CN106789964B - Cloud resource pool data security detection method and system - Google Patents
Cloud resource pool data security detection method and system Download PDFInfo
- Publication number
- CN106789964B CN106789964B CN201611102263.9A CN201611102263A CN106789964B CN 106789964 B CN106789964 B CN 106789964B CN 201611102263 A CN201611102263 A CN 201611102263A CN 106789964 B CN106789964 B CN 106789964B
- Authority
- CN
- China
- Prior art keywords
- data
- sensitive data
- module
- cloud resource
- resource pool
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a cloud resource pool data security detection method, which comprises the following steps: acquiring formulated sensitive data; acquiring derived data drained from the cloud resource pool; scanning and identifying sensitive data in the derived data; establishing a life cycle of sensitive data, and performing hierarchical management on the sensitive data; capturing a sensitive data host virtual machine in a cloud resource environment, and carrying out flow supervision on the sensitive data host virtual machine; and analyzing the sensitive data and the abnormal operation behavior of the sensitive data host virtual machine, and sending an alarm. In addition, the invention also provides a security detection system for the sensitive data of the cloud resource pool, which comprises a control module, an acquisition module, a processing module, a supervision module and an audit module. By adopting the method and the system, the whole life cycle safety control of various links such as creation, production, use, destruction and the like of various sensitive data in the processes of calling, transmitting, service interaction and migration of the intra-domain and cross-domain virtual machine service data in the cloud computing environment is realized, and abnormal and illegal behaviors are found.
Description
Technical Field
The invention belongs to the technical field of information security, and particularly relates to a cloud resource pool data security detection protection system and a method thereof.
Background
The most important difference of the cloud resource pool from the traditional platform construction in the aspect of system composition is that the resources are virtualized to form a uniform resource pool, the configuration and management of the resources are simplified, the utilization rate of hardware is improved, and therefore the flexibility and the elasticity of cloud computing are achieved. The introduction of the virtual layer makes the security protection system taking access control as a core greatly different from the traditional service platform construction protection system, and the system also needs to include special virtualization security in cloud computing besides traditional host security, network security and the like.
In the cloud resource pool, a plurality of service system hosts such as CRM and the like store UIP logs, interaction logs with the CRM and key sensitive data including user information, payment, credit, peripheral charging-substituting logs and the like, and part of hosts also store final program codes before service system updating. At present, for the security of sensitive data in a cloud resource pool environment, no protection and monitoring are performed through technical means, and for the transmission, storage, data protection and the like of the sensitive data in a virtual resource pool, a complete construction scheme is urgently needed to realize the security protection and monitoring of the sensitive data.
Disclosure of Invention
The technical problem to be solved by the invention is to realize the management and the monitoring of each life cycle of the cloud resource pool sensitive data by managing and monitoring the sensitive data in the cloud resource pool environment, and avoid the risks of information leakage and the like caused by the fact that illegal personnel acquire the sensitive data through a technical means.
In order to solve the above problems, the present invention provides a cloud resource pool data security detection method, which includes the following steps:
s1: acquiring formulated sensitive data;
s2: acquiring derived data drained from the cloud resource pool;
s3: scanning and identifying sensitive data in the derived data;
s4: establishing a life cycle of sensitive data, and performing hierarchical management on the sensitive data;
s5: capturing a sensitive data host virtual machine in a cloud resource environment, and carrying out flow supervision on the sensitive data host virtual machine;
s6: and analyzing the sensitive data and the abnormal operation behavior of the sensitive data host virtual machine, and sending an alarm.
Further, the step of obtaining the derived data in S2 includes:
s201: capturing target data in a cloud resource pool in real time;
s202: and filtering the captured target data and forwarding the data to a target position in the specified virtual machine.
Further, the S3 specifically includes the following steps:
s301: scanning S202 the derived data in the target location;
s302: identifying the sensitive data matched with the data in the S1 in the derived data, and storing in a storage mode;
s303: and identifying non-sensitive data which is not matched with the data in the S1 in the derived data, and carrying out destruction label identification on the non-sensitive data.
Further, sensitive data in the exported data is identified using keywords, regular expressions, file fingerprints, or file MD 5.
Further, the non-sensitive data marked with the destruction identifier in S303 is deleted by an erasing tool before the virtual machine is offline. The data needing desensitization or destruction of the virtual machine is subjected to tagging management, and in-library and out-library desensitization of formatted data is realized
Further, the S4 adopts a clustering algorithm to perform hierarchical management on the sensitive data.
Further, the S5 specifically includes monitoring a transmission channel and a network connection state of the sensitive data host virtual machine, and acquiring abnormal transmission of the sensitive data, and the specific steps are as follows:
s501: recognizing and scanning data transmission between host ports of host virtual machines of sensitive data hosts to acquire abnormal transmission of the sensitive data;
s502: monitoring the port connection state of a virtual machine host stored with sensitive data to acquire abnormal port connection information;
s503: and monitoring the network connection state of the host of the sensitive data host virtual machine to acquire the abnormal network access request.
In addition, the invention also provides a security detection system for the sensitive data of the cloud resource pool, which comprises a control module, an acquisition module, a processing module, a supervision module and an audit module;
wherein the control module: the system is used for defining sensitive data and issuing the sensitive data to each functional module;
the acquisition module: the system comprises a cloud resource pool, a physical security device and a data processing device, wherein the cloud resource pool is used for exporting data needing to be detected to the physical security device;
the sensitive data supervision module: the system comprises an acquisition module, an audit module, a data acquisition module, a data storage module and a data processing module, wherein the acquisition module is used for acquiring export data of a user, identifying sensitive data in the export data, realizing the hierarchical management of the sensitive data and feeding the sensitive data back to the audit module;
the safety flow monitoring module: the system comprises a data acquisition module, an audit module, a data transmission module and a data transmission module, wherein the data acquisition module is used for acquiring a sensitive data host virtual machine in a cloud resource pool, monitoring the flow of the sensitive data host virtual machine in real time and feeding back the flow to the audit module;
the auditing module: and the monitoring module is used for receiving the information fed back by each module, analyzing the sensitive data and the abnormal operation behavior of the sensitive data host virtual machine and sending an alarm.
Further, the acquisition module comprises a virtual flow guide machine and an SDN switch;
the virtual stream guide machine derives target data in a cloud resource pool to an SDN switch, and the SDN switch forwards the target data to a specified target position. And exporting data to be monitored from the virtual network environment to the physical security equipment through the virtual flow guide machine, wherein the specific security service logic is processed by the physical security equipment. The method has little influence on the service and the network, and the physical security equipment can obtain extremely high performance when used for processing the security service, so that the processing logic of the virtual flow guide machine becomes very simple and only needs to occupy a small amount of virtualized resources.
Further, the sensitive data management module comprises a scanning component, an identification component, an erasing component and a grading component;
the scanning assembly is: for scanning data in the acquisition module;
the identification component: the data processing device is used for identifying sensitive data and non-sensitive data in the scanned data;
the erasing component: for erasing non-sensitive data;
the grading component: the system is used for performing hierarchical management on the identified different levels of sensitive data.
Further, the grading component adopts a clustering algorithm to carry out grading management on different sensitive data.
Further, the safety flow monitoring module comprises a host port monitoring module, a transmission channel monitoring module and a host interconnection relation module;
wherein the host port monitoring module: the system is used for monitoring the connection state of the host port of the virtual machine of the sensitive data host;
the transmission channel monitoring module: the system is used for monitoring the data transmission state between the ports of the sensitive data host virtual machine;
the host interconnection relation module: the method is used for monitoring the network connection state of the host of the sensitive data virtual machine.
Further, the auditing module comprises a receiving module and an analyzing module;
wherein the receiving module: the feedback information is used for receiving the feedback information of each functional module;
the analysis module: and the method is used for analyzing abnormal behaviors in the feedback information and giving an alarm.
Compared with the prior art, the invention has the following advantages and beneficial effects:
1. the invention has good expandability and flexible system framework;
2. the method realizes the identification of the sensitive data of the network layer and the host layer in the full life cycle under the cloud resource pool environment;
3. the invention realizes the grading and classification management of the sensitive data, monitors and manages the state of the sensitive data and displays the distribution and the state of the sensitive data in each life cycle scene;
4. the invention carries out tagging management on the data which needs desensitization or destruction of the virtual machine, and realizes desensitization inside and outside the database of formatted data;
5. the invention realizes the flow monitoring in the cloud resource pool environment, realizes the real-time state monitoring of the transmission, access and channel port connection of sensitive data for all the virtual machines in the cloud resource pool, monitors the ports and service information flow of the sensitive data host virtual machines, and finds abnormal and illegal behaviors.
Drawings
The accompanying drawings, which are included to provide a further understanding of the embodiments of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the principles of the invention. In the drawings:
FIG. 1 is a block flow diagram of the method of the present invention;
fig. 2 is a block diagram of the system of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail below with reference to examples and accompanying drawings, and the exemplary embodiments and descriptions thereof are only used for explaining the present invention and are not meant to limit the present invention.
In the cloud resource pool, a virtual host is dynamically generated by using shared resources, and the possibility that sensitive data is leaked through data monitoring and recovery technologies because data is not erased and data is not transmitted in an encrypted manner before sharing exists. The method and the system realize the whole life cycle safety control of links such as creation, production, use, destruction and the like of various sensitive data in the process of calling, transmitting and migrating the service data of the intra-domain and cross-domain virtual machines in the cloud computing environment. Monitoring the transmission process and storage of each virtual machine in each link of the data life cycle, wherein the transmission process and storage of each virtual machine relate to which type of sensitive data; sensitive data are transmitted and classified, tags needing to be destroyed are marked on the virtual machines, reliable erasing is achieved, and data recovery after the virtual machines are shared is avoided. Meanwhile, the real-time monitoring of the transmission of the sensitive data host virtual machine is realized, abnormal and illegal behaviors are found, and illegal or illegal personnel are prevented from stealing sensitive data through network access, hidden channels, unconventional ports and other modes.
As shown in fig. 1, the present invention provides a cloud resource pool data security detection method, which includes the following steps:
step S1: acquiring formulated sensitive data;
according to business requirements, sensitive data and a sensitive data grading standard are formulated according to data types and data contents, and the sensitive data grading standard are divided into different grades such as a first grade and a second grade according to sensitivity degrees; the method is divided into different levels such as important and important according to the safety attribute; the security level is divided into different levels of strict limitation, confidential information, internal information, limitation level, privacy related, authorization level, security level and the like.
S2: acquiring derived data drained from the cloud resource pool;
the principle that the flow needing to be monitored is led out to the physical safety equipment from the virtual network environment through the virtual flow guide machine is adopted, and the specific safety business logic is processed by the physical safety equipment. The mode has little influence on user service and network; the physical security equipment is used for processing the security service, so that extremely high performance can be obtained, the processing logic of the virtual diversion system becomes very simple, and only a small amount of virtualized resources are occupied.
According to this principle, by S201: capturing target data in a cloud resource pool in real time; s202, the captured target data are filtered, the data are forwarded to a target position in the appointed virtual machine, and export data are drained from the meta-resource pool.
S3: scanning and identifying sensitive data in the derived data;
by S301: scanning S202 the derived data in the target location; s302: identifying the sensitive data matched with the data in the S1 in the derived data, and storing in a storage mode; s303: and identifying non-sensitive data which is not matched with the data in the S1 in the derived data, and carrying out destruction label identification on the non-sensitive data.
And (4) changing the template of the virtual host of the existing cloud resource pool, and embedding a sensitive data scanning account to automatically discover the newly added and built virtual host. Sensitive data scanning is carried out through a scanning strategy, the sensitive data scanning is carried out through an agent, an agent client is installed on a computer in a silent mode, the using operation of an employee on the computer, files and software is observed and recorded in a mode of a bystander, and the using operation is sent to a server; the server side identifies the sensitive confidential information through various modes (file signature, sensitive word identification and weight analysis, and regular expression filtering), and stores the sensitive confidential information in a warehouse and archives the sensitive confidential information; the server obtains trends of three dimensions of personnel, files and security events through data summarization and analysis, and identifies the operation of the user through corresponding security policy definition, so as to confirm whether the risk of divulgence exists. The sensitive data secret identification technology adopts keywords, a regular expression, a file fingerprint and a file MD5 to identify a sensitive file.
Sensitive information is leaked when data are shared among the cloud resource pool virtual machines, and desensitization, destruction and tagging management of the data are achieved through a sensitive information identification technology. Thereby enabling reliable "zero" erasure of dummy data. In order to prevent data leakage caused by recovery or shared access of the virtual machine after the virtual machine is offline, the storage layer sensitive data management and control module is used for erasing the identified information, the technical difficulty of recovery is improved, and the subsequent state of the virtual machine is monitored and tracked.
S4: establishing a life cycle of sensitive data, and performing hierarchical management on the sensitive data;
sensitive data discovery and classification adopt an efficient clustering algorithm, classification and classification management can be carried out on the sensitive data, and documents with different security levels trigger different event actions. The sensitive file or sensitive data state at various stages can be presented in conjunction with the sensitive data asset lifecycle scenario.
S5: capturing a sensitive data host virtual machine in a cloud resource environment, and carrying out flow supervision on the sensitive data host virtual machine;
by S501: recognizing and scanning data transmission between host ports of host virtual machines of sensitive data hosts to acquire abnormal transmission of the sensitive data; s502: monitoring the port connection state of a virtual machine host stored with sensitive data to acquire abnormal port connection information; s503: and monitoring the network connection state of the host of the sensitive data host virtual machine to acquire the abnormal network access request.
Capturing the sensitive data host virtual machine in the cloud resource pool environment through the flow guided out by the virtual fluid director, and forming a visual interconnection relation view through data interaction, transmission and service information flow of each sub-domain and each security domain in the security domain and other enterprise own security domains. The discovery and the real-time flow monitoring of the virtual machine are realized, and meanwhile, the non-compliant connection behavior is discovered in time by combining the APT and the compliance thought, so that the safety of the host is guaranteed.
S6: and analyzing the sensitive data and the abnormal operation behavior of the sensitive data host virtual machine, and sending an alarm.
And monitoring and auditing network flow and a database of the virtual equipment storing the sensitive data according to the scene of the sensitive data, and timely discovering abnormal operation behaviors on the sensitive data. The system monitors the access and change conditions of the sensitive information in the cloud resource pool in a storage layer, namely a network layer, in real time or periodically, compares the access and change conditions with the life cycle model, and identifies data security events. The data security event is butted with SMP or EOMS through an alarm or work order mode to protect data assets in time and prevent data leakage.
In addition, as shown in fig. 2, the invention further provides a cloud resource pool sensitive data security detection system, which comprises a control module, an acquisition module, a processing module, a supervision module and an auditing module.
The control module is used for defining sensitive data and sending the sensitive data to each functional module, and formulating the sensitive data and the sensitive data grading standard according to the service requirements and the data type and the data content.
The acquisition module is used for exporting data needing to be detected from the cloud resource pool to physical security equipment, and the data comprises a virtual flow guide machine and an SDN switch. The virtual stream guide machine derives target data in the cloud resource pool to an SDN switch, and the SDN switch forwards the target data to a specified target position. And exporting data to be monitored from the virtual network environment to the physical security equipment through the virtual flow guide machine, wherein the specific security service logic is processed by the physical security equipment. The method has little influence on the service and the network, and the physical security equipment can obtain extremely high performance when used for processing the security service, so that the processing logic of the virtual flow guide machine becomes very simple and only needs to occupy a small amount of virtualized resources.
The sensitive data supervision module is used for scanning the export data in the acquisition module, identifying the sensitive data in the export data, realizing the hierarchical management of the sensitive data and feeding the sensitive data back to the auditing module; comprises a scanning component, an identification component, an erasing component and a grading component. The scanning component is used for scanning the data in the acquisition module; the identification component is used for identifying sensitive data and non-sensitive data in the scanned data; the erasing component is used for erasing non-sensitive data; and the grading component adopts a clustering algorithm to carry out grading management on the identified sensitive data of different grades.
The safety flow monitoring module is used for capturing the sensitive data host virtual machine in the cloud resource pool, monitoring the flow of the sensitive data host virtual machine in real time and feeding the flow back to the auditing module. The safety flow monitoring module comprises a host port monitoring module, a transmission channel monitoring module and a host interconnection relation module. Wherein, host computer port monitoring module: the system is used for monitoring the connection state of the host port of the virtual machine of the sensitive data host; transmission channel monitoring module: the system is used for monitoring the data transmission state between the ports of the sensitive data host virtual machine; a host interconnection relationship module: the method is used for monitoring the network connection state of the host of the sensitive data virtual machine.
An auditing module: and the monitoring module is used for receiving the information fed back by each module, analyzing the sensitive data and the abnormal operation behavior of the sensitive data host virtual machine and sending an alarm. The auditing module comprises a receiving module and an analyzing module. The receiving module is used for receiving feedback information of each functional module; and the analysis module is used for analyzing the abnormal behavior in the feedback information and giving an alarm.
According to the cloud resource pool sensitive data management and monitoring system, management and monitoring of each life cycle of the cloud resource pool sensitive data are achieved through management and monitoring of the sensitive data, illegal leakage of the sensitive data is protected, access operation behaviors of the sensitive data and the data can be sent out, and instant audit monitoring, alarming and blocking are achieved. Establishing a full-life-cycle monitoring management model by identifying and marking the sensitive data of the cloud resource pool through a scanning identification technology; the classification and classification management of the sensitive data is realized, the state of the sensitive data is monitored and managed, and the distribution and the state of the sensitive data in each life cycle scene are displayed; performing tagging management on data needing desensitization or destruction of the virtual machine, and realizing desensitization inside and outside a library of formatted data; monitoring the interconnection state and the transmission channel of the sensitive data host virtual machine, and discovering whether the sensitive data is illegally transmitted in an external connection manner; monitoring the ports and the service information flow of the sensitive data host virtual machine is realized, and abnormal and illegal behaviors are found.
The above-mentioned embodiments are intended to illustrate the objects, technical solutions and advantages of the present invention in further detail, and it should be understood that the above-mentioned embodiments are merely exemplary embodiments of the present invention, and are not intended to limit the scope of the present invention, and any modifications, equivalent substitutions, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.
Claims (10)
1. The cloud resource pool data security detection method is characterized by comprising the following steps:
s1: acquiring formulated sensitive data;
s2: acquiring derived data drained from the cloud resource pool;
s3: scanning and identifying sensitive data in the derived data;
s4: establishing a life cycle of sensitive data, and performing hierarchical management on the sensitive data;
s5: capturing a sensitive data host virtual machine in a cloud resource environment, and carrying out flow supervision on the sensitive data host virtual machine;
s6: analyzing the sensitive data and the abnormal operation behavior of the sensitive data host virtual machine, sending an alarm,
in step S2, the virtual guiding machine is used to guide the traffic to be monitored out of the virtual network environment to the physical security device,
the step of acquiring the derived data in S2 includes:
s201: capturing target data in a cloud resource pool in real time;
s202: filtering the captured target data, and forwarding the data to a target position in the appointed virtual machine;
the S3 specifically includes the following steps:
s301: scanning S202 the derived data in the target location;
s302: identifying the sensitive data matched with the data in the S1 in the derived data, and storing in a storage mode;
s303: and identifying non-sensitive data which is not matched with the data in the S1 in the derived data, and carrying out destruction label identification on the non-sensitive data.
2. The cloud resource pool data security detection method of claim 1, wherein sensitive data in the exported data is identified by using a keyword, a regular expression, a file fingerprint or a file MD 5.
3. The cloud resource pool data security detection method according to claim 1 or 2, wherein the non-sensitive data marked with the destruction identifier in S303 is deleted by an erasing tool before the virtual machine is offline.
4. The cloud resource pool data security detection method according to claim 1 or 2, wherein the S4 adopts a clustering algorithm to perform hierarchical management on the sensitive data.
5. The cloud resource pool data security detection method according to claim 1 or 2, wherein the S5 specifically includes monitoring a transmission channel and a network connection state of the sensitive data host virtual machine, and acquiring abnormal transmission of the sensitive data, and specifically includes the following steps:
s501: recognizing and scanning data transmission between host ports of host virtual machines of sensitive data hosts to acquire abnormal transmission of the sensitive data;
s502: monitoring the port connection state of a virtual machine host stored with sensitive data to acquire abnormal port connection information;
s503: and monitoring the network connection state of the host of the sensitive data host virtual machine to acquire the abnormal network access request.
6. The cloud resource pool sensitive data security detection system is used for the cloud resource pool data security detection method according to any one of claims 1 to 5, and comprises a control module, an acquisition module, a processing module, a sensitive data supervision module, a security flow monitoring module and an auditing module;
wherein the control module: the system is used for defining sensitive data and issuing the sensitive data to each functional module;
the acquisition module: the acquisition module comprises a virtual flow guide machine and an SDN switch, wherein the virtual flow guide machine is used for guiding target data in the cloud resource pool to the SDN switch, and the SDN switch forwards the target data to a specified target position;
the sensitive data supervision module: the system comprises an acquisition module, an audit module, a data acquisition module, a data storage module and a data processing module, wherein the acquisition module is used for acquiring export data of a user, identifying sensitive data in the export data, realizing the hierarchical management of the sensitive data and feeding the sensitive data back to the audit module;
the safety flow monitoring module: the system comprises a data acquisition module, an audit module, a data transmission module and a data transmission module, wherein the data acquisition module is used for acquiring a sensitive data host virtual machine in a cloud resource pool, monitoring the flow of the sensitive data host virtual machine in real time and feeding back the flow to the audit module;
the auditing module: and the monitoring module is used for receiving the information fed back by each module, analyzing the sensitive data and the abnormal operation behavior of the sensitive data host virtual machine and sending an alarm.
7. The cloud resource pool sensitive data security detection system of claim 6, wherein the sensitive data policing module comprises a scanning component, an identifying component, an erasing component, a ranking component;
the scanning assembly is: for scanning data in the acquisition module;
the identification component: the data processing device is used for identifying sensitive data and non-sensitive data in the scanned data;
the erasing component: for erasing non-sensitive data;
the grading component: the system is used for performing hierarchical management on the identified different levels of sensitive data.
8. The cloud resource pool sensitive data security detection system of claim 7, wherein the ranking component employs a clustering algorithm to rank manage different sensitive data.
9. The cloud resource pool sensitive data security detection system of claim 6, wherein the security traffic monitoring module comprises a host port monitoring module, a transmission channel monitoring module, and a host interconnection relation module;
wherein the host port monitoring module: the system is used for monitoring the connection state of the host port of the virtual machine of the sensitive data host;
the transmission channel monitoring module: the system is used for monitoring the data transmission state between the ports of the sensitive data host virtual machine;
the host interconnection relation module: the method is used for monitoring the network connection state of the host of the sensitive data virtual machine.
10. The cloud resource pool sensitive data security detection system of claim 6, wherein the auditing module comprises a receiving module, an analyzing module;
wherein the receiving module: the feedback information is used for receiving the feedback information of each functional module;
the analysis module: and the method is used for analyzing abnormal behaviors in the feedback information and giving an alarm.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611102263.9A CN106789964B (en) | 2016-12-02 | 2016-12-02 | Cloud resource pool data security detection method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611102263.9A CN106789964B (en) | 2016-12-02 | 2016-12-02 | Cloud resource pool data security detection method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106789964A CN106789964A (en) | 2017-05-31 |
| CN106789964B true CN106789964B (en) | 2020-10-16 |
Family
ID=58883709
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201611102263.9A Expired - Fee Related CN106789964B (en) | 2016-12-02 | 2016-12-02 | Cloud resource pool data security detection method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106789964B (en) |
Families Citing this family (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109145630A (en) * | 2017-06-19 | 2019-01-04 | 中国移动通信集团湖北有限公司 | Sensitive data method for deleting, device, equipment and computer readable storage medium |
| CN107944283B (en) * | 2017-11-15 | 2021-01-01 | 中国农业银行股份有限公司 | Data sensitivity identification method and device |
| CN108133143B (en) * | 2017-12-12 | 2020-02-28 | 北京明朝万达科技股份有限公司 | Data leakage prevention method and system for cloud desktop application environment |
| CN108038373B (en) * | 2017-12-20 | 2020-04-10 | 北京明朝万达科技股份有限公司 | Data scanning method and system for cloud terminal |
| CN109962891B (en) * | 2017-12-25 | 2021-10-22 | 中国移动通信集团安徽有限公司 | Method, device and equipment for monitoring cloud security and computer storage medium |
| CN108763245A (en) * | 2018-03-28 | 2018-11-06 | 北京明朝万达科技股份有限公司 | A kind of document management method and system based on NTFS system file labels |
| CN110020553A (en) * | 2019-04-12 | 2019-07-16 | 山东浪潮云信息技术有限公司 | A kind of method and system for protecting sensitive data |
| US11182500B2 (en) * | 2019-05-23 | 2021-11-23 | International Business Machines Corporation | Sensitive data management |
| CN110365577B (en) * | 2019-07-24 | 2021-10-15 | 绿盟科技集团股份有限公司 | Drainage system of safety resource pool and safety inspection method |
| CN110958152A (en) * | 2019-10-13 | 2020-04-03 | 苏州浪潮智能科技有限公司 | Method, system and equipment for monitoring virtual machine service network |
| CN113360522B (en) * | 2020-03-05 | 2023-10-31 | 奇安信科技集团股份有限公司 | Method and device for rapidly identifying sensitive data |
| CN111708932A (en) * | 2020-06-08 | 2020-09-25 | 中联云港数据科技股份有限公司 | Cloud computing platform and scheduling and data analysis method and system thereof |
| CN112417477A (en) * | 2020-11-24 | 2021-02-26 | 恒安嘉新(北京)科技股份公司 | Data security monitoring method, device, equipment and storage medium |
| CN113704050A (en) * | 2021-07-19 | 2021-11-26 | 国网河南省电力公司信息通信公司 | Virtual resource pool safety detection and monitoring system with cloud safety protection capability |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB2483648A (en) * | 2010-09-14 | 2012-03-21 | Mastek Uk Ltd | Obfuscation of data elements in a message associated with a detected event of a defined type |
| US9148285B2 (en) * | 2013-01-21 | 2015-09-29 | International Business Machines Corporation | Controlling exposure of sensitive data and operation using process bound security tokens in cloud computing environment |
| CN103793646A (en) * | 2014-02-14 | 2014-05-14 | 浪潮通信信息系统有限公司 | Virtual machine safety monitoring method based on behavior recognition |
-
2016
- 2016-12-02 CN CN201611102263.9A patent/CN106789964B/en not_active Expired - Fee Related
Non-Patent Citations (1)
| Title |
|---|
| "云环境下的敏感数据保护技术研究-";刘明辉;《电信科学》;20141130;第1-6页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106789964A (en) | 2017-05-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106789964B (en) | Cloud resource pool data security detection method and system | |
| Cheng et al. | Enterprise data breach: causes, challenges, prevention, and future directions | |
| US10951496B2 (en) | System and method for cloud-based control-plane event monitor | |
| US10936717B1 (en) | Monitoring containers running on container host devices for detection of anomalies in current container behavior | |
| US11218510B2 (en) | Advanced cybersecurity threat mitigation using software supply chain analysis | |
| Daryabar et al. | A survey about impacts of cloud computing on digital forensics | |
| US9652597B2 (en) | Systems and methods for detecting information leakage by an organizational insider | |
| US10873601B1 (en) | Decoy network-based service for deceiving attackers | |
| US9697352B1 (en) | Incident response management system and method | |
| US9392013B1 (en) | Defending against a cyber attack via asset overlay mapping | |
| CN103765432A (en) | Visual component and drill down mapping | |
| János et al. | Security concerns towards security operations centers | |
| Alghamdi | Digital forensics in cyber security—recent trends, threats, and opportunities | |
| Rassam et al. | Big Data Analytics Adoption for Cybersecurity: A Review of Current Solutions, Requirements, Challenges and Trends. | |
| JP2023550974A (en) | Image-based malicious code detection method and device and artificial intelligence-based endpoint threat detection and response system using the same | |
| CN109388949B (en) | Data security centralized management and control method and system | |
| CN116561785A (en) | Information data processing method and device, electronic equipment and storage medium | |
| CN111316272A (en) | Advanced cyber-security threat mitigation using behavioral and deep analytics | |
| CN111639355A (en) | Data security management method and system | |
| US20220272111A1 (en) | Cloud-platform push for known data breaches | |
| Datta et al. | Real-time threat detection in ueba using unsupervised learning algorithms | |
| Thomas et al. | ETHICAL ISSUES OF USER BEHAVIORAL ANALYSIS THROUGH MACHINE LEARNING. | |
| CN117614734A (en) | Cloud primary container boundary authority identification method and device | |
| CN117076245A (en) | Trusted traceability system based on block chain implementation | |
| US11651313B1 (en) | Insider threat detection using access behavior analysis |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20201016 Termination date: 20211202 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |