illustrating an analysis of access amount of confidential information according to an embodiment of the present invention;
FIG. 7 is a schematic structural diagram of an apparatus for analyzing confidential information according to an embodiment of the present invention;
fig. 8 is a schematic structural diagram of another device for analyzing confidential information according to an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
The embodiment of the invention provides a method for analyzing confidential information, which comprises the following steps of:
101. and acquiring secret-related period information corresponding to the secret-related information.
The secret-related period information may include a time range from a secret-related state to a public state of the secret-related information. Specifically, the secret-related period information may specifically include absolute secret period information, and/or secret period information, and the like, according to the secret level. For example, the secret-related period corresponding to the secret-related information a is a period from 10/1/2015 to 3/1/2016, specifically, a period from 10/1/2015 to 2/1/2016 is an absolute secret period, and a period from 2/2016 to 1/2016 is a secret period.
It should be noted that, for the embodiment of the present invention, the confidential information is generated for the first time in the organization and is used, access is authorized in the confidential period according to the security level, the confidential information is referred to the organization and is modified for use, the confidential information is protected in the confidential period according to the security level, new confidential information can be formed through association between the confidential information, and the security level corresponding to the confidential information can be formed according to the limitation of the access authority of the confidential information and the limitation of the confidential period.
102. And analyzing the confidential information according to the confidential period information.
Specifically, according to the information of the security-related period, the security-related information can be analyzed in combination with behavior log information corresponding to the security-related information, wherein the behavior log information can record the quoted condition, the authorized access condition, the unauthorized access condition, the transferred condition, the quoted frequency, the access frequency, the transfer frequency and the like of the security-related information.
For example, information such as a specific plan, specification, technical scheme, and developer composition of a product has a security requirement before release, data security level is reduced or a security-free period is entered after release, a security-related period is established until release of the product, and in order to analyze whether or not a leakage event exists in the information, the information may be analyzed in combination with the security-related period in which the information is located, and specifically, whether or not the information is authorized to be accessed in the security-related period may be determined in combination with the information.
It should be noted that, in the embodiment of the present invention, the process of analyzing the confidential information according to the confidential period information may specifically be performed outside the confidential period after the confidential information is disclosed, or may be performed within the confidential period when the confidential information is not disclosed, so as to achieve the purpose of monitoring whether a confidential event occurs in real time, thereby achieving the purpose of monitoring the confidential information within the confidential period and performing analysis outside the confidential period.
103. And when the secret-related information has an unauthorized access event in the secret-related period, determining that a secret leakage event occurs.
In the embodiment of the invention, authorized users can be preset, namely the authorized users are legal to access the divulgence information in the secret-related period, and other users are illegal to access the divulgence information in the secret-related period.
For example, when the secret-related information is accessed in the secret-related period and is accessed by an unauthorized user, the system may be attacked by a hacker, and the hacker steals the secret-related information, so that it can be determined that a secret leakage event occurs.
104. And outputting an analysis result of the divulgence reason of the divulgence event according to the access information corresponding to the unauthorized access event.
The access information may include information such as a visitor identity, an access path, an access time, an access source, and the like.
In the embodiment of the invention, the presentation form of the analysis result can be a presentation form of characters and graphs, so that a user can know the divulgence event more intuitively.
For example, when the secret-related information is accessed in the secret-related period and is accessed by an unauthorized user, the occurrence of a secret-related event is determined, the identity information of the user, the means for accessing the secret-related information, the time for accessing the secret-related information, the path during access, the access source of the secret-related information and other information are obtained through analysis, and a corresponding analysis result is output, so that the secret-related event and the analysis result thereof are automatically displayed to the user.
The method for analyzing the confidential information, provided by the embodiment of the invention, comprises the steps of firstly obtaining confidential period information corresponding to the confidential information; then, analyzing the confidential information according to the confidential period information; when an unauthorized access event occurs in the secret-related information in a secret-related period, determining that a secret leakage event occurs; and outputting an analysis result of the divulgence reason of the divulgence event according to the access information corresponding to the unauthorized access event. Compared with the prior art that the secret divulging reason of the secret divulging event of the secret divulging information is actively inquired in a manual mode, the secret divulging reason is analyzed according to the secret divulging period of the secret divulging information, the reason of the secret divulging event is obtained from the analysis result and can be automatically displayed to a user, the automatic analysis of the secret divulging reason can be realized, the user does not need to screen mass data one by one, the efficiency of inquiring the secret divulging reason can be improved, the secret divulging event is determined to occur when the secret divulging event occurs in the secret divulging period, the user can be timely informed that the secret divulging event occurs to the secret divulging information, and further, the secret divulging event can be timely and effectively intercepted.
Specifically, an embodiment of the present invention provides another method for analyzing confidential information, and as shown in fig. 2, the method includes:
201. and matching the industry data according to the characteristic rules in the preset industry rule base.
And the preset industry rule base stores characteristic rules respectively corresponding to the confidential information of different industries. The industry data may be data of a medical industry, data of a building industry, data of a bank industry, data of an e-commerce industry, and the like, and embodiments of the present invention are not particularly limited. For the embodiment of the invention, the characteristic rules in the preset industry rule base are obtained by induction according to the characteristics of the confidential information related in each industry, and the preset industry rule base stores the characteristic rules corresponding to the confidential information of the industry instead of the confidential information of each industry. The more complete the feature rules in the preset industry rule base, the more accurate the confidential information determined by matching the industry data according to the feature rules. In the embodiment of the invention, the preset industry rule base is established, so that the industry data can be intelligently monitored in the auditing strategy, and whether the industry data matched with the preset industry rule base is secret-related information or not can be accurately judged.
202. And determining the industry data successfully matched with the characteristic rule as confidential information.
In the embodiment of the invention, when the industry data is successfully matched with the characteristic rules in the preset industry rule base, the industry data is indicated to contain the confidential information, so that the industry data can be determined as the confidential information.
It should be noted that, according to the feature rules in the preset industry rule base, industry data are matched, and the industry data successfully matched with the feature rules are determined as secret-related information, so that the secret-related information can be automatically analyzed, and further, which secret-related information has a secret leakage event can be inquired, so that a large data analysis platform can be integrated, the analysis result is more effective, the data acquisition is complete, and the analysis result is more accurate.
203. And acquiring secret-related period information corresponding to the determined secret-related information.
Wherein, the secret-related period information comprises one or more secret-level period information. For example, the secret-related period information may specifically include absolute period information, secret period information, and/or secret period information.
For example, the user purchases the bidding document until the bidding is finished, and the bidding business and technical terms are taken, the confidential period is in before the bidding is opened, and the confidential level is reduced to be public after the bidding is opened. Before bidding, the user is concerned about not only adopting the bidding strategy but also whether the terms are leaked.
204. And analyzing the confidential information according to the confidential period information.
Specifically, according to the information of the confidential period, the confidential information can be analyzed in combination with the behavior log information corresponding to the confidential information.
For example, after the smart phone product design, material and the like are kept secret until the product is delivered, any specification leakage is a real business loss, and in order to analyze whether leakage events exist in related information, the information can be analyzed by combining with the classified period in which the information is located, and specifically, whether the information is authorized to be accessed in the classified period can be determined by combining with the information.
Further, after step 204, the method may further include: when the secret-related information has an abnormal storage event in a secret-related period, determining that a secret leakage event occurs; and outputting an analysis result of the divulgence reason of the divulgence event according to the storage position information and the storage time information corresponding to the abnormal storage event.
For example, when the secret-related information is stored in a central server of an enterprise or in a fixed computer, and it is detected that the storage location of the secret-related information is migrated in a secret-related period, and the secret-related information is copied or cut to an external storage device such as a mobile hard disk, an optical disk, or a U disk, it is possible to determine that a secret leakage event has occurred, and an analysis result of a secret leakage cause of the secret leakage event may be output in association with an identifier of the external storage device.
Further, after step 204, the method may further include: when the secret-related information has an abnormal transmission event in a secret-related period, determining that a secret leakage event occurs; and outputting an analysis result of the divulgence reason of the divulgence event according to the transmission path information, the transmission mode information and the transmission time information corresponding to the abnormal transmission event.
For example, the confidential information is stored in the computer a, the user logs in the computer a through the local area network and transmits the confidential information to the computer B of the user, and then the confidential information is transmitted to the computer C through the local area network by the computer B, wherein the computer A, B, C is an internal computer of a company, and finally the confidential information is transmitted by an electronic mail mode through the internet in the computer C.
205. And when the secret-related information has an unauthorized access event in the secret-related period, determining that a secret leakage event occurs.
Further, after the occurrence of the divulgence event is determined, alarm information of the occurrence of the divulgence event can be output, so that the user can be timely prompted that the divulgence event has occurred. The alarm information may be text alarm information, picture alarm information, audio alarm information, video alarm information, and the like.
For example, when the secret-related information is accessed in the secret-related period and is accessed by an unauthorized user, the system may be attacked, and an intruder steals the secret-related information, so that it can be determined that a secret leakage event occurs.
206. And outputting an analysis result of the divulgence reason of the divulgence event according to the access information corresponding to the unauthorized access event.
The access information comprises visitor information, access time information, access path information and access source information. For the embodiment of the invention, an analysis graph of the access time of the divulgence information, an access analysis graph of the confidential content confidential period, an access analysis graph of the access source confidential information and the like can be output.
For example, as shown in fig. 3, an analysis diagram of access time of compromised information is shown, in the diagram, the abscissa represents each day of the confidential period, such as 3 months 1 day, 3 months 2 days, and the like, and the ordinate represents specific time in one day, such as 1:00, 2: 00 and the like, wherein the time period when the confidential information of the access source is accessed in one day can be recorded in the graph, and can be specifically represented by a vertical bar, the length of the vertical bar corresponds to the access duration, and the starting position and the ending position of the vertical bar correspond to the starting time and the ending time of the access respectively. When an unauthorized access event occurs, a vertical line with a different appearance can be represented in a mode of line shape difference or color difference, and furthermore, the access time characteristics and the like of a divulgence event which is easy to occur can be counted.
As shown in fig. 4, the schematic diagram of the secret-related period access analysis of the leaked content is shown, in the diagram, the abscissa may represent the time of the secret-related period, the ordinate represents the access amount of the secret-related information in each day, and may be specifically represented by a vertical line, the length of the vertical line corresponds to the access amount, and the positive half axis of the ordinate may represent the authorized access amount, and the negative half axis may represent the unauthorized access amount, and may further divide different intervals according to different secret-level periods, such as an absolute secret interval, a secret interval, and the like, wherein each vertical line may further specifically display the access statistics of the current day, such as the access amount, and the address of a visitor IP (Internet Protocol, inter-network Protocol). The access quantity vertical bar occurring for the negative semi-axis of the ordinate may be marked with a special sign indicating the occurrence of an unauthorized access event in order to indicate an exception.
As shown in fig. 5, the schematic view of access analysis of the confidential information of the access source is shown, in which an abscissa may represent the time of a confidential period, an ordinate may represent access amounts respectively corresponding to different confidential information stored locally in the access source, and specifically may be represented by a vertical bar, the length of the vertical bar corresponds to the access amount, a positive half axis of the ordinate may represent an authorized access amount, a negative half axis may represent an unauthorized access amount, and a confidential period corresponding to the confidential information, such as an absolute confidential period, a confidential period, and a confidential period, may also be labeled. The access quantity vertical bar occurring for the negative semi-axis of the ordinate may be marked with a special sign indicating the occurrence of an unauthorized access event in order to indicate an exception.
Specifically, the step 206 may specifically include: determining the security level period information corresponding to the divulgence event according to the access time information; and determining influence level information corresponding to the divulgence event according to the security level period information corresponding to the divulgence event, for example, when determining that the current time is in an absolute security period according to the access time corresponding to the unauthorized access event, the divulgence event occurs in the time, the influence level is serious, and when determining that the current time is in a general security period according to the access time corresponding to the unauthorized access event, the divulgence event occurs in the time, the influence level is low, and the result is not serious.
And then outputting an analysis result of the divulgence reason of the divulgence event according to the influence level information, the visitor information, the access time information, the access path information and the access source information. For example, the identity information of the access user, which means are used to access the confidential information, the time for accessing the confidential information, the path during access, the access source of the confidential information, and other information are obtained through analysis, and corresponding analysis results are output, so that the divulgence event and the analysis results thereof are automatically displayed to the user.
Further, the method may further include: acquiring access quantities respectively corresponding to the secret-related information in different secret-level periods; and outputting a value analysis result of the confidential information according to the access amount so as to meet the requirement of the confidential information value analysis.
In the embodiment of the invention, the access amount of unauthorized access and the access amount of authorized access can be obtained, the access amount of the disclosed confidential information can also be obtained, and the value of the confidential information is determined according to the access amounts, for example, the access amount of the confidential information in a confidential period is greater than a certain threshold value, wherein the confidential information belongs to a stage of paying access in the confidential period, which indicates that a large number of users pay for accessing the confidential information, so that the high value of the confidential information can be determined, and a related value analysis result can be output.
Furthermore, in the embodiment of the present invention, access amounts corresponding to different pieces of confidential information may be counted, and an access amount analysis graph of the confidential information is output, and specifically, the access amount analysis graph is displayed in the form of a bubble graph, where each bubble corresponds to an access amount of the confidential information, and information such as an occupation ratio of authorized access and unauthorized access may also be displayed, so as to analyze and obtain respective corresponding values of the different pieces of confidential information according to the access amount monitoring graph of the confidential information.
For example, as shown in fig. 6, a schematic diagram of access analysis of confidential information is shown, in this diagram, the access amount of the confidential information about "T main building design scheme" is 2675398, wherein the unauthorized access amount accounts for 13.15%.
Further, the method may further include: counting file format information respectively corresponding to different secret-related information of a secret divulging event, wherein the file format information can comprise a word file format, an excel file format and a pdf file format; and outputting analysis results of the leakage easiness degrees corresponding to different file format information respectively according to the secret-related information quantity corresponding to the file format information so that a user can strengthen corresponding precautionary measures according to the analysis results. For example, according to the statistical result, the rate of the leakage event occurring in the file in the dwg format is large, and the secret-related information file in the format is easy to leak.
The other method for analyzing the confidential information, provided by the embodiment of the invention, comprises the steps of firstly obtaining confidential period information corresponding to the confidential information; then, analyzing the confidential information according to the confidential period information; when an unauthorized access event occurs in the secret-related information in a secret-related period, determining that a secret leakage event occurs; and outputting an analysis result of the divulgence reason of the divulgence event according to the access information corresponding to the unauthorized access event. Compared with the prior art that the secret divulging reason of the secret divulging event of the secret divulging information is actively inquired in a manual mode, the secret divulging reason is analyzed according to the secret divulging period of the secret divulging information, the reason of the secret divulging event is obtained from the analysis result and can be automatically displayed to a user, the automatic analysis of the secret divulging reason can be realized, the user does not need to screen mass data one by one, the efficiency of inquiring the secret divulging reason can be improved, the secret divulging event is determined to occur when the secret divulging event occurs in the secret divulging period, the user can be timely informed that the secret divulging event occurs to the secret divulging information, and further, the secret divulging event can be timely and effectively intercepted.
Further, as a specific implementation of the method shown in fig. 1, an embodiment of the present invention provides an apparatus for analyzing confidential information, where as shown in fig. 7, the apparatus includes: an acquisition unit 71, an analysis unit 72, a determination unit 73, and an output unit 74.
The obtaining unit 71 may be configured to obtain secret-related period information corresponding to the secret-related information.
The analysis unit 72 may be configured to analyze the secret-related information according to the secret-related period information acquired by the acquisition unit 71.
The determining unit 73 may be configured to determine that a secret divulging event occurs when an unauthorized access event occurs in the secret-related information within a secret-related period.
The output unit 74 may be configured to output an analysis result of a divulgence reason of the divulgence event according to the access information corresponding to the unauthorized access event.
It should be noted that other corresponding descriptions of the functional units related to the apparatus for analyzing confidential information according to the embodiment of the present invention may refer to the corresponding description in fig. 1, and are not repeated herein.
The device for analyzing the confidential information, provided by the embodiment of the invention, comprises the following steps of firstly, acquiring confidential period information corresponding to the confidential information; then, analyzing the confidential information according to the confidential period information; when an unauthorized access event occurs in the secret-related information in a secret-related period, determining that a secret leakage event occurs; and outputting an analysis result of the divulgence reason of the divulgence event according to the access information corresponding to the unauthorized access event. Compared with the prior art that the secret divulging reason of the secret divulging event of the secret divulging information is actively inquired in a manual mode, the secret divulging reason is analyzed according to the secret divulging period of the secret divulging information, the reason of the secret divulging event is obtained from the analysis result and can be automatically displayed to a user, the automatic analysis of the secret divulging reason can be realized, the user does not need to screen mass data one by one, the efficiency of inquiring the secret divulging reason can be improved, the secret divulging event is determined to occur when the secret divulging event occurs in the secret divulging period, the user can be timely informed that the secret divulging event occurs to the secret divulging information, and further, the secret divulging event can be timely and effectively intercepted.
Further, as a specific implementation of the method shown in fig. 2, another apparatus for analyzing confidential information is provided in an embodiment of the present invention, and as shown in fig. 8, the apparatus includes: an acquisition unit 81, an analysis unit 82, a determination unit 83, an output unit 84.
The obtaining unit 81 may be configured to obtain secret-related period information corresponding to the secret-related information.
The analysis unit 82 may be configured to analyze the secret-related information according to the secret-related period information acquired by the acquisition unit 81.
The determining unit 83 may be configured to determine that a secret divulging event occurs when an unauthorized access event occurs in the secret-related information within a secret-related period.
The output unit 84 may be configured to output an analysis result of a divulgence reason of the divulgence event according to the access information corresponding to the unauthorized access event.
Optionally, the access information includes visitor information, access time information, access path information, and access source information.
Optionally, the secret-related period information includes one or more secret-level period information.
Specifically, the output unit 84 includes: a determination module 841 and an output module 842.
The determining module 841 may be configured to determine, according to the access time information, security level period information corresponding to the divulgence event.
The determining module 841 may be further configured to determine, according to the information of the confidentiality level period corresponding to the divulgence event, the influence level information corresponding to the divulgence event.
The output module 842 may be configured to output an analysis result of a divulgence reason of the divulgence event according to the influence level information, the visitor information, the access time information, the access path information, and the access source information.
The obtaining unit 81 may be further configured to obtain access amounts corresponding to the secret-related information in different secret-level periods.
The output unit 84 may be further configured to output a value analysis result of the confidential information according to the access amount acquired by the acquisition unit 81.
Further, the apparatus further comprises: a matching unit 85.
The matching unit 85 may be configured to match industry data according to feature rules in a preset industry rule base, where feature rules corresponding to secret-related information of different industries are stored in the preset industry rule base.
The determining unit 83 may be further configured to determine, as the confidential information, the industry data successfully matched with the feature rule.
The obtaining unit 81 may be specifically configured to obtain secret-related period information corresponding to the determined secret-related information.
Further, the apparatus further comprises: a statistical unit 86.
The statistical unit 86 may be configured to count file format information corresponding to different secret-related information of the occurrence of the secret leakage event.
The output unit 84 may be further configured to output an analysis result of the leakage easiness degree corresponding to each of the different file format information according to the amount of the secret-related information corresponding to the file format information counted by the counting unit 86.
The determining unit 83 may be further configured to determine that a secret divulging event occurs when the secret-related information has an abnormal storage event in a secret-related period.
The output unit 84 may be further configured to output an analysis result of a divulgence reason of the divulgence event according to the storage location information and the storage time information corresponding to the abnormal storage event.
The determining unit 83 may be further configured to determine that a secret divulging event occurs when an abnormal transmission event occurs in the secret-related information in a secret-related period.
The output unit 84 may be further configured to output an analysis result of a divulgence cause of the divulgence event according to the transmission path information, the transmission mode information, and the transmission time information corresponding to the abnormal transmission event.
The output unit 84 may be further configured to output a warning message indicating that a divulgence event occurs.
It should be noted that other corresponding descriptions of the functional units related to another device for analyzing confidential information provided in the embodiment of the present invention may refer to the corresponding description in fig. 2, and are not described herein again.
The other device for analyzing the confidential information, provided by the embodiment of the invention, firstly obtains the confidential period information corresponding to the confidential information; then, analyzing the confidential information according to the confidential period information; when an unauthorized access event occurs in the secret-related information in a secret-related period, determining that a secret leakage event occurs; and outputting an analysis result of the divulgence reason of the divulgence event according to the access information corresponding to the unauthorized access event. Compared with the prior art that the secret divulging reason of the secret divulging event of the secret divulging information is actively inquired in a manual mode, the secret divulging reason is analyzed according to the secret divulging period of the secret divulging information, the reason of the secret divulging event is obtained from the analysis result and can be automatically displayed to a user, the automatic analysis of the secret divulging reason can be realized, the user does not need to screen mass data one by one, the efficiency of inquiring the secret divulging reason can be improved, the secret divulging event is determined to occur when the secret divulging event occurs in the secret divulging period, the user can be timely informed that the secret divulging event occurs to the secret divulging information, and further, the secret divulging event can be timely and effectively intercepted.
In the foregoing embodiments, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
It will be appreciated that the relevant features of the method and apparatus described above are referred to one another. In addition, "first", "second", and the like in the above embodiments are for distinguishing the embodiments, and do not represent merits of the embodiments.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
The algorithms and displays presented herein are not inherently related to any particular computer, virtual machine, or other apparatus. Various general purpose systems may also be used with the teachings herein. The required structure for constructing such a system will be apparent from the description above. Moreover, the present invention is not directed to any particular programming language. It is appreciated that a variety of programming languages may be used to implement the teachings of the present invention as described herein, and any descriptions of specific languages are provided above to disclose the best mode of the invention.
In the description provided herein, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be interpreted as reflecting an intention that: that the invention as claimed requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention.
Those skilled in the art will appreciate that the modules in the device in an embodiment may be adaptively changed and disposed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and furthermore they may be divided into a plurality of sub-modules or sub-units or sub-components. All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or elements of any method or apparatus so disclosed, may be combined in any combination, except combinations where at least some of such features and/or processes or elements are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
Furthermore, those skilled in the art will appreciate that while some embodiments described herein include some features included in other embodiments, rather than other features, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.
The various component embodiments of the invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. It will be appreciated by those skilled in the art that a microprocessor or Digital Signal Processor (DSP) may be used in practice to implement some or all of the functions of some or all of the components of a method and apparatus for analyzing confidential information according to embodiments of the present invention. The present invention may also be embodied as apparatus or device programs (e.g., computer programs and computer program products) for performing a portion or all of the methods described herein. Such programs implementing the present invention may be stored on computer-readable media or may be in the form of one or more signals. Such a signal may be downloaded from an internet website or provided on a carrier signal or in any other form.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The usage of the words first, second and third, etcetera do not indicate any ordering. These words may be interpreted as names.
Claims (14)
1. A method for analyzing confidential information is characterized by comprising the following steps:
matching industry data according to characteristic rules in a preset industry rule base, wherein the preset industry rule base stores characteristic rules corresponding to secret-related information of different industries respectively;
determining the industry data successfully matched with the characteristic rule as confidential information;
obtaining secret-related period information corresponding to the secret-related information, wherein the secret-related period information comprises the following steps: acquiring secret-related period information corresponding to the determined secret-related information;
analyzing the confidential information according to the confidential period information;
when the secret-related information has an abnormal storage event in a secret-related period, determining that a secret leakage event occurs;
outputting an analysis result of a divulgence reason of the divulgence event according to the storage position information and the storage time information corresponding to the abnormal storage event;
when an unauthorized access event occurs in the secret-related information in a secret-related period, determining that a secret leakage event occurs;
outputting an analysis result of a divulgence reason of the divulgence event according to the access information corresponding to the unauthorized access event, specifically comprising:
the abscissa represents each day of the secret-related period and the ordinate represents the specific time in one day;
recording a time period when secret-related information of an access source is accessed in one day, specifically comprising: the length of a vertical bar corresponds to the access duration, and the starting position and the ending position of the vertical bar correspond to the starting time and the ending time of access respectively;
when an unauthorized access event occurs, a heterogeneous vertical bar is represented in a mode of line shape difference or color difference, and the heterogeneous vertical bar is used for counting the access time characteristics of a leakage event which easily occurs.
2. The method for analyzing confidential information according to claim 1, wherein the access information includes visitor information, access time information, access path information, and access source information.
3. The method for analyzing confidential information according to claim 2, wherein the confidential period information includes one or more types of confidential period information, and the outputting the analysis result of the reason for the leakage of the confidential event based on the access information corresponding to the unauthorized access event includes:
determining the security level period information corresponding to the divulgence event according to the access time information;
determining influence level information corresponding to the divulgence event according to the secret level period information corresponding to the divulgence event;
and outputting an analysis result of the divulgence reason of the divulgence event according to the influence level information, the visitor information, the access time information, the access path information and the access source information.
4. The method for analyzing confidential information according to claim 3, further comprising:
acquiring access quantities respectively corresponding to the secret-related information in different secret-level periods;
and outputting a value analysis result of the confidential information according to the access amount.
5. The method for analyzing confidential information according to claim 1, further comprising:
counting file format information respectively corresponding to different secret-related information of the occurrence of the secret leakage event;
and outputting analysis results of the leakage easiness degrees respectively corresponding to different file format information according to the secret-related information quantity corresponding to the file format information.
6. The method for analyzing confidential information according to claim 1, wherein after the confidential information is analyzed according to the confidential period information, the method further comprises:
when the secret-related information has an abnormal transmission event in a secret-related period, determining that a secret leakage event occurs;
and outputting an analysis result of the divulgence reason of the divulgence event according to the transmission path information, the transmission mode information and the transmission time information corresponding to the abnormal transmission event.
7. The method for analyzing confidential information according to claim 1, wherein after determining that a divulgence event occurs, the method further comprises:
and outputting alarm information of the occurrence of the divulgence event.
8. An apparatus for analyzing confidential information, comprising:
the matching unit is used for matching the industry data according to the characteristic rules in a preset industry rule base, and the preset industry rule base stores the characteristic rules corresponding to the confidential information of different industries respectively;
the determining unit is further used for determining the industry data successfully matched with the characteristic rule as confidential information;
the device comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is used for acquiring secret-related period information corresponding to secret-related information, and is specifically used for acquiring the determined secret-related period information corresponding to the secret-related information;
the analysis unit is used for analyzing the confidential information according to the confidential period information acquired by the acquisition unit;
the determining unit is further used for determining that a secret leakage event occurs when the secret-related information has an abnormal storage event in a secret-related period;
the output unit is also used for outputting an analysis result of the divulgence reason of the divulgence event according to the storage position information and the storage time information corresponding to the abnormal storage event;
the determining unit is further used for determining that a secret divulging event occurs when the secret-related information has an unauthorized access event in a secret-related period;
the output unit is configured to output an analysis result of a divulgence reason of the divulgence event according to the access information corresponding to the unauthorized access event, and specifically includes:
the abscissa represents each day of the secret-related period and the ordinate represents the specific time in one day;
recording a time period when secret-related information of an access source is accessed in one day, specifically comprising: the length of a vertical bar corresponds to the access duration, and the starting position and the ending position of the vertical bar correspond to the starting time and the ending time of access respectively;
when an unauthorized access event occurs, a heterogeneous vertical bar is represented in a mode of line shape difference or color difference, and the heterogeneous vertical bar is used for counting the access time characteristics of a leakage event which easily occurs.
9. The apparatus for analyzing confidential information according to claim 8, wherein the access information includes visitor information, access time information, access path information, and access source information.
10. The apparatus for analyzing confidential information according to claim 9, wherein the confidential period information includes one or more kinds of confidential period information, and the output unit includes:
the determining module is used for determining the security level period information corresponding to the divulgence event according to the access time information;
the determining module is further configured to determine, according to the information of the security level period corresponding to the divulgence event, influence level information corresponding to the divulgence event;
and the output module is used for outputting an analysis result of the divulgence reason of the divulgence event according to the influence level information, the visitor information, the access time information, the access path information and the access source information.
11. The apparatus for analyzing confidential information according to claim 10, wherein the apparatus further comprises a storage unit,
the acquisition unit is also used for acquiring the access quantities respectively corresponding to the secret-related information in different secret-level periods;
and the output unit is also used for outputting the value analysis result of the confidential information according to the access amount acquired by the acquisition unit.
12. The apparatus for analyzing confidential information according to claim 8, further comprising: a counting unit;
the statistical unit is used for counting file format information corresponding to different secret-related information of a secret leakage event;
and the output unit is also used for outputting the analysis results of the divulgence easiness degrees corresponding to different file format information respectively according to the secret-related information quantity corresponding to the file format information counted by the counting unit.
13. The apparatus for analyzing confidential information according to claim 8, wherein the apparatus further comprises a storage unit,
the determining unit is further used for determining that a secret leakage event occurs when the secret-related information has an abnormal transmission event in a secret-related period;
and the output unit is further used for outputting an analysis result of the divulgence reason of the divulgence event according to the transmission path information, the transmission mode information and the transmission time information corresponding to the abnormal transmission event.
14. The apparatus for analyzing confidential information according to claim 8, wherein the apparatus further comprises a storage unit,
the output unit is also used for outputting alarm information of the occurrence of the divulgence event.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610877674.9A CN106650432B (en) | 2016-09-30 | 2016-09-30 | Method and device for analyzing confidential information |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610877674.9A CN106650432B (en) | 2016-09-30 | 2016-09-30 | Method and device for analyzing confidential information |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106650432A CN106650432A (en) | 2017-05-10 |
| CN106650432B true CN106650432B (en) | 2020-11-10 |
Family
ID=58854729
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610877674.9A Active CN106650432B (en) | 2016-09-30 | 2016-09-30 | Method and device for analyzing confidential information |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106650432B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113139206A (en) * | 2020-03-16 | 2021-07-20 | 刘琴 | Private customer information management system of medical institution |
Family Cites Families (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8356358B2 (en) * | 2009-12-04 | 2013-01-15 | Altera Corporation | Preventing information leakage between components on a programmable chip in the presence of faults |
| CN102185867A (en) * | 2011-05-19 | 2011-09-14 | 苏州九州安华信息安全技术有限公司 | Method for realizing network security and star network |
| JP2013031151A (en) * | 2011-06-20 | 2013-02-07 | Renesas Electronics Corp | Encryption communication system and encryption communication method |
| CN102436599A (en) * | 2011-10-28 | 2012-05-02 | 中国舰船研究设计中心 | Secret determination information accounting method based on cascade secret determination information synchronous processing system |
| US8627455B1 (en) * | 2012-06-14 | 2014-01-07 | Kabushiki Kaisha Toshiba | Manufacturing method of a memory device to be authenticated |
| US8650398B2 (en) * | 2012-06-14 | 2014-02-11 | Kabushiki Kaisha Toshiba | Device authentication using restricted memory |
| CN102819604B (en) * | 2012-08-20 | 2015-06-10 | 徐亮 | Method for retrieving confidential information of file and judging and marking security classification based on content correlation |
| CN103902917B (en) * | 2012-12-27 | 2017-04-12 | 北京中船信息科技有限公司 | Full-view monitoring method for access range and motion trails of cross-domain files |
| CN103164515B (en) * | 2013-03-01 | 2015-03-25 | 傅如毅 | Computer system confidential file knowledge base searching method |
| JP2014206967A (en) * | 2013-03-18 | 2014-10-30 | 株式会社Genusion | Storage device |
-
2016
- 2016-09-30 CN CN201610877674.9A patent/CN106650432B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN106650432A (en) | 2017-05-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9477660B2 (en) | Privacy compliance in data retrieval | |
| CN108780479B (en) | System and method for detecting and scoring anomalies | |
| CN106850346B (en) | Method and device for monitoring node change and assisting in identifying blacklist and electronic equipment | |
| US11095675B1 (en) | System and method for identifying system vulnerabilities | |
| CN105791255A (en) | Method and system for identifying computer risks based on account clustering | |
| US11790427B2 (en) | Distributed database structures for anonymous information exchange | |
| CN113516337A (en) | Method and device for monitoring data security operation | |
| CN106161095B (en) | Early warning method and device for data leakage | |
| CN110716973A (en) | Big data based security event reporting platform and method | |
| CN114531304B (en) | Session processing method and system based on data packet | |
| CN111931214A (en) | Data processing method, device, server and storage medium | |
| CN106650432B (en) | Method and device for analyzing confidential information | |
| CN112700115A (en) | Risk identification method for invoice sales | |
| CN112667706A (en) | Method and device for identifying stolen account | |
| CN116881979A (en) | Method, device and equipment for detecting data safety compliance | |
| CN106485144A (en) | The analysis method of classified information and device | |
| CN112769739A (en) | Database operation violation processing method, device and equipment | |
| US20220028008A1 (en) | Signals-based data syndication and collaboration | |
| CN106355089A (en) | Secret-associated information analysis method and device | |
| Mogull | Understanding and selecting a database activity monitoring solution | |
| CN111582954A (en) | False data identification method and device | |
| CN110866278A (en) | Method and device for blocking real-time intrusion of database | |
| CN110910154A (en) | Tobacco monopoly license management method, equipment and medium based on block chain | |
| CN105099993A (en) | Data interaction method based on proxy platform and device and system thereof | |
| CN114119176B (en) | User right processing method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |