CN107302520A - A kind of dynamic anti-leak of data and method for early warning and system - Google Patents
A kind of dynamic anti-leak of data and method for early warning and system Download PDFInfo
- Publication number
- CN107302520A CN107302520A CN201710340503.7A CN201710340503A CN107302520A CN 107302520 A CN107302520 A CN 107302520A CN 201710340503 A CN201710340503 A CN 201710340503A CN 107302520 A CN107302520 A CN 107302520A
- Authority
- CN
- China
- Prior art keywords
- user
- behavior
- user behavior
- data
- main body
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- General Health & Medical Sciences (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a kind of dynamic anti-leak of data and method for early warning and system, this method comprises the following steps:User authentication information is bound with user biological characteristic image;User behavior data is integrated, and user behavior recognition result, operating main body recognition result and subject behavior recognition result are integrated, user behavior characteristic is converted to;User behavior is calculated, using user behavior characteristic as input, based on machine learning techniques, using the personal behavior model as reference, is calculated and is obtained user behavior abnormal index;User behavior early warning, the user behavior abnormal index and the threshold value of warning of setting are compared, and if greater than threshold value of warning, warning information is produced to keeper.By the scheme of the invention, real-time auditing can be carried out to terminal user's behavior in the case of user's unaware, recognize potential suspicious user behavior and early warning in time, perfect the management and control means of whole anti-data-leakage system.
Description
Technical field
The present invention relates in data security arts, a kind of terminal user's behavior real-time auditing for anti-data-leakage system
With method for early warning.
Background technology
With developing by leaps and bounds for information science and Internet technology, safety problem grows in intensity, and Networks and information security is
Acquire unprecedented concern.Wherein, anti-data-leakage system is used as the terminal protection means of data safety, adaption demand change
Change, gradually develop to intelligent, real time implementation direction.In this regard, Wanda Science and Technology Co., Ltd. of Beijing Ming Dynasty proposes that one kind is directed to
Anti-data-leakage system terminal user, its operation behavior of real-time auditing, the method for timely early warning suspicious user operation.
At present, anti-data-leakage system is built with traditional logs audit form and functional unit.Terminal is grasped in user data
Corresponding data management and control daily record is produced during work, system server terminal is periodically uploaded to and carries out simple process and storage, and
Progress daily record is needed to show according to management in the later stage.Which be only capable of security incident occur after be used for audit afterwards, system without
Method finds the potential risky operation of terminal user in a short time, thus in time early warning and avoid occur data leak event.
Meanwhile, anti-data-leakage system is carried out eventually by conventional user authentication mode (such as password authentication, domain certification)
End subscriber management operation (such as logging in, nullify), once user normally logs in, it is considered to the problems such as simple operation, typically not
Re-authentication can be carried out.Other users may use currently logged on user to carry out some unauthorized operations.
Finally, caused by many small data leak events are all taking photograph of intelligent mobile phone function.Although the data volume of leakage
It is smaller, but consequence is often all very serious.Strict personal smart mobile phone control measures can avoid such most event
Occur, but larger inconvenience also is caused to anti-data-leakage system terminal user, still the classpath causes data in the presence of generation
The possibility of leakage.Traditional anti-data-leakage terminal can not prevent such user behavior substantially.
In summary, available data leak prevention system terminal three aspect Shortcomings, i.e. log audit time delay,
The simplicity of user authentication can not management and control with the shooting behavior of user outside.Pass through the terminal user management system of Erecting and improving
And strict implement, leaking data probability caused by said system not enough (both after particularly) can be substantially reduced, but also to normal
User's operation cause severe jamming, influence operating efficiency, restrict the raising of productivity.The daily record of available data leak prevention system
Audit is as shown in Figure 1 with user authentication structure.
Therefore, in the urgent need to one kind can carry out user behavior (including user's identification, Activity recognition) audit in real time, and at end
When end subscriber behavior occurs abnormal (such as login user changes operating main body) early warning in time scheme, avoiding to operation effect
In the case that rate is impacted, the security incident response ability of anti-data-leakage system is improved.
The present invention is analyzed in real time using large-scale consumer user behaviors log, the operating main body based on deep learning is recognized and main body
Activity recognition technology, real-time auditing is carried out in the case of user's unaware to terminal user's behavior, recognizes potential suspicious user
Behavior and early warning in time, perfect the management and control means of whole anti-data-leakage system.
The content of the invention
In order to solve the above technical problems, the invention provides a kind of dynamic anti-leak of data and method for early warning, this method bag
Include following steps:
Operating main body is bound, and user authentication information is bound with user biological characteristic image;
User action log analyzing and training, log collection is carried out to user behavior, is trained and obtained by machine learning techniques
The personal behavior model of the user, judges that user behavior is semantic based on personal behavior model analysis, obtains user behavior knowledge
Other result;
Operating main body is recognized, recognizes user biological characteristic image using machine learning techniques, and tie up with terminal logs in user
Fixed user biological characteristic image is contrasted, and is identified whether as login user;
Subject behavior is recognized, using machine learning techniques identification feature image, and is carried out with specified behavioural characteristic image
Whether contrast, identification operating main body has specific operation;
User behavior data is integrated, and user behavior recognition result, operating main body recognition result and subject behavior are recognized and tied
Fruit is integrated, and is converted to user behavior characteristic;
User behavior is calculated, using user behavior characteristic as input, based on machine learning techniques, with the user
Behavior model is reference, calculates and obtains user behavior abnormal index;
User behavior early warning, the user behavior abnormal index and the threshold value of warning of setting are compared, if greater than
Threshold value of warning, warning information is produced to keeper.
It is preferred that, the user biological feature includes but is not limited to:Face, iris.
It is preferred that, the data of the machine learning techniques training include:File operation behavior, network operation behavior, application
Procedure operation behavior.
It is preferred that, the subject behavior recognition result includes:User is shot eventually using mobile phone or other vision collecting equipment
Hold screen.
It is preferred that, the data related to User action log include:Timestamp, end message, login username, operand
According to metamessage, operating main body characteristic image, subject behavior characteristic image.
In order to solve the above technical problems, the invention provides a kind of dynamic anti-leak of data and early warning system, the system bag
Include:
User behavior recognition module, judges that user behavior is semantic based on the analysis of existing personal behavior model, produces user
User behaviors log characteristic results;
Operating main body identification module, is compared using the operating main body biological characteristic and the user biological feature of binding of collection
It is right, produce operating main body characteristic results;
Subject behavior identification module, is carried out using the subject behavior biological characteristic and the hazardous act feature set up of collection
Compare, produce subject behavior characteristic results;
User behavior exception computing module, the different of user behavior is carried out based on machine learning techniques using above three result
Ordinary index is calculated;
User behavior warning module, based on abnormal index result of calculation, according to prediction policy set in advance, decides whether
Carry out user behavior early warning.
It is preferred that, the system also includes:
User action log acquisition module, the correlation log data that receiving terminal is sent;
It is preferred that, the system also includes:
The correlation log data of reception are carried out data cleansing by User action log cleaning module, reject imperfect or not
Close the daily record data of rule;
It is preferred that, the system also includes:
User action log separation module, separates common daily record data, operating main body feature and subject behavior feature.
In order to solve the above technical problems, the invention provides a kind of anti-data-leakage user behavior real-time auditing and early warning system
System, the system includes:Multiple user terminals and server;
The terminal is realized:Log collection, the collection of user biological characteristic image are gathered with user behavior characteristic image, and will
The data of collection report server;
The server, performs following operate:
User action log analyzing and training, log collection is carried out to user behavior, is trained and obtained by machine learning techniques
The personal behavior model of the user, judges that user behavior is semantic based on personal behavior model analysis, obtains user behavior knowledge
Other result;
Operating main body is recognized, recognizes user biological characteristic image using machine learning techniques, and tie up with terminal logs in user
Fixed user biological characteristic image is contrasted, and is identified whether as login user;
Subject behavior recognize, using machine learning techniques recognize behavioural characteristic image, and with specified behavioural characteristic image
Contrasted, whether identification operating main body has specific operation;
User behavior data is integrated, and user behavior recognition result, operating main body recognition result and subject behavior are recognized and tied
Fruit is integrated, and is converted to user behavior characteristic;
User behavior is calculated, using user behavior characteristic as input, based on machine learning techniques, with the user
Behavior model is reference, calculates and obtains user behavior abnormal index;
User behavior early warning, the user behavior abnormal index and the threshold value of warning of setting are compared, if greater than
Threshold value of warning, warning information is produced to keeper.
In order to solve the above technical problems, being used for anti-data-leakage user behavior real-time auditing and pre- the invention provides one kind
The server of alert system, the server includes:Processor and computer-readable storage medium, the computer-readable storage medium are stored with calculating
Machine is instructed, when computer instruction described in the computing device, realizes following operate:
Data are received, daily record data, user biological characteristic image and user behavior characteristic image is received;
User action log analyzing and training, the personal behavior model for obtaining the user, base are trained by machine learning techniques
Judge that user behavior is semantic in personal behavior model analysis, obtain user behavior recognition result;
Operating main body is recognized, recognizes user biological characteristic image using machine learning techniques, and tie up with terminal logs in user
Fixed user biological characteristic image is contrasted, and is identified whether as login user;
Subject behavior recognize, using machine learning techniques recognize behavioural characteristic image, and with specified behavioural characteristic image
Contrasted, whether identification operating main body has specific operation;
User behavior data is integrated, and user behavior recognition result, operating main body recognition result and subject behavior are recognized and tied
Fruit is integrated, and is converted to user behavior characteristic;
User behavior is calculated, using user behavior characteristic as input, based on machine learning techniques, with the user
Behavior model is reference, calculates and obtains user behavior abnormal index;
User behavior early warning, the user behavior abnormal index and the threshold value of warning of setting are compared, if greater than
Threshold value of warning, warning information is produced to keeper.
Using technical scheme, anti-data-leakage system terminal only need to use camera carry out operating main body with
The vision collecting of behavior, in the case of terminal user's unaware, by server end carry out large-scale consumer user behaviors log analysis,
The operation such as operating main body identification and subject behavior identification, realizes real-time use4Family behavior auditing and early warning.Thing is revealed in suspicious data
After part occurs in very short time, timely respond to and alert related management personnel, the generation for substantially reducing leaking data event is several
Rate, is prevented effectively from the baneful influence thereby resulted in.Meanwhile, the program will not also be interfered to common user behavior operation,
Normal work is influenceed, efficiency is reduced.
Brief description of the drawings
Audits and authentication structures of the Fig. 1 for available data leak prevention system.
Fig. 2 constitutes structure for the terminal of the present invention.
Fig. 3 constitutes structure for the server end of the present invention.
Fig. 4 is log analysis flow of the invention.
Fig. 5 is the operating main body identification process of the present invention.
Fig. 6 is the subject behavior identification process of the present invention.
Fig. 7 is abnormal user behavior calculating and the early warning flow of the present invention.
Fig. 8 is to apply embodiments of the invention.
Embodiment
Below in conjunction with the accompanying drawings and specific embodiment the present invention is further illustrated, but protection scope of the present invention is simultaneously
Not limited to this.
<User behavior real-time auditing and method for early warning>
The invention provides a kind of anti-data-leakage system terminal user behavior real-time auditing and method for early warning, this method bag
Include following steps:
Operating main body is bound, and user authentication information is bound with user biological feature (face);
User action log analyzing and training, setting a period of time carries out log collection to user behavior, with reference to user authentication
Set up the behavior model of the user;
User behavior prediction policy is set up, according to specific management system with being actually needed, and foundation recognizes potential danger use
Early warning processing strategy during the behavior of family;
Load log analysis model, operating main body data and behavior prediction policy etc.;
When terminal user is operated, and collection associative operation behavior (include but is not limited to data management and control operation, can be with
Include other operation informations) upload onto the server end;Meanwhile, terminal visual input device (camera) is periodically (as needed
Interval time is can adjust with corresponding strategy) biological vision feature (face) and the biological motion characteristic of collection current operation main body
(for example whether using mobile phone photograph), upload onto the server end;
Server end carries out three generic operations, including:Log analysis, judges the user behavior with the presence or absence of abnormal;Operation master
Body is recognized, judges whether the biometric matches with currently logged on user;Subject behavior is recognized, if taken pictures or other danger
Dangerous behavior.It is final to obtain user behavior abnormal index;
According to the abnormal index, with reference to prediction policy, decide whether to carry out user behavior early warning.
Method in accordance with the invention it is preferred that methods described needs to include terminal and server end.
Method in accordance with the invention it is preferred that the operating main body biological characteristic is face.
Method in accordance with the invention it is preferred that the dangerous subject behavior include operating personnel using mobile phone or other regard
Feel collecting device photographed screen.
Method in accordance with the invention it is preferred that User action log data include timestamp, end message (including but not
Be limited to MAC Address of Network Card, IP address), login username, peration data metamessage (file, text, image etc.), operating main body
Biometric image, subject behavior characteristic image.
Present invention also offers a kind of dynamic leak prevention system of data, the system includes:
User action log acquisition module, the correlation log data that receiving terminal is sent;
User action log cleaning module, carries out data cleansing, rejecting is imperfect or does not conform to rule by the daily record data of reception
Daily record data;
User action log separation module, separates common daily record data, operating main body feature and subject behavior feature;
User behavior semanteme builds module, assembles continuous User action log, builds the user behavior of semantic class, completes
The data of fine granularity to coarseness are converted;
User behavior recognition module, judges that user behavior is semantic based on the analysis of existing personal behavior model, produces user
User behaviors log characteristic results;
Operating main body identification module, based on deep learning, operating main body biological characteristic and the user of binding using collection
Biological characteristic is compared, and produces operating main body characteristic results;
Subject behavior identification module, based on deep learning, uses the subject behavior biological characteristic and the danger set up of collection
Dangerous behavioural characteristic is compared, and produces subject behavior characteristic results;
User behavior exception computing module, the different of user behavior is carried out based on machine learning techniques using above three result
Ordinary index is calculated;
User behavior warning module, based on abnormal index result of calculation, according to prediction policy set in advance, decides whether
Carry out user behavior early warning.
Fig. 2 for the present invention terminal composition structure, the terminal in addition to common terminal basic hardware equipment, in addition to regarding
Input hardware (camera) is felt, for gathering user biological characteristic image and user behavior characteristic image.Software aspects are except original
Outside anti-data-leakage component, in addition to the log collection strengthened of application claims, daily record are reported, operating main body collection apparatus and master
Body behavioural characteristic acquisition function.
Fig. 3 constitutes structure for the server end of the present invention, in addition to legacy data anti-leak server component, in addition to this hair
The bright daily record reception for requiring to strengthen, processing function.In addition, also including operating main body identification, subject behavior identification, user behavior meter
The function such as calculation and user behavior early warning.
Fig. 4 is log analysis flow of the present invention, including following methods step:
Personal behavior model training based on daily record, it is (main to include deeply by machine learning based on daily user behavior
Degree study) technique drill obtains the personal behavior model of the user, and training data includes file operation behavior, network operation row
For, application program operation behavior etc.;
User action log is gathered, and the collection to user's operation behavior, collection information and instruction are realized using Hook technologies etc.
Practice information type consistent;
User action log is reported, and daily record, which uploads onto the server, to hold according to the timing of the cycle of setting carries out log audit;
User behavior semanteme is built, and the User action log collected is carried out into semantic class structure, i.e., by fine-grained behaviour
Make daily record group and merge into coarseness but closer to the user behavior of human intelligible in semantic level;
User behavior recognition, Behavior-based control angle handles semantic class user behavior, rejects unrelated behavioral data, it is ensured that most
The validity of whole data.
Fig. 5 is for operating main body identification process of the present invention, including following methods step:
Operating main body physical characteristics collecting, the user of using terminal visual input device taken at regular intervals current operation terminal is special
Levy image;
Operating main body feature is uploaded, and upload onto the server end after characteristic image is compressed;
Operating main body recognize, server end utilize machine learning (including depth learning technology) identification feature image, and with
The characteristic image of terminal logs in user binding is contrasted, and is identified whether as login user.
Fig. 6 is for operating main body Activity recognition flow of the present invention, including following methods step:
Subject behavior collection apparatus, the user behavior of using terminal visual input device taken at regular intervals current operation terminal;
Subject behavior feature is uploaded, and upload onto the server end after characteristic image is compressed;
Subject behavior recognizes that server end utilizes machine learning techniques (including depth learning technology) identification feature image,
And contrasted with specified behavioural characteristic image (such as hand-held intelligent mobile phone is directed at terminal), whether identification operating main body has
Specific operation.
Based on above steps, Fig. 7 is walked for abnormal user behavior calculating of the present invention and early warning flow, including following methods
Suddenly:
User behavior data is integrated, and user behavior recognition result, operating main body recognition result and subject behavior are recognized and tied
Fruit is integrated, and is converted to user behavior characteristic;
User behavior is calculated, using user behavior feature as input, based on machine learning techniques (including deep learning skill
Art), it is final to calculate the abnormal index for obtaining user behavior using personal behavior model as reference;
User behavior early warning, user behavior abnormal index is compared with the threshold value of warning set, once more than early warning threshold
Value, system produces warning information to keeper, and provides User action log, operating main body image and master that system thinks abnormal
Body behavior figure picture.
<Embodiment>
As shown in figure 8, certain smaller banks client has been upgraded based on the inventive method has disposed the anti-data-leakage system of operation
System, constructs user behavior real-time auditing and early warning mechanism.The mechanism is based on data terminal, is dynamically adopted by the camera of addition
Collect the facial image of operating personnel and the behavior figure picture of operating personnel, and two class images and Operation Log are periodically uploaded to number
Server end audit and warning module according to leak prevention system.The server end is related except the anti-data-leakage system disposed
Server, also added following server:
1 is used for terminal log collection and the virtual server of pretreatment;
1 is used for the virtual server that daily record semanteme builds and recognized;
1 is used for the physical server that operating main body is recognized with subject behavior;
1 is used for the virtual server of user behavior calculating and early warning.
The anti-data-leakage system user behavior real-time auditing and warning module are working properly, by measuring and calculating, in deployment 500
Under the scene of station terminal, operating personnel carry out unauthorized operation or carry out the behavior, system such as take pictures using smart mobile phone after changing
It can be noted abnormalities in 7 seconds and carry out early warning, while there is provided the evidence for performing abnormal behaviour.
Using technical scheme, anti-data-leakage system terminal is only needed to install and operated using camera
Main body and the vision collecting of behavior, in the case of operating personnel's unaware is glitch-free, using the computing capability of background server,
Collection in real time, analysis, audit terminal user's behavior.There is provided exception in very short time after suspicious data leakage event occurs
Behavior evidence timely responds to and alerts related management personnel, and the data that will leak out are enclosed in workplace, substantially reduced in time
The occurrence probability of leaking data event, is prevented effectively from the baneful influence thereby resulted in.Meanwhile, the program also will not be to common use
Family behavior operation is interfered, and influences normal work, reduces efficiency.
Above example only as the example of protection scheme of the present invention, is not limited embodiment of the invention
It is fixed.
Claims (11)
1. a kind of dynamic anti-leak of data and method for early warning, this method comprise the following steps:
Operating main body is bound, and user authentication information is bound with user biological characteristic image;
User action log analyzing and training, log collection is carried out to user behavior, and the use is obtained by machine learning techniques training
The personal behavior model at family, judges that user behavior is semantic based on personal behavior model analysis, obtains user behavior recognition knot
Really;
Operating main body is recognized, using machine learning techniques identification user biological characteristic image, and bound with terminal logs in user
User biological characteristic image is contrasted, and is identified whether as login user;
Subject behavior is recognized, is contrasted using machine learning techniques identification feature image, and with specified behavioural characteristic image,
Whether identification operating main body has specific operation;
User behavior data is integrated, and user behavior recognition result, operating main body recognition result and subject behavior recognition result are entered
Row is integrated, and is converted to user behavior characteristic;
User behavior is calculated, using user behavior characteristic as input, based on machine learning techniques, with the user behavior
Model is reference, calculates and obtains user behavior abnormal index;
User behavior early warning, the user behavior abnormal index and the threshold value of warning of setting is compared, if greater than early warning
Threshold value, warning information is produced to keeper.
2. according to the method described in claim 1, the user biological feature includes but is not limited to:Face, iris.
3. method according to claim 2, the data of the machine learning techniques training include:File operation behavior, net
Network operation behavior, application program operation behavior.
4. according to the method described in claim 1, the subject behavior recognition result includes:User uses mobile phone or other visions
Collecting device camera terminal screen.
5. according to the method described in claim 1, the daily record data related to user behavior includes:Timestamp, end message, step on
Employ name in an account book, peration data metamessage, operating main body characteristic image, subject behavior characteristic image.
6. a kind of dynamic anti-leak of data and early warning system, the system include:
User behavior recognition module, judges that user behavior is semantic based on the analysis of existing personal behavior model, produces user behavior
Log feature result;
Operating main body identification module, is compared using the operating main body biological characteristic and the user biological feature of binding of collection,
Produce operating main body characteristic results;
Subject behavior identification module, is compared using the subject behavior biological characteristic and the hazardous act feature set up of collection
It is right, produce subject behavior characteristic results;
User behavior exception computing module, the exception for carrying out user behavior using above three result based on machine learning techniques refers to
Number is calculated;
User behavior warning module, based on abnormal index result of calculation, according to prediction policy set in advance, decides whether to carry out
User behavior early warning.
7. system according to claim 6, the system also includes:
User action log acquisition module, the correlation log data that receiving terminal is sent.
8. system according to claim 7, the system also includes:
The correlation log data of reception are carried out data cleansing, rejecting is imperfect or does not conform to rule by User action log cleaning module
Daily record data.
9. system according to claim 8, the system also includes:
User action log separation module, separates common daily record data, operating main body feature and subject behavior feature.
10. a kind of anti-data-leakage user behavior real-time auditing and early warning system, the system include:Multiple user terminals and service
Device;
The terminal is realized:Log collection, the collection of user biological characteristic image are gathered with user behavior characteristic image, and will collection
Data report server;
The server, performs following operate:
User action log analyzing and training, log collection is carried out to user behavior, and the use is obtained by machine learning techniques training
The personal behavior model at family, judges that user behavior is semantic based on personal behavior model analysis, obtains user behavior recognition knot
Really;
Operating main body is recognized, using machine learning techniques identification user biological characteristic image, and bound with terminal logs in user
User biological characteristic image is contrasted, and is identified whether as login user;
Subject behavior is recognized, recognizes behavioural characteristic image using machine learning techniques, and carry out with specified behavioural characteristic image
Whether contrast, identification operating main body has specific operation;
User behavior data is integrated, and user behavior recognition result, operating main body recognition result and subject behavior recognition result are entered
Row is integrated, and is converted to user behavior characteristic;
User behavior is calculated, using user behavior characteristic as input, based on machine learning techniques, with the user behavior
Model is reference, calculates and obtains user behavior abnormal index;
User behavior early warning, the user behavior abnormal index and the threshold value of warning of setting is compared, if greater than early warning
Threshold value, warning information is produced to keeper.
11. a kind of for anti-data-leakage user behavior real-time auditing and the server of early warning system, the server includes:Processing
Device and computer-readable storage medium, the computer-readable storage medium are stored with computer instruction, when computer described in the computing device
During instruction, following operate is realized:
Data are received, daily record data, user biological characteristic image and user behavior characteristic image is received;
User action log analyzing and training, the personal behavior model for obtaining the user is trained by machine learning techniques, based on institute
State personal behavior model analysis and judge that user behavior is semantic, obtain user behavior recognition result;
Operating main body is recognized, using machine learning techniques identification user biological characteristic image, and bound with terminal logs in user
User biological characteristic image is contrasted, and is identified whether as login user;
Subject behavior is recognized, recognizes behavioural characteristic image using machine learning techniques, and carry out with specified behavioural characteristic image
Whether contrast, identification operating main body has specific operation;
User behavior data is integrated, and user behavior recognition result, operating main body recognition result and subject behavior recognition result are entered
Row is integrated, and is converted to user behavior characteristic;
User behavior is calculated, using user behavior characteristic as input, based on machine learning techniques, with the user behavior
Model is reference, calculates and obtains user behavior abnormal index;
User behavior early warning, the user behavior abnormal index and the threshold value of warning of setting is compared, if greater than early warning
Threshold value, warning information is produced to keeper.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710340503.7A CN107302520B (en) | 2017-05-15 | 2017-05-15 | A kind of data dynamic anti-leak and method for early warning and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710340503.7A CN107302520B (en) | 2017-05-15 | 2017-05-15 | A kind of data dynamic anti-leak and method for early warning and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107302520A true CN107302520A (en) | 2017-10-27 |
| CN107302520B CN107302520B (en) | 2019-01-22 |
Family
ID=60137982
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710340503.7A Active CN107302520B (en) | 2017-05-15 | 2017-05-15 | A kind of data dynamic anti-leak and method for early warning and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107302520B (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108011721A (en) * | 2017-12-06 | 2018-05-08 | 北京明朝万达科技股份有限公司 | A kind of data leak method for early warning and system based on restoring files |
| CN108494791A (en) * | 2018-04-08 | 2018-09-04 | 北京明朝万达科技股份有限公司 | A kind of DDOS attack detection method and device based on Netflow daily record datas |
| CN108650108A (en) * | 2018-03-23 | 2018-10-12 | 北京明朝万达科技股份有限公司 | A kind of user input data anti-leak method for early warning and system |
| CN108924133A (en) * | 2018-06-29 | 2018-11-30 | 北京明朝万达科技股份有限公司 | A kind of network data leakage prevention method and system |
| CN109829315A (en) * | 2017-11-23 | 2019-05-31 | 西门子(中国)有限公司 | The method, apparatus and computer readable storage medium of log processing |
| CN109918899A (en) * | 2019-01-23 | 2019-06-21 | 平安科技(深圳)有限公司 | Server, employee reveal the prediction technique and storage medium of company information |
| CN111581621A (en) * | 2020-05-07 | 2020-08-25 | 中芯集成电路(宁波)有限公司 | Data security processing method, device, system and storage medium |
| CN113486345A (en) * | 2021-07-16 | 2021-10-08 | 国电内蒙古东胜热电有限公司 | Supervision early warning method and system with risk identification function |
| CN113689291A (en) * | 2021-09-22 | 2021-11-23 | 杭银消费金融股份有限公司 | Anti-fraud identification method and system based on abnormal movement |
| CN116702229A (en) * | 2023-08-04 | 2023-09-05 | 四川蓉城蕾茗科技有限公司 | Safety house information safety control method and system |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112187813A (en) * | 2020-03-21 | 2021-01-05 | 薛爱君 | Data processing method and system based on online office environment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102184377A (en) * | 2011-04-26 | 2011-09-14 | 杭州五魁首信息技术有限公司 | Identity identification device and identity identification method based on radio frequency identification technology |
| CN103366106A (en) * | 2013-06-21 | 2013-10-23 | 国家电网公司 | Client-side safety monitoring method for remote data recovery system |
| CN106383768A (en) * | 2016-09-14 | 2017-02-08 | 江苏北弓智能科技有限公司 | Mobile device operation behavior-based supervision analysis system and method |
| CN106454277A (en) * | 2016-11-30 | 2017-02-22 | 杭州联络互动信息科技股份有限公司 | Image analysis method and device for video monitoring |
| CN106534212A (en) * | 2016-12-29 | 2017-03-22 | 杭州世平信息科技有限公司 | Adaptive safety protection method and system based on user behaviors and data states |
-
2017
- 2017-05-15 CN CN201710340503.7A patent/CN107302520B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102184377A (en) * | 2011-04-26 | 2011-09-14 | 杭州五魁首信息技术有限公司 | Identity identification device and identity identification method based on radio frequency identification technology |
| CN103366106A (en) * | 2013-06-21 | 2013-10-23 | 国家电网公司 | Client-side safety monitoring method for remote data recovery system |
| CN106383768A (en) * | 2016-09-14 | 2017-02-08 | 江苏北弓智能科技有限公司 | Mobile device operation behavior-based supervision analysis system and method |
| CN106454277A (en) * | 2016-11-30 | 2017-02-22 | 杭州联络互动信息科技股份有限公司 | Image analysis method and device for video monitoring |
| CN106534212A (en) * | 2016-12-29 | 2017-03-22 | 杭州世平信息科技有限公司 | Adaptive safety protection method and system based on user behaviors and data states |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109829315A (en) * | 2017-11-23 | 2019-05-31 | 西门子(中国)有限公司 | The method, apparatus and computer readable storage medium of log processing |
| CN108011721A (en) * | 2017-12-06 | 2018-05-08 | 北京明朝万达科技股份有限公司 | A kind of data leak method for early warning and system based on restoring files |
| CN108650108A (en) * | 2018-03-23 | 2018-10-12 | 北京明朝万达科技股份有限公司 | A kind of user input data anti-leak method for early warning and system |
| CN108494791A (en) * | 2018-04-08 | 2018-09-04 | 北京明朝万达科技股份有限公司 | A kind of DDOS attack detection method and device based on Netflow daily record datas |
| CN108924133A (en) * | 2018-06-29 | 2018-11-30 | 北京明朝万达科技股份有限公司 | A kind of network data leakage prevention method and system |
| CN109918899A (en) * | 2019-01-23 | 2019-06-21 | 平安科技(深圳)有限公司 | Server, employee reveal the prediction technique and storage medium of company information |
| CN111581621A (en) * | 2020-05-07 | 2020-08-25 | 中芯集成电路(宁波)有限公司 | Data security processing method, device, system and storage medium |
| CN113486345A (en) * | 2021-07-16 | 2021-10-08 | 国电内蒙古东胜热电有限公司 | Supervision early warning method and system with risk identification function |
| CN113689291A (en) * | 2021-09-22 | 2021-11-23 | 杭银消费金融股份有限公司 | Anti-fraud identification method and system based on abnormal movement |
| CN113689291B (en) * | 2021-09-22 | 2022-11-01 | 杭银消费金融股份有限公司 | Anti-fraud identification method and system based on abnormal movement |
| CN116702229A (en) * | 2023-08-04 | 2023-09-05 | 四川蓉城蕾茗科技有限公司 | Safety house information safety control method and system |
| CN116702229B (en) * | 2023-08-04 | 2023-11-21 | 四川蓉城蕾茗科技有限公司 | Safety house information safety control method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107302520B (en) | 2019-01-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107302520B (en) | A kind of data dynamic anti-leak and method for early warning and system | |
| KR101534192B1 (en) | System for providing cybersecurity realtime training against attacks and method thereof | |
| CN106909847A (en) | A kind of method of Malicious Code Detection, apparatus and system | |
| CN110276250B (en) | Face living body detection method and device | |
| Ahmed et al. | Detecting Computer Intrusions Using Behavioral Biometrics. | |
| CN100362805C (en) | Multifunctional management system for detecting erotic images and unhealthy information in network | |
| CN110247819B (en) | Wi-Fi video acquisition equipment detection method and system based on encrypted stream identification | |
| CN103840983A (en) | WEB tunnel detection method based on protocol behavior analysis | |
| CN109600336A (en) | Store equipment, identifying code application method and device | |
| Sun et al. | A Survey of Digital Evidences Forensic and Cybercrime Investigation Procedure. | |
| CN103136476A (en) | Mobile intelligent terminal malicious software analysis system | |
| CN106953738A (en) | Risk control method and device | |
| CN107437012A (en) | The guard method of data and device | |
| CN106843480A (en) | Access method and wear-type virtual reality device based on brain wave | |
| CN112153336B (en) | Monitoring method and related equipment | |
| CN106941506A (en) | Data processing method and device based on biological characteristic | |
| CN109559211A (en) | A kind of audit prewarning analysis system based on big data | |
| CN111581621A (en) | Data security processing method, device, system and storage medium | |
| CN108924133A (en) | A kind of network data leakage prevention method and system | |
| CN112036238A (en) | Face data processing method and device, electronic equipment and storage medium | |
| JP2004312083A (en) | Learning data generating apparatus, intrusion detection system, and its program | |
| CN115906028A (en) | User identity verification method and device and self-service terminal | |
| CN109788365A (en) | A kind of filter method and system of page barrage | |
| CN112153337B (en) | Monitoring method and related equipment | |
| CN105025092B (en) | Method for providing video or image as cloud certificate storage by mobile communication device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |