CN107392028A - The detection method and its detection means of sensitive information, storage medium, electronic equipment - Google Patents
The detection method and its detection means of sensitive information, storage medium, electronic equipment Download PDFInfo
- Publication number
- CN107392028A CN107392028A CN201710600182.XA CN201710600182A CN107392028A CN 107392028 A CN107392028 A CN 107392028A CN 201710600182 A CN201710600182 A CN 201710600182A CN 107392028 A CN107392028 A CN 107392028A
- Authority
- CN
- China
- Prior art keywords
- sensitive information
- uniform resource
- web site
- resource locator
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Physics & Mathematics (AREA)
- Bioethics (AREA)
- Databases & Information Systems (AREA)
- Medical Informatics (AREA)
- Computing Systems (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The present invention discloses a kind of detection method and its detection means, storage medium, electronic equipment of sensitive information.The detection method of the sensitive information comprises the following steps:Obtain the access log of enterprise web site;The uniform resource locator link corresponding to all http requests that user can be accessed as the enterprise web site is extracted from the access log of enterprise web site;The http request of simulation is sent to the uniform resource locator link extracted, and obtains the feedback information responded for the http request of the simulation;Sensitive information canonical matching is carried out to the feedback information, judges whether include the sensitive information in the feedback information;If including the sensitive information in the feedback information, corresponding uniform resource locator chained record is put on record, and is repaired.The detection method and its device of the sensitive information can prevent sensitive information from further illegally being spread, utilized with the safety of effective guarantee individual subscriber sensitive information, the safety coefficient at lifting user's access enterprise networks station.
Description
Technical field
The present invention relates to field of information security technology, more particularly to a kind of access log analysis based on to enterprise web site
The detection method and its detection means of sensitive information, storage medium, electronic equipment.
Background technology
With the continuous development of internet industry, the personal sensitive information protection of user is faced with increasingly serious challenge.
All there is the problems such as user's sequence information leakage in many B2C Internet firms, such as travel network, shopping website, these users order
The sensitive informations such as a large number of users phone number, contact address, E-mail address are contained in single information, result in the personal quick of user
Feel the severe leakage of information, and then trigger the prevailing of black industry.
Most of user sensitive information leakage, is due to that Website development has security breaches mostly, causes malicious persons can
Using network station leakage, directly or indirectly to obtain user sensitive information.However, individual subscriber sensitive information is ensured, not only
Web developers are needed to strictly observe code security development process, it is also desirable to aid in testing mechanism, leakage detection is filled a vacancy, and is accessed user
Web site url carry out individual subscriber sensitive information detection, judge whether information leakage.At present, lack for webpage in itself
Sensitive information detection correlation technique.
The content of the invention
For in the prior art the defects of, it is an object of the invention to provide a kind of access log point based on to enterprise web site
The detection method and its detection means of the sensitive information of analysis, storage medium, electronic equipment.The detection method of the sensitive information and its
Detection means can effectively ensure the safety of individual subscriber sensitive information, prevent that these sensitive informations from further illegally being expanded
Dissipate, utilize, further lift the safety coefficient at user's access enterprise networks station.
A kind of detection method of sensitive information, the detection method of the sensitive information are provided according to an aspect of the present invention
Comprise the following steps:S10:Obtain the access log of enterprise web site;S20:Extracting user from the access log of enterprise web site can
Uniform resource locator link corresponding to all http requests accessed as the enterprise web site;S30:To the unified money extracted
Source locator link sends the http request of simulation, and obtains the feedback information responded for the http request of the simulation;
S40:Sensitive information canonical matching is carried out to the feedback information, whether judged in the feedback information comprising the sensitive letter
Breath;S50:If including the sensitive information in the feedback information, corresponding uniform resource locator chained record is put on record,
And repaired.
Preferably, in the step S10 it is the access log that obtains the enterprise web site in real time.
Preferably, after the step S20, before the step S30, also comprise the following steps:S80:By to system
The link of one resource localizer carries out keyword canonical matching, filters out the unified resource with the keyword in http request and determines
Position device link.
Preferably, the keyword includes at least one in order, order number, Orderid or comment.
Preferably, after step slo, before the step S20, also comprise the following steps:S60:To the enterprise network
The access log stood is analyzed in real time.
Preferably, after step S20, before the step S30, also comprise the following steps:S70:The use that will be extracted
Family can be as the uniform resource locator link storage corresponding to the http request that the enterprise web site accesses to database.
Preferably, the sensitive information includes at least one in identification card number, phone number, contact address or E-mail address
It is individual.
According to another aspect of the present invention, a kind of detection means of sensitive information, the inspection of the sensitive information are also provided
Surveying device includes:Access log acquisition module, for obtaining the access log of enterprise web site;Extraction module is linked, for from enterprise
The unified resource corresponding to all http requests that user can be accessed as the enterprise web site is extracted in the access log of industry website to determine
Position device link;Http request module is simulated, for sending the http request of simulation to the uniform resource locator link extracted,
And obtain the feedback information responded for the http request of the simulation;Sensitive information matching module, for the feedback letter
Breath carries out sensitive information canonical matching, judges whether include the sensitive information in the feedback information;Repair module, for working as
When the sensitive information is included in the feedback information, corresponding uniform resource locator chained record is put on record, and is repaiied
It is multiple.
Preferably, the detection means of the sensitive information also includes screening module, for being linked to uniform resource locator
Keyword canonical matching is carried out, the uniform resource locator with the keyword in http request is filtered out and links.
Preferably, the detection means of the sensitive information also includes analysis module, for the access to the enterprise web site
Daily record is analyzed in real time.
Preferably, the detection means of the sensitive information also includes storage module, for can be by this by the user extracted
Uniform resource locator link corresponding to the http request that enterprise web site accesses is deposited to database.
According to a further aspect of the invention, a kind of computer-readable recording medium is also provided, is stored thereon with computer
Program, the program realizes the detection method of above-mentioned sensitive information when being executed by processor the step of.
According to a further aspect of the invention, a kind of electronic equipment is also provided, including:Processor;And memory, it is used for
Store the executable instruction of the processor;Wherein, the processor is configured to perform via the executable instruction is performed
The step of detection method of above-mentioned sensitive information.
Compared to prior art, the detection method and detection means of sensitive information provided in an embodiment of the present invention and deposit
Access log based on the enterprise web site got in storage media, the system corresponding to all http requests of extraction user-accessible
One resource localizer links, and sends the http request of simulation to the uniform resource locator link extracted, obtains response
Feedback information, by the feedback information carry out sensitive information canonical matching, come detect uniform resource locator link return
Whether sensitive information is included in the feedback information returned, so as to carry out follow-up processing work.The detection side of the sensitive information
Method effectively ensures the safety of the personal sensitive information of user, prevents these sensitive informations by illegal diffusion, utilizes, further carries
Rise the safety coefficient at user's access enterprise networks station.
Brief description of the drawings
The detailed description made by reading with reference to the following drawings to non-limiting example, further feature of the invention,
Objects and advantages will become more apparent upon:
Fig. 1 is a kind of flow chart of the detection method of sensitive information of one embodiment of the present of invention;
Fig. 2 is a kind of flow chart of the detection method of sensitive information of an alternative embodiment of the invention;
Fig. 3 discloses a kind of computer-readable recording medium schematic diagram in exemplary embodiment for the present invention;And
Fig. 4 discloses a kind of electronic equipment schematic diagram in exemplary embodiment for the present invention.
Embodiment
Example embodiment is described more fully with referring now to accompanying drawing.However, example embodiment can be with a variety of shapes
Formula is implemented, and is not understood as limited to embodiment set forth herein;On the contrary, these embodiments are provided so that the present invention will
Fully and completely, and by the design of example embodiment comprehensively it is communicated to those skilled in the art.Identical is attached in figure
Icon note represents same or similar structure, thus will omit repetition thereof.
Described feature, structure or characteristic can be incorporated in one or more embodiments in any suitable manner
In.In the following description, there is provided many details fully understand so as to provide to embodiments of the present invention.However,
One of ordinary skill in the art would recognize that without one or more in specific detail, or using other methods, constituent element, material
Material etc., can also put into practice technical scheme.In some cases, be not shown in detail or describe known features, material or
Person's operation is fuzzy of the invention to avoid.
In addition, accompanying drawing is only the schematic illustrations of the disclosure, it is not necessarily drawn to scale.Identical accompanying drawing mark in figure
Note represents same or similar part, thus will omit repetition thereof.Some block diagrams shown in accompanying drawing are work(
Can entity, not necessarily must be corresponding with physically or logically independent entity.These work(can be realized using software form
Energy entity, or these functional entitys are realized in one or more hardware modules or integrated circuit, or at heterogeneous networks and/or place
These functional entitys are realized in reason device device and/or microcontroller device.
According to the purport design of the present invention, a kind of detection method of sensitive information of the invention comprises the following steps:Obtain
The access log of enterprise web site;All http that user can be accessed by the enterprise web site are extracted from the access log of enterprise web site
The corresponding uniform resource locator link of request;The http that simulation is sent to the uniform resource locator link extracted please
Ask, and obtain the feedback information responded for the http request of the simulation;Sensitive information canonical is carried out to the feedback information
Matching, judges whether include the sensitive information in the feedback information;If including the sensitive information in the feedback information,
Then corresponding uniform resource locator chained record is put on record, and repaired.
The technology contents of the present invention are described further with reference to the accompanying drawings and examples.
Fig. 1 is referred to, it illustrates a kind of flow chart of the detection method of sensitive information of one embodiment of the present of invention.
Specifically, the detection method of sensitive information of the invention is mainly used in preventing user's sensitive letter during using enterprise web site
The leakage of breath.As shown in figure 1, in an embodiment of the present invention, the detection method of the sensitive information comprises the following steps:
Step S10:Obtain the access log of enterprise web site.Specifically, in this step, it is optionally to obtain in real time and is somebody's turn to do
The access log of enterprise web site., can be useful to institute in the enterprise web site by obtaining the access log of the enterprise web site in real time
The request that family accesses analyze and monitor in real time, and then, http request (web site url) progress to user-accessible is comprehensive
Covering, make the detection method detection coverage rate of the sensitive information more extensive.
Step S20:All http that user is extracted from the access log of enterprise web site to be accessed by the enterprise web site are asked
Corresponding uniform resource locator is asked to link.Specifically, in the embodiment shown in fig. 1, on above-mentioned steps S10 basis
On, in uniform resource locator (URL) link corresponding to all http requests that extraction user can be accessed as the enterprise web site
The step of (i.e. step S20) before, in addition to step S60:The access log of the enterprise web site is analyzed in real time.And then
Asked by carrying out analysis in real time to the access log of enterprise web site to extract all http that user can be accessed by the enterprise web site
Corresponding uniform resource locator (URL) is asked to link.For example, the real-time analysis of above-mentioned access log can mainly include
Following steps:The daily record of enterprise web site server is collected using Logstash, and daily record is stored in ElasticSearch clusters
In, finally carry out collecting and analyzing for daily record using Kibana.Accessed enterprise daily record is parsed into the finger that user can intuitively access
Data format is determined, to carry out the extraction of http request link.
Further, in the embodiment shown in fig. 1, all http that can be accessed in extraction user by the enterprise web site please
After the step of asking corresponding uniform resource locator (URL) to link (i.e. step S20), in addition to step S70:It will extract
User can be as uniform resource locator (URL) the link storage corresponding to the http request that the enterprise web site accesses to data
Storehouse.
Step S30:The http request of simulation is sent to the uniform resource locator link extracted, and obtains and is directed to the mould
The feedback information that the http request of plan is responded.Specifically, in this step, that is, it is the detection side by realizing the sensitive information
All uniform resource locators (URL) link that the detection means of the sensitive information of method actively extracts into above-mentioned steps S20
The http request of simulation is sent, in other words, all URL links that as analog subscriber extracts into above-mentioned steps S20 are sent
Http request.After sending the http request of simulation, URL link can return to a feedback information, obtain the feedback that URL link is returned
Information, detected for follow-up sensitive information.
Step S40:Sensitive information canonical matching is carried out to the feedback information, judges whether included in the feedback information
The sensitive information.Specifically, examined for the above-mentioned steps S30 feedback informations returned by all URL links obtained
Survey, by carrying out sensitive information canonical matching to each feedback information, to judge whether include sensitive information in the feedback information.
Wherein, canonical matching is to be matched using regular expression.Sensitive information can carry out flexible configuration, for example, in the present invention
Alternative embodiment in, sensitive information can include in the information such as identification card number, phone number, contact address or E-mail address
It is at least one.If after canonical matches, identification card number, cell-phone number are included in the feedback information as a result returned for some URL link
The information such as code, contact address or E-mail address then, then judge to include sensitive information (i.e. its corresponding URL chain in the feedback information
Connect the risk that the sensitive information of user may be made leakage to be present).
Step S50:If including the sensitive information in the feedback information, corresponding uniform resource locator is linked
Record is put on record, and is repaired.Specifically, if the judged result in above-mentioned steps S40 is affirmative, this is included into sensitivity
Uniform resource locator (URL) link corresponding to the feedback information of information carries out record and put on record, and is repaired.Wherein,
Repairing can contact the corresponding Website development personnel of the uniform resource locator (URL) link to carry out rectification reparation.Or
In further embodiments, it is if whole not yet after contacting the corresponding Website development personnel of the uniform resource locator (URL) link
Rebuild multiple, user can also be forbidden to send from enterprise web site and link corresponding http with the uniform resource locator (URL)
Request (as deleted the peer link in enterprise web site), user is avoided with this.Sent to the uniform resource locator (URL) link
Http request.
It is based on obtaining from above-mentioned embodiment illustrated in fig. 1, in the detection method of sensitive information provided in an embodiment of the present invention
Uniform resource locator chain corresponding to the access log for the enterprise web site got, all http requests of extraction user-accessible
Connect, and send the http request of simulation to the uniform resource locator link extracted, obtain the feedback information of response, pass through
Sensitive information canonical matching is carried out to the feedback information, is to detect in the feedback information of uniform resource locator link return
It is no to include sensitive information, so as to carry out follow-up processing work.The detection method of the sensitive information effectively ensures user
Personal sensitive information safety, prevent these sensitive informations by illegal diffusion, utilize, further lift user's access enterprise networks
The safety coefficient stood.
Further, the present invention also provides a kind of detection means of sensitive information, for realizing the sensitivity shown in above-mentioned Fig. 1
The detection method of information.Specifically, the detection means of the sensitive information mainly includes:Access log acquisition module, link
Extraction module, simulation http request module, sensitive information matching module and repair module.
Specifically, access log acquisition module (is performed in above-mentioned Fig. 1 for obtaining the access log of enterprise web site
Step S10).
Link extraction module can be connected with access log acquisition module, for being carried from the access log of enterprise web site
Take the link of the uniform resource locator corresponding to all http requests that family can be accessed as the enterprise web site and (perform above-mentioned figure
Step S20 in 1).
Further, in the embodiment of the present invention, the detection means of the sensitive information also includes analysis module.Point
Analysis module can be respectively with access log acquisition module and linking extraction module and being connected, for entering to the access log of enterprise web site
Row analysis (performing the step S60 in above-mentioned Fig. 1) in real time.Wherein, link extraction module passes through analysis module and access log
Acquisition module is connected.
Simulation http request module can be connected with linking extraction module, for the uniform resource locator extracted
Link sends the http request of simulation, and obtains the feedback information responded for the http request of the simulation and (perform above-mentioned
Step S30 in Fig. 1).
Sensitive information matching module can be connected with simulation http request module, for carrying out sensitive letter to feedback information
Canonical matching is ceased, judges whether include the sensitive information (performing the step S40 in above-mentioned Fig. 1) in the feedback information.
Repair module can be connected with sensitive information matching module, for when including sensitive information in feedback information,
Then corresponding uniform resource locator chained record is put on record, and is repaired and (performs the step S50 in above-mentioned Fig. 1).
Further, in an embodiment of the present invention, the detection means of the sensitive information also includes storage module.Storage
Module can be connected with linking extraction module, for can be by http request institute that the enterprise web site accesses by the user extracted
Corresponding uniform resource locator link is deposited to database (performing the step S70 in above-mentioned Fig. 1).
Further, Fig. 2 is referred to, it illustrates the detection method stream of the sensitive information of an alternative embodiment of the invention
Cheng Tu, can be by http request institute that the enterprise web site accesses in the extraction user unlike above-mentioned embodiment illustrated in fig. 1
After the step of corresponding uniform resource locator link (i.e. step S20), in addition to step S80:By determining unified resource
Position device link carries out keyword canonical matching, filters out the uniform resource locator chain that the keyword is carried in http request
Connect.
Specifically, in this step, the unified resource corresponding to all http requests as extracted in step S20
In locator link, (as entered by linking progress keyword canonical matching to uniform resource locator using regular expression
Row matching), filter out the uniform resource locator with above-mentioned keyword in http request and link, i.e., more precisely filter out
The uniform resource locator for needing to detect, which links, (reveals the larger uniform resource locator of the possibility of the sensitive information of user
Link).Wherein, keyword can carry out flexible configuration, alternatively, the keyword include order, order number, Orderid or
At least one in comment, the uniform resource locator link thus filtered out can be the link of user's order, user comment chain
Connect, and then, carry out follow-up detection for these uniform resource locator links filtered out.Therefore, in this embodiment,
Correspondingly, in subsequent step S30, i.e., for screening after uniform resource locator link send simulation http request,
Obtain the feedback information for response.
Therefore step S80 can pass through key to all uniform resource locator links extracted in step S20
Word carries out further Accurate Analysis, makes follow-up detecting step more targeted, without to all unified resources extracted
Locator link is detected, and corresponding detecting step and detection time are saved with this.
Further, in order to realize the step S80 in above-mentioned Fig. 2, in an embodiment of the present invention, the sensitive information
Detection means also includes screening module.Screening module can be connected with linking extraction module and simulation http request module respectively
Connect, carry out keyword canonical matching for being linked to uniform resource locator, filter out and the keyword is carried in http request
Uniform resource locator link.Wherein, the uniform resource locator link of extraction module extraction is linked by screening module
Simulation http request module is transferred to after screening.
The embodiment can realize the effect similar with above-mentioned embodiment illustrated in fig. 1, and thus uniform resource locator
Link have passed through screening, therefore, make follow-up detecting step more targeted, without being positioned to all unified resources extracted
Device link is detected, and the detecting step and detection time that can more save, will not be described here.
In an exemplary embodiment of the disclosure, a kind of computer-readable recording medium is additionally provided, is stored thereon with meter
Calculation machine program, the inspection of sensitive information described in any one above-mentioned embodiment can be realized when the program is by such as computing device
The step of survey method.In some possible embodiments, various aspects of the invention are also implemented as a kind of program product
Form, it includes program code, and when described program product is run on the terminal device, described program code is used to making described
Terminal device perform described in the detection method part of the sensitive information shown in this specification above-mentioned Fig. 1 or Fig. 2 according to this hair
The step of bright various illustrative embodiments.
With reference to shown in figure 3, the program product for being used to realize the above method according to the embodiment of the present invention is described
300, it can use portable compact disc read only memory (CD-ROM) and including program code, and can in terminal device,
Such as run on PC.However, the program product not limited to this of the present invention, in this document, readable storage medium storing program for executing can be with
Be it is any include or the tangible medium of storage program, the program can be commanded execution system, device either device use or
It is in connection.
Described program product can use any combination of one or more computer-readable recording mediums.Computer-readable recording medium can be readable letter
Number medium or readable storage medium storing program for executing.Readable storage medium storing program for executing for example can be but be not limited to electricity, magnetic, optical, electromagnetic, infrared ray or
System, device or the device of semiconductor, or any combination above.The more specifically example of readable storage medium storing program for executing is (non exhaustive
List) include:It is electrical connection, portable disc, hard disk, random access memory (RAM) with one or more wires, read-only
Memory (ROM), erasable programmable read only memory (EPROM or flash memory), optical fiber, portable compact disc read only memory
(CD-ROM), light storage device, magnetic memory device or above-mentioned any appropriate combination.
The computer-readable recording medium can include believing in a base band or as the data that a carrier wave part is propagated
Number, wherein carrying readable program code.The data-signal of this propagation can take various forms, including but not limited to electromagnetism
Signal, optical signal or above-mentioned any appropriate combination.Readable storage medium storing program for executing can also be any beyond readable storage medium storing program for executing
Computer-readable recording medium, the computer-readable recording medium can send, propagate either transmit for being used by instruction execution system, device or device or
Person's program in connection.The program code included on readable storage medium storing program for executing can be transmitted with any appropriate medium, bag
Include but be not limited to wireless, wired, optical cable, RF etc., or above-mentioned any appropriate combination.
Can being combined to write the program operated for performing the present invention with one or more programming languages
Code, described program design language include object oriented program language-Java, C++ etc., include routine
Procedural programming language-such as " C " language or similar programming language.Program code can be fully in user
Perform on computing device, partly perform on a user device, the software kit independent as one performs, is partly calculated in user
Its upper side point is performed or performed completely in remote computing device or server on a remote computing.It is remote being related to
In the situation of journey computing device, remote computing device can pass through the network of any kind, including LAN (LAN) or wide area network
(WAN) user calculating equipment, is connected to, or, it may be connected to external computing device (such as utilize ISP
To pass through Internet connection).
In an exemplary embodiment of the disclosure, a kind of electronic equipment is also provided, the electronic equipment can include processor,
And the memory of the executable instruction for storing the processor.Wherein, the processor is configured to via described in execution
The step of executable instruction is to perform the detection method of sensitive information described in any one above-mentioned embodiment.
Person of ordinary skill in the field it is understood that various aspects of the invention can be implemented as system, method or
Program product.Therefore, various aspects of the invention can be implemented as following form, i.e.,:It is complete hardware embodiment, complete
The embodiment combined in terms of full Software Implementation (including firmware, microcode etc.), or hardware and software, can unite here
Referred to as " circuit ", " module " or " system ".
The electronic equipment 600 according to the embodiment of the invention is described referring to Fig. 4.The electronics that Fig. 4 is shown
Equipment 600 is only an example, should not bring any restrictions to the function and use range of the embodiment of the present invention.
As shown in figure 4, electronic equipment 600 is showed in the form of universal computing device.The component of electronic equipment 600 can wrap
Include but be not limited to:At least one processing unit 610, at least one memory cell 620, (including the storage of connection different system component
Unit 620 and processing unit 610) bus 630, display unit 640 etc..
Wherein, the memory cell is had program stored therein code, and described program code can be held by the processing unit 610
OK so that the processing unit 610 perform described in the detection method part of the above-mentioned sensitive information of this specification according to this hair
The step of bright various illustrative embodiments.For example, the processing unit 610 can perform step as illustrated in fig. 1 or fig. 2
Suddenly.
The memory cell 620 can include the computer-readable recording medium of volatile memory cell form, such as random access memory
Unit (RAM) 6201 and/or cache memory unit 6202, it can further include read-only memory unit (ROM) 6203.
The memory cell 620 can also include program/practical work with one group of (at least one) program module 6205
Tool 6204, such program module 6205 includes but is not limited to:Operating system, one or more application program, other programs
Module and routine data, the realization of network environment may be included in each or certain combination in these examples.
Bus 630 can be to represent the one or more in a few class bus structures, including memory cell bus or storage
Cell controller, peripheral bus, graphics acceleration port, processing unit use any bus structures in a variety of bus structures
Local bus.
Electronic equipment 600 can also be with one or more external equipments 700 (such as keyboard, sensing equipment, bluetooth equipment
Deng) communication, the equipment communication interacted with the electronic equipment 600 can be also enabled a user to one or more, and/or with causing
Any equipment that the electronic equipment 600 can be communicated with one or more of the other computing device (such as router, modulation /demodulation
Device etc.) communication.This communication can be carried out by input/output (I/O) interface 650.Also, electronic equipment 600 can be with
By network adapter 660 and one or more network (such as LAN (LAN), wide area network (WAN) and/or public network,
Such as internet) communication.Network adapter 660 can be communicated by bus 630 with other modules of electronic equipment 600.Should
Understand, although not shown in the drawings, can combine electronic equipment 600 uses other hardware and/or software module, including it is but unlimited
In:Microcode, device driver, redundant processing unit, external disk drive array, RAID system, tape drive and number
According to backup storage system etc..
Through the above description of the embodiments, those skilled in the art is it can be readily appreciated that example described herein is implemented
Mode can be realized by software, can also be realized by way of software combines necessary hardware.Therefore, according to the disclosure
The technical scheme of embodiment can be embodied in the form of software product, the software product can be stored in one it is non-volatile
Property storage medium (can be CD-ROM, USB flash disk, mobile hard disk etc.) in or network on, including some instructions are to cause a calculating
Equipment (can be personal computer, server or network equipment etc.) performs the above-mentioned sensitivity according to disclosure embodiment
The detection method of information.
In summary, the detection method of sensitive information provided in an embodiment of the present invention and detection means, storage medium, electricity
Access log based on the enterprise web site got in sub- equipment, the system corresponding to all http requests of extraction user-accessible
One resource localizer links, and sends the http request of simulation to the uniform resource locator link extracted, obtains response
Feedback information, by the feedback information carry out sensitive information canonical matching, come detect uniform resource locator link return
Whether sensitive information is included in the feedback information returned, so as to carry out follow-up processing work.The detection side of the sensitive information
Method effectively ensures the safety of the personal sensitive information of user, prevents these sensitive informations by illegal diffusion, utilizes, further carries
Rise the safety coefficient at user's access enterprise networks station.
Although the present invention is disclosed as above with alternative embodiment, but it is not limited to the present invention.Belonging to the present invention
Those skilled in the art, without departing from the spirit and scope of the present invention, when various change and modification can be made.Therefore,
Protection scope of the present invention is worked as to be defined depending on the scope that claims are defined.
Claims (13)
1. a kind of detection method of sensitive information, it is characterised in that the detection method of the sensitive information comprises the following steps:
S10:Obtain the access log of enterprise web site;
S20:Extracted from the access log of enterprise web site corresponding to all http requests that user can be accessed as the enterprise web site
Uniform resource locator link;
S30:The http request of simulation is sent to the uniform resource locator link extracted, and obtains the http for the simulation
The responded feedback information of request;
S40:Sensitive information canonical matching is carried out to the feedback information, judges whether include the sensitivity in the feedback information
Information;
S50:It is if including the sensitive information in the feedback information, corresponding uniform resource locator chained record is standby
Case, and repaired.
2. the detection method of sensitive information as claimed in claim 1, it is characterised in that in the step S10 be to obtain in real time
Take the access log of the enterprise web site.
3. the detection method of sensitive information as claimed in claim 1, it is characterised in that after the step S20, the step
Before rapid S30, also comprise the following steps:
S80:Keyword canonical matching is carried out by being linked to uniform resource locator, filters out and the pass is carried in http request
The uniform resource locator link of keyword.
4. the detection method of sensitive information as claimed in claim 3, it is characterised in that the keyword includes order, order
Number, Orderid or comment in it is at least one.
5. the detection method of sensitive information as claimed in claim 1, it is characterised in that after step slo, the step
Before S20, also comprise the following steps:
S60:The access log of the enterprise web site is analyzed in real time.
6. the detection method of sensitive information as claimed in claim 1, it is characterised in that after step S20, the step
Before S30, also comprise the following steps:
S70:The user extracted can be linked as the uniform resource locator corresponding to the http request that the enterprise web site accesses
Deposit to database.
7. the detection method of sensitive information as claimed in claim 1, it is characterised in that the sensitive information includes identity card
Number, it is phone number, at least one in contact address or E-mail address.
8. a kind of detection means of sensitive information, it is characterised in that the detection means of the sensitive information includes:
Access log acquisition module, for obtaining the access log of enterprise web site;
Link extraction module, for extracted from the access log of enterprise web site user can be accessed by the enterprise web site it is all
Uniform resource locator link corresponding to http request;
Http request module is simulated, for sending the http request of simulation to the uniform resource locator link extracted, and is obtained
Take the feedback information that the http request for the simulation is responded;
Sensitive information matching module, for carrying out sensitive information canonical matching to the feedback information, judge the feedback information
In whether include the sensitive information;
Repair module, for when including the sensitive information in the feedback information, by corresponding uniform resource locator chain
Connect record to put on record, and repaired.
9. the detection means of sensitive information as claimed in claim 8, it is characterised in that the detection means of the sensitive information is also
Including screening module, keyword canonical matching is carried out for being linked to uniform resource locator, filters out in http request and carries
The uniform resource locator link of the keyword.
10. the detection means of sensitive information as claimed in claim 8, it is characterised in that the detection means of the sensitive information
Also include analysis module, analyzed in real time for the access log to the enterprise web site.
11. the detection means of sensitive information as claimed in claim 8, it is characterised in that the detection means of the sensitive information
Also include storage module, for can be as the unified resource corresponding to the http request that the enterprise web site accesses by the user extracted
Locator link is deposited to database.
12. a kind of computer-readable recording medium, is stored thereon with computer program, it is characterised in that the program is by processor
The step of detection method of the sensitive information any one of claim 1 to 7 is realized during execution.
13. a kind of electronic equipment, it is characterised in that including:
Processor;And
Memory, for storing the executable instruction of the processor;
Wherein, the processor is configured to come any one of perform claim requirement 1 to 7 via the execution executable instruction
Sensitive information detection method the step of.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710600182.XA CN107392028A (en) | 2017-07-21 | 2017-07-21 | The detection method and its detection means of sensitive information, storage medium, electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710600182.XA CN107392028A (en) | 2017-07-21 | 2017-07-21 | The detection method and its detection means of sensitive information, storage medium, electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107392028A true CN107392028A (en) | 2017-11-24 |
Family
ID=60336540
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710600182.XA Pending CN107392028A (en) | 2017-07-21 | 2017-07-21 | The detection method and its detection means of sensitive information, storage medium, electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107392028A (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109167797A (en) * | 2018-10-12 | 2019-01-08 | 北京百度网讯科技有限公司 | Analysis of Network Attack method and apparatus |
| CN109409836A (en) * | 2018-10-23 | 2019-03-01 | 网易(杭州)网络有限公司 | Data application processing method and device, electronic equipment, storage medium |
| CN109862074A (en) * | 2018-12-29 | 2019-06-07 | 医渡云(北京)技术有限公司 | A kind of collecting method, device, readable medium and electronic equipment |
| CN110399554A (en) * | 2019-07-12 | 2019-11-01 | 苏州浪潮智能科技有限公司 | A kind of detection method, device and the storage system of web site contents specific information |
| CN111031035A (en) * | 2019-12-12 | 2020-04-17 | 支付宝(杭州)信息技术有限公司 | Sensitive data access behavior monitoring method and device |
| CN112787992A (en) * | 2020-12-17 | 2021-05-11 | 福建新大陆软件工程有限公司 | Method, device, equipment and medium for detecting and protecting sensitive data |
| CN112925881A (en) * | 2021-02-01 | 2021-06-08 | 大箴(杭州)科技有限公司 | Sensitive barrage detection method and device, computer equipment and storage medium |
| CN113792334A (en) * | 2021-09-06 | 2021-12-14 | 杭州安恒信息安全技术有限公司 | Sensitive information data hiding method, system, computer and readable storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102546618A (en) * | 2011-12-29 | 2012-07-04 | 北京神州绿盟信息安全科技股份有限公司 | Method, device, system and website for detecting fishing website |
| CN106326734A (en) * | 2015-06-30 | 2017-01-11 | 阿里巴巴集团控股有限公司 | Method and device for detecting sensitive information |
-
2017
- 2017-07-21 CN CN201710600182.XA patent/CN107392028A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102546618A (en) * | 2011-12-29 | 2012-07-04 | 北京神州绿盟信息安全科技股份有限公司 | Method, device, system and website for detecting fishing website |
| CN106326734A (en) * | 2015-06-30 | 2017-01-11 | 阿里巴巴集团控股有限公司 | Method and device for detecting sensitive information |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109167797A (en) * | 2018-10-12 | 2019-01-08 | 北京百度网讯科技有限公司 | Analysis of Network Attack method and apparatus |
| US11233819B2 (en) | 2018-10-12 | 2022-01-25 | Beijing Baidu Netcom Science And Technology Co., Ltd. | Method and apparatus for analyzing cyberattack |
| CN109167797B (en) * | 2018-10-12 | 2022-03-01 | 北京百度网讯科技有限公司 | Network attack analysis method and device |
| CN109409836A (en) * | 2018-10-23 | 2019-03-01 | 网易(杭州)网络有限公司 | Data application processing method and device, electronic equipment, storage medium |
| CN109862074A (en) * | 2018-12-29 | 2019-06-07 | 医渡云(北京)技术有限公司 | A kind of collecting method, device, readable medium and electronic equipment |
| CN109862074B (en) * | 2018-12-29 | 2022-03-25 | 医渡云(北京)技术有限公司 | Data acquisition method and device, readable medium and electronic equipment |
| CN110399554A (en) * | 2019-07-12 | 2019-11-01 | 苏州浪潮智能科技有限公司 | A kind of detection method, device and the storage system of web site contents specific information |
| CN111031035A (en) * | 2019-12-12 | 2020-04-17 | 支付宝(杭州)信息技术有限公司 | Sensitive data access behavior monitoring method and device |
| CN111031035B (en) * | 2019-12-12 | 2022-04-19 | 支付宝(杭州)信息技术有限公司 | Sensitive data access behavior monitoring method and device |
| CN112787992A (en) * | 2020-12-17 | 2021-05-11 | 福建新大陆软件工程有限公司 | Method, device, equipment and medium for detecting and protecting sensitive data |
| CN112925881A (en) * | 2021-02-01 | 2021-06-08 | 大箴(杭州)科技有限公司 | Sensitive barrage detection method and device, computer equipment and storage medium |
| CN113792334A (en) * | 2021-09-06 | 2021-12-14 | 杭州安恒信息安全技术有限公司 | Sensitive information data hiding method, system, computer and readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107392028A (en) | The detection method and its detection means of sensitive information, storage medium, electronic equipment | |
| EP3561708B1 (en) | Method and device for classifying uniform resource locators based on content in corresponding websites | |
| CN104685510B (en) | Recognition application whether be rogue program method, system and storage medium | |
| US10121009B2 (en) | Computer system for discovery of vulnerabilities in applications including guided tester paths based on application coverage measures | |
| CN103632100B (en) | A kind of website vulnerability detection method and device | |
| US11336673B2 (en) | Systems and methods for third party risk assessment | |
| CN107918733A (en) | The system and method for detecting the malicious element of webpage | |
| CN106709346B (en) | Document handling method and device | |
| CN105164691B (en) | A kind of method and system for calculation machine software application | |
| CN107171894A (en) | The method of terminal device, distributed high in the clouds detecting system and pattern detection | |
| CN109726601A (en) | The recognition methods of unlawful practice and device, storage medium, computer equipment | |
| CN112019401A (en) | Internet of vehicles application safety testing method, device and system and electronic equipment | |
| CN114205216B (en) | Root cause positioning method and device for micro service fault, electronic equipment and medium | |
| CN108848276A (en) | Telephone number method for detecting availability, system, equipment and storage medium | |
| Koch et al. | The {OK} is not enough: A large scale study of consent dialogs in smartphone applications | |
| KR20160090566A (en) | Apparatus and method for detecting APK malware filter using valid market data | |
| CN114398465A (en) | Exception handling method and device of Internet service platform and computer equipment | |
| KR101648349B1 (en) | Apparatus and method for calculating risk of web site | |
| US20180198813A1 (en) | Methods and systems for discovering network security gaps | |
| CN103095714A (en) | Trojan horse detection method based on Trojan horse virus type classification modeling | |
| CN116932381A (en) | Automatic evaluation method for security risk of applet and related equipment | |
| CN108874462A (en) | A kind of browser behavior acquisition methods, device, storage medium and electronic equipment | |
| JP6258189B2 (en) | Specific apparatus, specific method, and specific program | |
| Vuokko et al. | Typology-based analysis of covid-19 mobile applications: implications for patient empowerment | |
| KR101624276B1 (en) | Method and apparatus for detecting icon spoofing of mobile application |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20171124 |
|
| RJ01 | Rejection of invention patent application after publication |