CN107483422A - Leakage of data retroactive method, equipment and computer-readable recording medium - Google Patents
Leakage of data retroactive method, equipment and computer-readable recording medium Download PDFInfo
- Publication number
- CN107483422A CN107483422A CN201710656764.XA CN201710656764A CN107483422A CN 107483422 A CN107483422 A CN 107483422A CN 201710656764 A CN201710656764 A CN 201710656764A CN 107483422 A CN107483422 A CN 107483422A
- Authority
- CN
- China
- Prior art keywords
- outgoing messages
- information
- type
- data
- leakage
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
- H04L63/306—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information intercepting packet switched data communications, e.g. Web, Internet or IMS communications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/556—Detecting local intrusion or implementing counter-measures involving covert channels, i.e. data leakage between processes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computing Systems (AREA)
- Technology Law (AREA)
- Signal Processing (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
This application discloses a kind of leakage of data retroactive method, including:The outgoing messages of network termination in acquisition;Outgoing messages are compared with default classified information, to determine whether the information type of outgoing messages is concerning security matters type;If the information type of outgoing messages is concerning security matters type, corresponding interior network termination is defined as terminal of divulging a secret when by outgoing messages being concerning security matters type.Disclosed herein as well is a kind of leakage of data to trace equipment, a kind of computer-readable recording medium.Leakage of data retroactive method disclosed in the present application judges the type of outgoing messages, and determination corresponding interior network termination when outgoing messages are to divulge a secret type, and then can be accurately positioned the person liable that divulges a secret by being compared to outgoing messages and default classified information.
Description
Technical field
The present invention relates to computer safety field, more particularly to a kind of leakage of data retroactive method, equipment and computer can
Read storage medium.
Background technology
With the rapid development of information technology, computer network has turned into people's routine office work, communication exchanges and cooperation mutually
Dynamic indispensable instrument.But information system also brings the storage of information data, visited while people's operating efficiency is improved
Ask the safety problem of aspect.The solution of safety problem in terms of information data storing, access at present, also rest on anti-
In the passive protection means such as wall with flues, intrusion detection, Network anti-virus.In the past year, according to national computer information safe
Test and appraisal centre data shows that linking Internet unit is due to the internal important secret thing that heavy losses are caused by secrets disclosed by net
In part, caused by only 1% is caused by being stolen by hacker, and 97% is all due to interior employee's leakage.And enterprise's secret letter
The leakage of breath can bring huge economic loss to enterprise, and the harm to enterprise is extremely serious.
For this problem, prior art employs the method that hardware is encrypted.So-called hardware encryption refers to add by special
The method that close chip or independent process chip etc. realize crypto-operation.Concrete implementation method is by encryption chip, proprietary electricity
When sub- key, hard disk one-to-one corresponding are arrived together, encryption chip will enter encryption chip information, proprietary key information, hard disk information
Row is corresponding and makees cryptographic calculation, while writes the primary partition table of hard disk.At this moment encryption chip, proprietary electron key, hard disk are just tied up
It is scheduled on and is used together.
Using above-mentioned technology, only encryption chip, proprietary electron key, hard disk are bound together, lack any one
It can not all use.Moreover, if the hard disk after encryption departs from corresponding encryption chip and electron key, on computers
None- identified subregion, the data that can not be more encrypted.The method encrypted using this hardware, due to encryption chip, proprietary electricity
Sub- key, hard disk, which may belong to different employees, to be responsible for, once leakage of data occurs, it is difficult to the responsibility divulged a secret is traced back to exactly
People.
Therefore, it is that those skilled in the art need to solve the problems, such as at present accurately retrospect how to be carried out to leakage of data.
The content of the invention
In view of this, it is an object of the invention to provide a kind of method based on the anti-retrospect of divulging a secret of internet behavior, this method energy
It is enough that the behavior of divulging a secret accurately is traced.Its concrete scheme is as follows:
A kind of leakage of data retroactive method, including:
The outgoing messages of network termination in acquisition;
The outgoing messages are compared with default classified information, whether to determine the information type of the outgoing messages
For concerning security matters type;
If the information type of the outgoing messages is concerning security matters type, the interior network termination is defined as terminal of divulging a secret.
Optionally, it is described that the outgoing messages are compared with default classified information, to determine the outgoing messages
Information type whether be concerning security matters type process, including:
Judge whether comprising default concerning security matters keyword in the outgoing messages, if it is, determining the outgoing messages
Information type is concerning security matters type, if it is not, then the information type for determining the outgoing messages is non-concerning security matters type.
Optionally, it is described that the outgoing messages are compared with default classified information, to determine the outgoing messages
Information type whether be concerning security matters type process, including:
Using default concerning security matters regular expression, judge whether included and the default concerning security matters canonical table in the outgoing messages
Up to information corresponding to formula, if it is, the information type for determining the outgoing messages is concerning security matters type, if it is not, then determining institute
The information type for stating outgoing messages is non-concerning security matters type.
Optionally, it is described that the outgoing messages are compared with default classified information, to determine the outgoing messages
Information type whether be concerning security matters type process, including:
The data fingerprint of the outgoing messages is calculated, obtains target fingerprint;
Calculate the similarity of the target fingerprint and default confidential data fingerprint;
Judge whether the similarity is more than default similarity threshold, if it is, determining the information of the outgoing messages
Type is concerning security matters type, if it is not, then the information type for determining the outgoing messages is non-concerning security matters type.
Optionally, the data fingerprint for calculating the outgoing messages, obtains the process of target fingerprint, including:
Using fuzzy hash algorithm, the data fingerprint of the outgoing messages is calculated, obtains the target fingerprint.
Optionally, the species of the classified information includes:Contract data and/or technology code and/or financial information and/or
Graphing of Engineering.
Optionally, if the information type of the outgoing messages is concerning security matters type, in addition to:
Intercept process is carried out to the outgoing messages.
Optionally, the leakage of data retroactive method also includes:
The classified information that has leaked is obtained, target is obtained and divulges a secret information;
Information of being divulged a secret to the target is compared with history outgoing messages collection, true to be concentrated from the history outgoing messages
Make and divulged a secret the corresponding history outgoing messages of information with the target, obtain target histories outgoing messages;
Interior network termination corresponding with the target histories outgoing messages is defined as terminal of divulging a secret.
Optionally, the process that information is compared with history outgoing messages collection of being divulged a secret to the target, including:
Compared based on keyword and/or regular expression compares and/or the mode of data fingerprint comparison, the target is let out
Confidential information is compared with history outgoing messages collection.
The invention also discloses a kind of leakage of data to trace equipment, including:Memory, processor and it is stored in the storage
On device and the leakage of data retrospect program that can run on the processor, leakage of data retrospect program are arranged for carrying out
The step of stating leakage of data retroactive method.
The invention also discloses a kind of computer-readable recording medium, number is stored with the computer-readable recording medium
According to retrospect program of divulging a secret, the leakage of data retrospect program realizes the step of above-mentioned leakage of data retroactive method when being executed by processor
Suddenly.
Leakage of data retroactive method disclosed by the invention, the outgoing messages of acquisition and default classified information are compared, sentenced
Whether the information type of disconnected outgoing messages is default classified information, and is determined corresponding when outgoing messages divulge a secret information type to preset
Interior network termination, pass through Intranet terminal positioning to the person liable that divulges a secret.This method accurately can be chased after accurately to leakage of data
Trace back, be accurately positioned the person liable that divulges a secret.
In addition, leakage of data retroactive method of the present invention can pair have been found that belong to default classified information type
Outgoing messages are intercepted, and play a part of early warning, effective reduction factor is according to the loss divulged a secret and brought.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing
There is the required accompanying drawing used in technology description to be briefly described, it should be apparent that, drawings in the following description are only this
The embodiment of invention, for those of ordinary skill in the art, on the premise of not paying creative work, can also basis
The accompanying drawing of offer obtains other accompanying drawings.
Fig. 1 is a kind of leakage of data retroactive method flow chart disclosed by the invention;
Fig. 2 is a kind of specific leakage of data retroactive method flow chart disclosed by the invention;
Fig. 3 is another specific leakage of data retroactive method flow chart disclosed by the invention;
Fig. 4 is the third specific leakage of data retroactive method flow chart disclosed by the invention;
Fig. 5 is another leakage of data retroactive method flow chart disclosed by the invention;
Fig. 6 is the outline flowchart of leakage of data retroactive method disclosed in Fig. 5;
Fig. 7 is leakage of data retroactive method specific implementation process disclosed by the invention;
Fig. 8 is a kind of leakage of data traceability system structural representation disclosed by the invention;
Fig. 9 is the first comparing module structural representation in a kind of leakage of data traceability system disclosed by the invention;
Figure 10 is another leakage of data traceability system structural representation disclosed by the invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Site preparation describes, it is clear that described embodiment is only part of the embodiment of the present invention, rather than whole embodiments.It is based on
Embodiment in the present invention, those of ordinary skill in the art are obtained every other under the premise of creative work is not made
Embodiment, belong to the scope of protection of the invention.
It is shown in Figure 1 the embodiment of the invention discloses a kind of leakage of data retroactive method, comprise the following steps:
Step S11:The outgoing messages of network termination in acquisition.
Wherein, Intranet refers to that various computers, external equipment and database link up mutually group by a certain region
Into computer communication network, i.e. LAN.Intranet includes but is not limited to corporate office net, campus network.Interior network termination refers to use
The communication equipment of Intranet, the computer equipment of company is typically referred to, can also be other mobile communication using Intranet if necessary
Equipment.
In the present embodiment, outgoing messages refer to the file being sent out using Intranet, including but not limited to text, voice,
The information of the forms such as video.In addition, the outgoing messages in the present embodiment can include the fileinfo without overcompression processing, when
The fileinfo in compressed package can also so be included.
It is further noted that in order to eliminate the number such as invalid data that may be present in outgoing messages, duplicate data
According to noise, the embodiment of the present invention further can also carry out data cleansing to the outgoing messages of acquisition, to delete in outgoing messages
Invalid data and the data noise such as duplicate data, so as to trace the data for providing high quality for leakage of data.
In leakage of data retroactive method disclosed in the present embodiment, if outgoing messages are uncompressed fileinfo, tool
Body, when outgoing messages are uncompressed text message, then extract the content of corresponding text message, and the text to extracting
Content carries out data cleansing;When outgoing messages are uncompressed voice messaging, generally first voice messaging is known by voice
Text message after other technical transform is text message and then converted to voice messaging carries out data cleansing;When outgoing messages is not
During compressed video information, generally video information is analyzed using image recognition technology, and to the nothing in video information
Imitate data, duplicate data carries out cleaning treatment.
If outgoing messages is the fileinfo in compressed package, recursive solution press-stretched first is carried out to compressed package and is split into monofile,
And data cleansing processing is carried out to each monofile obtained after decompression respectively.Wherein, the type of monofile includes but is not limited to
Text, voice, video etc..To the cleaning process of the fileinfo after decompression with reference to unpressed fileinfo cleaning process.
Step S12:Outgoing messages are compared with default classified information, whether to determine the information type of outgoing messages
For concerning security matters type.
Wherein, above-mentioned default classified information is the confidential information of the important information, mostly enterprise of client.The secret letter of enterprise
Breath includes but is not limited to technology confidential information and manages confidential information.Wherein, technology confidential information can include but is not limited to:Skill
Art design, technology sample, quality control, application test, technological process, commercial formulations, chemical formulation, manufacture craft, making side
Method, computer program etc..Managing confidential information can include but is not limited to:Development plan, contention scheme, management tricks of the trade, client
List, the source of goods, production and marketing strategy, financial situation, investment and financing plan, the bidding documents base number of a tender, negotiation scheme etc..In embodiments of the present invention,
User can preset the content of classified information according to own situation.
It is understood that the present embodiment can be obtained outer by the way that outgoing messages are compared with default classified information
The degree of correlation between photos and sending messages and default classified information, on this basis, and then the information type of outgoing messages can be determined
Whether it is concerning security matters type.Step S13:When the information type of outgoing messages is concerning security matters type, then interior network termination is defined as divulging a secret
Terminal.
Wherein, above-mentioned terminal of divulging a secret is corresponding interior network termination when the information type of outgoing messages is concerning security matters type.Can be with
Understand, by the terminal of divulging a secret determined in above-mentioned steps S13, corresponding blabber's information can be found out.Further
, the end message of above-mentioned terminal of divulging a secret and corresponding blabber's information can also be passed through default communication canal by the present embodiment
Road is sent to administrator terminal.Wherein, above-mentioned default communications conduit includes but is not limited to email channel, short message channel, social activity
Internet channel etc..
Further, the embodiment of the present invention can also be entered to historical outgoing messages and corresponding Intranet end message
Row Document Solution, obtain corresponding history outgoing messages collection.In addition, the embodiment of the present invention can also will be by above-mentioned steps 12
The information type corresponding to outgoing messages determined is recorded to above-mentioned history outgoing messages and concentrated.
Leakage of data retroactive method disclosed in the present embodiment, the outgoing messages of acquisition and default classified information are compared,
Whether the information type for judging outgoing messages is default classified information, and is determined when outgoing messages divulge a secret information type to preset
Corresponding interior network termination, by the Intranet terminal positioning corresponding to information of divulging a secret of determination to the person liable that divulges a secret.This method can be right
Leakage of data is accurately traced, and then is accurately positioned the person liable that divulges a secret.
It is shown in Figure 2 the embodiment of the invention discloses a kind of specific leakage of data retroactive method, including following step
Suddenly:
Step S21:The outgoing messages of network termination in acquisition.
Step S22:Judge whether comprising default concerning security matters keyword in outgoing messages, if it is, determining outgoing messages
Information type is concerning security matters type, if it is not, then the information type for determining outgoing messages is non-concerning security matters type.
Wherein, preset concerning security matters keyword be arranged as required to for client, including but not limited to contract data, technology code,
Financial information, Graphing of Engineering;The number of default concerning security matters keyword is the integer more than or equal to 1.If included in outgoing messages
Default concerning security matters keyword, no matter the number comprising keyword is for 1 or multiple in outgoing messages, then the letter of this outgoing messages
Breath type is concerning security matters type, and otherwise, the information type of outgoing messages is non-concerning security matters type.
Step S23:When the information type of outgoing messages is concerning security matters type, then will be corresponding in network termination be defined as end of divulging a secret
End.
It is shown in Figure 3 including following the embodiment of the invention discloses another specific leakage of data retroactive method
Step:
Step S31:The outgoing messages of network termination in acquisition.
Step S32:Using default concerning security matters regular expression, judge whether included and default concerning security matters canonical table in outgoing messages
Up to information corresponding to formula, if it is, the information type for determining outgoing messages is concerning security matters type, if it is not, then determining outer transmit
The information type of breath is non-concerning security matters type.
Wherein, regular expression is a kind of logical formula to string operation, with some the specific words defined in advance
The combination of symbol and these specific characters, form one " regular character string ".Information corresponding to " regular character string " includes but unlimited
In information such as numeral, codes.Information corresponding to default concerning security matters regular expression can be concerning security matters numeral or concerning security matters generation
Code, can also be the classified information of other forms if necessary.
Step S33:When the information type of outgoing messages is concerning security matters type, then will be corresponding in network termination be defined as end of divulging a secret
End.
It is shown in Figure 4 the embodiment of the invention discloses the third specific leakage of data retroactive method, including following step
Suddenly:
Step S41:The outgoing messages of network termination in acquisition.
Step S42:Outgoing messages are compared with the data fingerprint of default classified information, to determine the letter of outgoing messages
Cease whether type is concerning security matters type.
Wherein, step S42 comprises the following steps in this specific embodiment:
Step S421:The data fingerprint of outgoing messages is calculated, obtains target fingerprint.
Wherein, data fingerprint is calculated by fuzzy hash algorithm, represents the data characteristics of outgoing messages.
Step S422:Calculate target fingerprint and the similarity of default confidential data fingerprint.
Step S423:Judge whether target fingerprint and the similarity of default confidential data fingerprint are more than default similarity threshold
Value, if it is, the information type for determining outgoing messages is concerning security matters type, if it is not, then determining the information type of outgoing messages
For non-concerning security matters type.
Wherein, default similarity threshold be judge outgoing messages information type whether be concerning security matters type critical condition,
It is arranged as required to by client.
Step S43:When the information type of outgoing messages is concerning security matters type, then interior network termination is defined as terminal of divulging a secret.
In order to effectively block the approach of leakage of data, further reduction factor is according to the loss brought of divulging a secret, above example
Outgoing messages can also be intercepted for the information of classified information type.It is of course also possible to by communications conduit to keeper
Prompt message is sent, and by concerning security matters related data Document Solution.Keeper finds out accordingly according to the prompt message received
Blabber's information.Wherein, the prompt message sent to keeper includes but is not limited to warning information.Prompting letter is sent to keeper
The communications conduit of breath includes but is not limited to email channel, short message channel, social networks channel etc..
It is shown in Figure 5 the invention also discloses a kind of leakage of data retroactive method, comprise the following steps:
Step S51:The classified information that has leaked is obtained, target is obtained and divulges a secret information.
Step S52:Information of being divulged a secret to target is compared with history outgoing messages collection, true to be concentrated from history outgoing messages
Make and divulged a secret the corresponding history outgoing messages of information with target, obtain target histories outgoing messages.
Wherein, above-mentioned history outgoing messages collection is the letter for recording the data such as the message of outgoing and corresponding interior network termination
Breath set.
In the present embodiment, the process that information of being divulged a secret to target is compared with history outgoing messages collection, including it is but unlimited
In:
Compared based on keyword and/or regular expression compares and/or the mode of data fingerprint comparison, letter of being divulged a secret to target
Breath is compared with history outgoing messages collection.
Step S53:Interior network termination corresponding with target histories outgoing messages is defined as terminal of divulging a secret.
The synoptic diagram of leakage of data retroactive method, shown in Figure 6 disclosed in the present embodiment, including:Keeper uploads and let out
Ciphertext part inputs information of divulging a secret, and traces the person liable that divulges a secret.
It is shown in Figure 7 the invention also discloses the embodiment of leakage of data retroactive method, shown in Fig. 7
For divulge a secret trace back process and the trace back process of divulging a secret for information of having divulged a secret of outgoing messages.
Wherein, specifically included for the trace back process of divulging a secret of outgoing messages:The information that internal network termination is outwardly sent is entered
Row intercepts, and obtains outgoing messages, and outgoing messages are uploaded into DAF, then using above-mentioned DAF,
Above-mentioned outgoing messages are compared with the default classified information sended in advance by administrator terminal, it is above-mentioned so as to analyze
Whether the information type of outgoing messages is concerning security matters type, and information type can be blocked for the outgoing messages of concerning security matters type
Cut processing;
In addition, specifically included for the trace back process of divulging a secret for information of having divulged a secret:Set by administrator terminal to data analysis
It is standby to upload the classified information for having leaked into the external world, and utilize above-mentioned DAF, to the above-mentioned external world that leaked into
Classified information is compared with the history outgoing messages collection collected in advance, with from above-mentioned history outgoing messages concentrate determine with
History outgoing messages corresponding to the above-mentioned classified information for having leaked into the external world, then by Intranet corresponding to the history outgoing messages
Terminal is defined as terminal of divulging a secret accordingly, further, can also be by the history outgoing messages and corresponding interior network termination letter
Breath is sent to administrator terminal by default communications conduit, so as to facilitate keeper to orient the corresponding person liable that divulges a secret.
It is shown in Figure 8 the invention also discloses a kind of leakage of data traceability system, including:
First information acquisition module 11, for obtaining the outgoing messages of interior network termination.
Wherein, interior network termination refers to the communication equipment using Intranet, typically refers to the computer equipment of company, if necessary
Can be other mobile communication equipments using Intranet.
In the present embodiment, outgoing messages refer to the file being sent out using Intranet, including but not limited to text, voice,
The information of the forms such as video.In addition, the outgoing messages in the present embodiment can include the fileinfo without overcompression processing, when
The fileinfo in compressed package can also so be included.
It is further noted that in order to eliminate the number such as invalid data that may be present in outgoing messages, duplicate data
According to noise, the embodiment of the present invention further can also carry out data cleansing to the outgoing messages of acquisition, to delete in outgoing messages
Invalid data and the data noise such as duplicate data, so as to trace the data for providing high quality for leakage of data.
In leakage of data traceability system disclosed in the present embodiment, if outgoing messages are uncompressed fileinfo, tool
Body, when outgoing messages are uncompressed text message, then extract the content of corresponding text message, and the text to extracting
Content carries out data cleansing;When outgoing messages are uncompressed voice messaging, generally first voice messaging is known by voice
Other technical transform is text message, and the text message after then being converted to voice messaging carries out data cleansing;When outgoing messages are
During uncompressed video information, generally video information is analyzed using image recognition technology, and to invalid data, repeat
Data carry out cleaning treatment.
If outgoing messages is the fileinfo in compressed package, recursive solution press-stretched first is carried out to compressed package and is split into monofile,
And data cleansing processing is carried out to each monofile obtained after decompression respectively.Wherein, the type of monofile includes but is not limited to
Text, voice, video etc..The cleaning process of fileinfo after decompression was cleaned with reference to above-mentioned unpressed fileinfo
Journey.
First information comparing module 12, for outgoing messages to be compared with default classified information, to determine outer transmit
Whether the information type of breath is concerning security matters type.
In the present embodiment, first information comparing module is specifically used for, and judges whether closed in outgoing messages comprising default concerning security matters
Key word, if it is, the information type for determining outgoing messages is concerning security matters type, if it is not, then determining the info class of outgoing messages
Type is non-concerning security matters type.
Wherein, preset concerning security matters keyword be arranged as required to for client, including but not limited to contract data, technology code,
Financial information, Graphing of Engineering;The number of default concerning security matters keyword is the integer more than or equal to 1.If included in outgoing messages
Default concerning security matters keyword, no matter the number comprising keyword is for 1 or multiple in outgoing messages, then the letter of this outgoing messages
Breath type is concerning security matters type, and otherwise, the information type of outgoing messages is non-concerning security matters type.
In the present embodiment, first information comparing module is specifically additionally operable to, and using default concerning security matters regular expression, judges outgoing
Whether information corresponding with default concerning security matters regular expression is included in information, if it is, determining the information type of outgoing messages
For concerning security matters type, if it is not, then the information type for determining outgoing messages is non-concerning security matters type.
Wherein, regular expression is a kind of logical formula to string operation, with some the specific words defined in advance
The combination of symbol and these specific characters, form one " regular character string ".Information corresponding to " regular character string " includes but unlimited
In information such as numeral, codes.Information corresponding to default concerning security matters regular expression can be concerning security matters numeral or concerning security matters generation
Code, can also be the classified information of other forms if necessary.
First information comparing module 12 in the embodiment of the present invention also includes with lower unit, shown in Figure 9:
First computing unit 121, for calculating the data fingerprint of outgoing messages, obtains target fingerprint.
Wherein, data fingerprint is calculated by fuzzy hash algorithm, represents the data characteristics of outgoing messages.
Second computing unit 122, for calculating the similarity of target fingerprint and default confidential data fingerprint.
Judging unit 123, for judging whether target fingerprint and the similarity of default confidential data fingerprint are more than default phase
Like degree threshold value, if it is, the information type for determining outgoing messages is concerning security matters type, if it is not, then determining the letter of outgoing messages
Breath type is non-concerning security matters type.
Wherein, preset similarity threshold, for judge the information type of outgoing messages whether be concerning security matters type critical condition,
It is arranged as required to by client.
First Intranet terminal deciding module 13, then will be right for being concerning security matters type when the information type of the outgoing messages
The interior network termination answered is defined as terminal of divulging a secret.
Wherein, above-mentioned terminal of divulging a secret is corresponding interior network termination when the information type of outgoing messages is concerning security matters type.Can be with
Understand, the terminal of divulging a secret determined by above-mentioned first Intranet terminal deciding module 13, can find out and divulge a secret accordingly
Person's information.Further, the present embodiment can also lead to the end message of above-mentioned terminal of divulging a secret and corresponding blabber's information
Default communications conduit is crossed to send to administrator terminal.Wherein, above-mentioned default communications conduit include but is not limited to email channel,
Short message channel, social networks channel etc..
Further, the embodiment of the present invention can also be entered to historical outgoing messages and corresponding Intranet end message
Row Document Solution, obtain corresponding history outgoing messages collection.In addition, the embodiment of the present invention will can also compare by above-mentioned first
The information type corresponding to outgoing messages determined in module 12 is recorded to above-mentioned history outgoing messages and concentrated.
In order to effectively block the approach of leakage of data, further reduction factor is according to the loss brought of divulging a secret, above example
It can also include:
Information intercepting module, for being intercepted to outgoing messages for the information of classified information type.It is it is of course also possible to logical
Cross communications conduit and send prompt message to keeper, and by concerning security matters related data Document Solution.Keeper carries according to what is received
Show that information searching goes out corresponding blabber's information.Wherein, the prompt message sent to keeper includes but is not limited to warning information.
In addition, the communications conduit that prompt message is sent to keeper includes but is not limited to email channel, short message channel, social networks channel
Deng.
It is shown in Figure 10 the invention also discloses a kind of leakage of data traceability system, including:
Second data obtaining module 21, for obtaining the classified information that has leaked, obtain target and divulge a secret information.
Second information comparison module 22, for being divulged a secret to target, information is compared with history outgoing messages collection, with from upper
State history outgoing messages and concentrate and determine to divulge a secret the corresponding history outgoing messages of information with the target, obtain target histories outgoing
Information.
Wherein, above-mentioned history outgoing messages collection is the letter for recording the data such as the message of outgoing and corresponding interior network termination
Breath set.
In the present embodiment, include for information of being divulged a secret to target with the method that history outgoing messages collection is compared but unlimited
In:Compared based on keyword and/or regular expression compares and/or the mode of data fingerprint comparison, letter of being divulged a secret to the target
Breath is compared with history outgoing messages collection.
Second Intranet terminal deciding module 23, for interior network termination corresponding with the target histories outgoing messages to be determined
For terminal of divulging a secret.
Invention additionally discloses a kind of leakage of data to trace equipment, including:Memory, processor and it is stored in the memory
Leakage of data retrospect program that is upper and can running on the processor.Wherein, leakage of data retrospect program is arranged for carrying out
The step of stating leakage of data retroactive method, will not be repeated here.
The invention also discloses a kind of computer-readable recording medium, is stored with leakage of data retrospect program.Wherein, data
Divulge a secret and trace the step of realizing leakage of data retroactive method described above when program is executed by processor, will not be repeated here.
Finally, it is to be noted that, herein, such as first and second or the like relational terms be used merely to by
One entity or operation make a distinction with another entity or operation, and not necessarily require or imply these entities or operation
Between any this actual relation or order be present.Moreover, term " comprising ", "comprising" or its any other variant meaning
Covering including for nonexcludability, so that process, method, article or equipment including a series of elements not only include that
A little key elements, but also the other element including being not expressly set out, or also include for this process, method, article or
The intrinsic key element of equipment.In the absence of more restrictions, the key element limited by sentence "including a ...", is not arranged
Except other identical element in the process including the key element, method, article or equipment being also present.
Leakage of data retroactive method, equipment and computer-readable recording medium provided by the present invention have been carried out in detail above
Thin to introduce, specific case used herein is set forth to the principle and embodiment of the present invention, and above example is said
It is bright to be only intended to help the method and its core concept for understanding the present invention;Meanwhile for those of ordinary skill in the art, foundation
The thought of the present invention, there will be changes in specific embodiments and applications, in summary, this specification content is not
It is interpreted as limitation of the present invention.
Claims (11)
- A kind of 1. leakage of data retroactive method, it is characterised in that including:The outgoing messages of network termination in acquisition;The outgoing messages are compared with default classified information, to determine whether the information type of the outgoing messages is to relate to Close type;If the information type of the outgoing messages is concerning security matters type, the interior network termination is defined as terminal of divulging a secret.
- 2. leakage of data retroactive method according to claim 1, it is characterised in that described to the outgoing messages and default Classified information is compared, with determine the information type of the outgoing messages whether be concerning security matters type process, including:Judge whether comprising default concerning security matters keyword in the outgoing messages, if it is, determining the information of the outgoing messages Type is concerning security matters type, if it is not, then the information type for determining the outgoing messages is non-concerning security matters type.
- 3. leakage of data retroactive method according to claim 1, it is characterised in that described to the outgoing messages and default Classified information is compared, with determine the information type of the outgoing messages whether be concerning security matters type process, including:Using default concerning security matters regular expression, judge whether included and the default concerning security matters regular expression in the outgoing messages Corresponding information, if it is, the information type for determining the outgoing messages is concerning security matters type, if it is not, then determining described outer The information type of photos and sending messages is non-concerning security matters type.
- 4. leakage of data retroactive method according to claim 1, it is characterised in that described to the outgoing messages and default Classified information is compared, with determine the information type of the outgoing messages whether be concerning security matters type process, including:The data fingerprint of the outgoing messages is calculated, obtains target fingerprint;Calculate the similarity of the target fingerprint and default confidential data fingerprint;Judge whether the similarity is more than default similarity threshold, if it is, determining the information type of the outgoing messages For concerning security matters type, if it is not, then the information type for determining the outgoing messages is non-concerning security matters type.
- 5. leakage of data retroactive method according to claim 4, it is characterised in that the number for calculating the outgoing messages According to fingerprint, the process of target fingerprint is obtained, including:Using fuzzy hash algorithm, the data fingerprint of the outgoing messages is calculated, obtains the target fingerprint.
- 6. leakage of data retroactive method according to claim 1, it is characterised in that the species of the classified information includes: Contract data and/or technology code and/or financial information and/or Graphing of Engineering.
- 7. leakage of data retroactive method according to claim 1, it is characterised in that if the information type of the outgoing messages For concerning security matters type, then also include:Intercept process is carried out to the outgoing messages.
- 8. the leakage of data retroactive method according to any one of claim 1 to 7, it is characterised in that also include:The classified information that has leaked is obtained, target is obtained and divulges a secret information;Information of being divulged a secret to the target is compared with history outgoing messages collection, is determined with being concentrated from the history outgoing messages Divulged a secret the corresponding history outgoing messages of information with the target, obtain target histories outgoing messages;Interior network termination corresponding with the target histories outgoing messages is defined as terminal of divulging a secret.
- 9. leakage of data retroactive method according to claim 8, it is characterised in that it is described the target is divulged a secret information with The process that history outgoing messages collection is compared, including:Compared based on keyword and/or regular expression compares and/or the mode of data fingerprint comparison, letter of being divulged a secret to the target Breath is compared with history outgoing messages collection.
- 10. a kind of leakage of data traces equipment, it is characterised in that video retrospect equipment of divulging a secret includes:Memory, processor And it is stored in the leakage of data retrospect program that can be run on the memory and on the processor, the leakage of data retrospect Program is arranged for carrying out the step of leakage of data retroactive method as claimed in any one of claims 1-9 wherein.
- 11. a kind of computer-readable recording medium, it is characterised in that be stored with data on the computer-readable recording medium and let out Close retrospect program, the leakage of data retrospect program realize the number as described in any one of claim 1 to 9 when being executed by processor According to divulge a secret retroactive method the step of.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710656764.XA CN107483422B (en) | 2017-08-03 | 2017-08-03 | Data leakage tracing method and device and computer readable storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710656764.XA CN107483422B (en) | 2017-08-03 | 2017-08-03 | Data leakage tracing method and device and computer readable storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107483422A true CN107483422A (en) | 2017-12-15 |
CN107483422B CN107483422B (en) | 2020-10-27 |
Family
ID=60598062
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710656764.XA Active CN107483422B (en) | 2017-08-03 | 2017-08-03 | Data leakage tracing method and device and computer readable storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107483422B (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108494797A (en) * | 2018-04-16 | 2018-09-04 | 深信服科技股份有限公司 | Data monitoring and managing method, system, equipment and storage medium based on virtualization technology |
CN108566372A (en) * | 2018-03-01 | 2018-09-21 | 云易天成(北京)安全科技开发有限公司 | Fileinfo leakage prevention method, medium and equipment based on hash algorithm |
CN108959960A (en) * | 2018-06-19 | 2018-12-07 | 努比亚技术有限公司 | Prevent the method, apparatus and computer readable storage medium of privacy leakage |
CN114077722A (en) * | 2021-10-20 | 2022-02-22 | 深信服科技股份有限公司 | Data leakage tracking method and device, electronic equipment and computer storage medium |
WO2022103521A1 (en) * | 2020-11-16 | 2022-05-19 | Microsoft Technology Licensing, Llc | Data leak detection using similarity mapping |
WO2022135308A1 (en) * | 2020-12-21 | 2022-06-30 | 华为云计算技术有限公司 | Method and apparatus for detecting media data |
CN115470524A (en) * | 2022-10-31 | 2022-12-13 | 中国电力科学研究院有限公司 | Method, system, equipment and medium for detecting leakage of confidential documents |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN201477603U (en) * | 2009-08-31 | 2010-05-19 | 四川中跃科技有限责任公司 | Party and government network secret-associated information remote supervision checking system |
CN102968600A (en) * | 2012-10-30 | 2013-03-13 | 国网电力科学研究院 | Full life-cycle management method for sensitive data file based on fingerprint information implantation |
CN104486320A (en) * | 2014-12-10 | 2015-04-01 | 国家电网公司 | Intranet sensitive information disclosure evidence collection system and method based on honeynet technology |
CN104700034A (en) * | 2013-12-04 | 2015-06-10 | 大连东浦机电有限公司 | Method for monitoring risk of uploaded network disk data, based on keyword extraction strategy |
CN106446707A (en) * | 2016-08-31 | 2017-02-22 | 北京明朝万达科技股份有限公司 | Dynamic data leakage prevention system and method |
-
2017
- 2017-08-03 CN CN201710656764.XA patent/CN107483422B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN201477603U (en) * | 2009-08-31 | 2010-05-19 | 四川中跃科技有限责任公司 | Party and government network secret-associated information remote supervision checking system |
CN102968600A (en) * | 2012-10-30 | 2013-03-13 | 国网电力科学研究院 | Full life-cycle management method for sensitive data file based on fingerprint information implantation |
CN104700034A (en) * | 2013-12-04 | 2015-06-10 | 大连东浦机电有限公司 | Method for monitoring risk of uploaded network disk data, based on keyword extraction strategy |
CN104486320A (en) * | 2014-12-10 | 2015-04-01 | 国家电网公司 | Intranet sensitive information disclosure evidence collection system and method based on honeynet technology |
CN106446707A (en) * | 2016-08-31 | 2017-02-22 | 北京明朝万达科技股份有限公司 | Dynamic data leakage prevention system and method |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108566372A (en) * | 2018-03-01 | 2018-09-21 | 云易天成(北京)安全科技开发有限公司 | Fileinfo leakage prevention method, medium and equipment based on hash algorithm |
CN108494797A (en) * | 2018-04-16 | 2018-09-04 | 深信服科技股份有限公司 | Data monitoring and managing method, system, equipment and storage medium based on virtualization technology |
CN108959960A (en) * | 2018-06-19 | 2018-12-07 | 努比亚技术有限公司 | Prevent the method, apparatus and computer readable storage medium of privacy leakage |
CN108959960B (en) * | 2018-06-19 | 2020-08-21 | 南昌努比亚技术有限公司 | Method, device and computer readable storage medium for preventing privacy disclosure |
WO2022103521A1 (en) * | 2020-11-16 | 2022-05-19 | Microsoft Technology Licensing, Llc | Data leak detection using similarity mapping |
WO2022135308A1 (en) * | 2020-12-21 | 2022-06-30 | 华为云计算技术有限公司 | Method and apparatus for detecting media data |
CN114077722A (en) * | 2021-10-20 | 2022-02-22 | 深信服科技股份有限公司 | Data leakage tracking method and device, electronic equipment and computer storage medium |
CN115470524A (en) * | 2022-10-31 | 2022-12-13 | 中国电力科学研究院有限公司 | Method, system, equipment and medium for detecting leakage of confidential documents |
Also Published As
Publication number | Publication date |
---|---|
CN107483422B (en) | 2020-10-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107483422A (en) | Leakage of data retroactive method, equipment and computer-readable recording medium | |
Zhang et al. | A historical probability based noise generation strategy for privacy protection in cloud computing | |
Zhang et al. | Cryptographic public verification of data integrity for cloud storage systems | |
US20180288084A1 (en) | Method and device for automatically establishing intrusion detection model based on industrial control network | |
CN111368297B (en) | Privacy protection mobile malicious software detection method, system, storage medium and application | |
CN111431862B (en) | Network security deep protection method and system for threat-driven power monitoring system | |
CN112766495A (en) | Deep learning model privacy protection method and device based on mixed environment | |
Kumar et al. | Understanding the behaviour of android ransomware attacks with real smartphones dataset | |
Nguyen et al. | Human-in-the-loop XAI-enabled vulnerability detection, investigation, and mitigation | |
Senosi et al. | Classification and evaluation of privacy preserving data mining: a review | |
Ferrucci et al. | A Wireless Intrusion Detection for the Next Generation (5G) Networks” | |
Akbar et al. | Knowledge mining in cybersecurity: From attack to defense | |
Noor et al. | An association rule mining-based framework for profiling regularities in tactics techniques and procedures of cyber threat actors | |
Ferrag et al. | Revolutionizing cyber threat detection with large language models: A privacy-preserving bert-based lightweight model for iot/iiot devices | |
CN111475690B (en) | Character string matching method and device, data detection method and server | |
CN116055067B (en) | Weak password detection method, device, electronic equipment and medium | |
Hussain et al. | Analysis application of big data-based analysis of network security and intelligence | |
Al Baalbaki et al. | Autonomic critical infrastructure protection (acip) system | |
Srinarayani et al. | Detection of Botnet Traffic using Deep Learning Approach | |
Gudlur et al. | Industrial internet of things (iiot) of forensic and vulnerabilities | |
Wenbo et al. | AMC-MDL: A novel approach of android malware classification using multimodel deep learning | |
Kim et al. | Scam detection assistant: Automated protection from scammers | |
CN113360575A (en) | Method, device, equipment and storage medium for supervising transaction data in alliance chain | |
Trifonov et al. | Analytical Choice of an Effective Cyber Security Structure with Artificial Intelligence in Industrial Control Systems | |
Kaur et al. | Wavelets based anomaly-based detection system or J48 and Naïve Bayes based signature-based detection system: A comparison |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |