CN107483422A - Leakage of data retroactive method, equipment and computer-readable recording medium - Google Patents

Leakage of data retroactive method, equipment and computer-readable recording medium Download PDF

Info

Publication number
CN107483422A
CN107483422A CN201710656764.XA CN201710656764A CN107483422A CN 107483422 A CN107483422 A CN 107483422A CN 201710656764 A CN201710656764 A CN 201710656764A CN 107483422 A CN107483422 A CN 107483422A
Authority
CN
China
Prior art keywords
outgoing messages
information
type
data
leakage
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710656764.XA
Other languages
Chinese (zh)
Other versions
CN107483422B (en
Inventor
蔡家坡
张斌
王振国
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sangfor Technologies Co Ltd
Original Assignee
Sangfor Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sangfor Technologies Co Ltd filed Critical Sangfor Technologies Co Ltd
Priority to CN201710656764.XA priority Critical patent/CN107483422B/en
Publication of CN107483422A publication Critical patent/CN107483422A/en
Application granted granted Critical
Publication of CN107483422B publication Critical patent/CN107483422B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
    • H04L63/306Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information intercepting packet switched data communications, e.g. Web, Internet or IMS communications
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/556Detecting local intrusion or implementing counter-measures involving covert channels, i.e. data leakage between processes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Technology Law (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

This application discloses a kind of leakage of data retroactive method, including:The outgoing messages of network termination in acquisition;Outgoing messages are compared with default classified information, to determine whether the information type of outgoing messages is concerning security matters type;If the information type of outgoing messages is concerning security matters type, corresponding interior network termination is defined as terminal of divulging a secret when by outgoing messages being concerning security matters type.Disclosed herein as well is a kind of leakage of data to trace equipment, a kind of computer-readable recording medium.Leakage of data retroactive method disclosed in the present application judges the type of outgoing messages, and determination corresponding interior network termination when outgoing messages are to divulge a secret type, and then can be accurately positioned the person liable that divulges a secret by being compared to outgoing messages and default classified information.

Description

Leakage of data retroactive method, equipment and computer-readable recording medium
Technical field
The present invention relates to computer safety field, more particularly to a kind of leakage of data retroactive method, equipment and computer can Read storage medium.
Background technology
With the rapid development of information technology, computer network has turned into people's routine office work, communication exchanges and cooperation mutually Dynamic indispensable instrument.But information system also brings the storage of information data, visited while people's operating efficiency is improved Ask the safety problem of aspect.The solution of safety problem in terms of information data storing, access at present, also rest on anti- In the passive protection means such as wall with flues, intrusion detection, Network anti-virus.In the past year, according to national computer information safe Test and appraisal centre data shows that linking Internet unit is due to the internal important secret thing that heavy losses are caused by secrets disclosed by net In part, caused by only 1% is caused by being stolen by hacker, and 97% is all due to interior employee's leakage.And enterprise's secret letter The leakage of breath can bring huge economic loss to enterprise, and the harm to enterprise is extremely serious.
For this problem, prior art employs the method that hardware is encrypted.So-called hardware encryption refers to add by special The method that close chip or independent process chip etc. realize crypto-operation.Concrete implementation method is by encryption chip, proprietary electricity When sub- key, hard disk one-to-one corresponding are arrived together, encryption chip will enter encryption chip information, proprietary key information, hard disk information Row is corresponding and makees cryptographic calculation, while writes the primary partition table of hard disk.At this moment encryption chip, proprietary electron key, hard disk are just tied up It is scheduled on and is used together.
Using above-mentioned technology, only encryption chip, proprietary electron key, hard disk are bound together, lack any one It can not all use.Moreover, if the hard disk after encryption departs from corresponding encryption chip and electron key, on computers None- identified subregion, the data that can not be more encrypted.The method encrypted using this hardware, due to encryption chip, proprietary electricity Sub- key, hard disk, which may belong to different employees, to be responsible for, once leakage of data occurs, it is difficult to the responsibility divulged a secret is traced back to exactly People.
Therefore, it is that those skilled in the art need to solve the problems, such as at present accurately retrospect how to be carried out to leakage of data.
The content of the invention
In view of this, it is an object of the invention to provide a kind of method based on the anti-retrospect of divulging a secret of internet behavior, this method energy It is enough that the behavior of divulging a secret accurately is traced.Its concrete scheme is as follows:
A kind of leakage of data retroactive method, including:
The outgoing messages of network termination in acquisition;
The outgoing messages are compared with default classified information, whether to determine the information type of the outgoing messages For concerning security matters type;
If the information type of the outgoing messages is concerning security matters type, the interior network termination is defined as terminal of divulging a secret.
Optionally, it is described that the outgoing messages are compared with default classified information, to determine the outgoing messages Information type whether be concerning security matters type process, including:
Judge whether comprising default concerning security matters keyword in the outgoing messages, if it is, determining the outgoing messages Information type is concerning security matters type, if it is not, then the information type for determining the outgoing messages is non-concerning security matters type.
Optionally, it is described that the outgoing messages are compared with default classified information, to determine the outgoing messages Information type whether be concerning security matters type process, including:
Using default concerning security matters regular expression, judge whether included and the default concerning security matters canonical table in the outgoing messages Up to information corresponding to formula, if it is, the information type for determining the outgoing messages is concerning security matters type, if it is not, then determining institute The information type for stating outgoing messages is non-concerning security matters type.
Optionally, it is described that the outgoing messages are compared with default classified information, to determine the outgoing messages Information type whether be concerning security matters type process, including:
The data fingerprint of the outgoing messages is calculated, obtains target fingerprint;
Calculate the similarity of the target fingerprint and default confidential data fingerprint;
Judge whether the similarity is more than default similarity threshold, if it is, determining the information of the outgoing messages Type is concerning security matters type, if it is not, then the information type for determining the outgoing messages is non-concerning security matters type.
Optionally, the data fingerprint for calculating the outgoing messages, obtains the process of target fingerprint, including:
Using fuzzy hash algorithm, the data fingerprint of the outgoing messages is calculated, obtains the target fingerprint.
Optionally, the species of the classified information includes:Contract data and/or technology code and/or financial information and/or Graphing of Engineering.
Optionally, if the information type of the outgoing messages is concerning security matters type, in addition to:
Intercept process is carried out to the outgoing messages.
Optionally, the leakage of data retroactive method also includes:
The classified information that has leaked is obtained, target is obtained and divulges a secret information;
Information of being divulged a secret to the target is compared with history outgoing messages collection, true to be concentrated from the history outgoing messages Make and divulged a secret the corresponding history outgoing messages of information with the target, obtain target histories outgoing messages;
Interior network termination corresponding with the target histories outgoing messages is defined as terminal of divulging a secret.
Optionally, the process that information is compared with history outgoing messages collection of being divulged a secret to the target, including:
Compared based on keyword and/or regular expression compares and/or the mode of data fingerprint comparison, the target is let out Confidential information is compared with history outgoing messages collection.
The invention also discloses a kind of leakage of data to trace equipment, including:Memory, processor and it is stored in the storage On device and the leakage of data retrospect program that can run on the processor, leakage of data retrospect program are arranged for carrying out The step of stating leakage of data retroactive method.
The invention also discloses a kind of computer-readable recording medium, number is stored with the computer-readable recording medium According to retrospect program of divulging a secret, the leakage of data retrospect program realizes the step of above-mentioned leakage of data retroactive method when being executed by processor Suddenly.
Leakage of data retroactive method disclosed by the invention, the outgoing messages of acquisition and default classified information are compared, sentenced Whether the information type of disconnected outgoing messages is default classified information, and is determined corresponding when outgoing messages divulge a secret information type to preset Interior network termination, pass through Intranet terminal positioning to the person liable that divulges a secret.This method accurately can be chased after accurately to leakage of data Trace back, be accurately positioned the person liable that divulges a secret.
In addition, leakage of data retroactive method of the present invention can pair have been found that belong to default classified information type Outgoing messages are intercepted, and play a part of early warning, effective reduction factor is according to the loss divulged a secret and brought.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing There is the required accompanying drawing used in technology description to be briefly described, it should be apparent that, drawings in the following description are only this The embodiment of invention, for those of ordinary skill in the art, on the premise of not paying creative work, can also basis The accompanying drawing of offer obtains other accompanying drawings.
Fig. 1 is a kind of leakage of data retroactive method flow chart disclosed by the invention;
Fig. 2 is a kind of specific leakage of data retroactive method flow chart disclosed by the invention;
Fig. 3 is another specific leakage of data retroactive method flow chart disclosed by the invention;
Fig. 4 is the third specific leakage of data retroactive method flow chart disclosed by the invention;
Fig. 5 is another leakage of data retroactive method flow chart disclosed by the invention;
Fig. 6 is the outline flowchart of leakage of data retroactive method disclosed in Fig. 5;
Fig. 7 is leakage of data retroactive method specific implementation process disclosed by the invention;
Fig. 8 is a kind of leakage of data traceability system structural representation disclosed by the invention;
Fig. 9 is the first comparing module structural representation in a kind of leakage of data traceability system disclosed by the invention;
Figure 10 is another leakage of data traceability system structural representation disclosed by the invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete Site preparation describes, it is clear that described embodiment is only part of the embodiment of the present invention, rather than whole embodiments.It is based on Embodiment in the present invention, those of ordinary skill in the art are obtained every other under the premise of creative work is not made Embodiment, belong to the scope of protection of the invention.
It is shown in Figure 1 the embodiment of the invention discloses a kind of leakage of data retroactive method, comprise the following steps:
Step S11:The outgoing messages of network termination in acquisition.
Wherein, Intranet refers to that various computers, external equipment and database link up mutually group by a certain region Into computer communication network, i.e. LAN.Intranet includes but is not limited to corporate office net, campus network.Interior network termination refers to use The communication equipment of Intranet, the computer equipment of company is typically referred to, can also be other mobile communication using Intranet if necessary Equipment.
In the present embodiment, outgoing messages refer to the file being sent out using Intranet, including but not limited to text, voice, The information of the forms such as video.In addition, the outgoing messages in the present embodiment can include the fileinfo without overcompression processing, when The fileinfo in compressed package can also so be included.
It is further noted that in order to eliminate the number such as invalid data that may be present in outgoing messages, duplicate data According to noise, the embodiment of the present invention further can also carry out data cleansing to the outgoing messages of acquisition, to delete in outgoing messages Invalid data and the data noise such as duplicate data, so as to trace the data for providing high quality for leakage of data.
In leakage of data retroactive method disclosed in the present embodiment, if outgoing messages are uncompressed fileinfo, tool Body, when outgoing messages are uncompressed text message, then extract the content of corresponding text message, and the text to extracting Content carries out data cleansing;When outgoing messages are uncompressed voice messaging, generally first voice messaging is known by voice Text message after other technical transform is text message and then converted to voice messaging carries out data cleansing;When outgoing messages is not During compressed video information, generally video information is analyzed using image recognition technology, and to the nothing in video information Imitate data, duplicate data carries out cleaning treatment.
If outgoing messages is the fileinfo in compressed package, recursive solution press-stretched first is carried out to compressed package and is split into monofile, And data cleansing processing is carried out to each monofile obtained after decompression respectively.Wherein, the type of monofile includes but is not limited to Text, voice, video etc..To the cleaning process of the fileinfo after decompression with reference to unpressed fileinfo cleaning process.
Step S12:Outgoing messages are compared with default classified information, whether to determine the information type of outgoing messages For concerning security matters type.
Wherein, above-mentioned default classified information is the confidential information of the important information, mostly enterprise of client.The secret letter of enterprise Breath includes but is not limited to technology confidential information and manages confidential information.Wherein, technology confidential information can include but is not limited to:Skill Art design, technology sample, quality control, application test, technological process, commercial formulations, chemical formulation, manufacture craft, making side Method, computer program etc..Managing confidential information can include but is not limited to:Development plan, contention scheme, management tricks of the trade, client List, the source of goods, production and marketing strategy, financial situation, investment and financing plan, the bidding documents base number of a tender, negotiation scheme etc..In embodiments of the present invention, User can preset the content of classified information according to own situation.
It is understood that the present embodiment can be obtained outer by the way that outgoing messages are compared with default classified information The degree of correlation between photos and sending messages and default classified information, on this basis, and then the information type of outgoing messages can be determined Whether it is concerning security matters type.Step S13:When the information type of outgoing messages is concerning security matters type, then interior network termination is defined as divulging a secret Terminal.
Wherein, above-mentioned terminal of divulging a secret is corresponding interior network termination when the information type of outgoing messages is concerning security matters type.Can be with Understand, by the terminal of divulging a secret determined in above-mentioned steps S13, corresponding blabber's information can be found out.Further , the end message of above-mentioned terminal of divulging a secret and corresponding blabber's information can also be passed through default communication canal by the present embodiment Road is sent to administrator terminal.Wherein, above-mentioned default communications conduit includes but is not limited to email channel, short message channel, social activity Internet channel etc..
Further, the embodiment of the present invention can also be entered to historical outgoing messages and corresponding Intranet end message Row Document Solution, obtain corresponding history outgoing messages collection.In addition, the embodiment of the present invention can also will be by above-mentioned steps 12 The information type corresponding to outgoing messages determined is recorded to above-mentioned history outgoing messages and concentrated.
Leakage of data retroactive method disclosed in the present embodiment, the outgoing messages of acquisition and default classified information are compared, Whether the information type for judging outgoing messages is default classified information, and is determined when outgoing messages divulge a secret information type to preset Corresponding interior network termination, by the Intranet terminal positioning corresponding to information of divulging a secret of determination to the person liable that divulges a secret.This method can be right Leakage of data is accurately traced, and then is accurately positioned the person liable that divulges a secret.
It is shown in Figure 2 the embodiment of the invention discloses a kind of specific leakage of data retroactive method, including following step Suddenly:
Step S21:The outgoing messages of network termination in acquisition.
Step S22:Judge whether comprising default concerning security matters keyword in outgoing messages, if it is, determining outgoing messages Information type is concerning security matters type, if it is not, then the information type for determining outgoing messages is non-concerning security matters type.
Wherein, preset concerning security matters keyword be arranged as required to for client, including but not limited to contract data, technology code, Financial information, Graphing of Engineering;The number of default concerning security matters keyword is the integer more than or equal to 1.If included in outgoing messages Default concerning security matters keyword, no matter the number comprising keyword is for 1 or multiple in outgoing messages, then the letter of this outgoing messages Breath type is concerning security matters type, and otherwise, the information type of outgoing messages is non-concerning security matters type.
Step S23:When the information type of outgoing messages is concerning security matters type, then will be corresponding in network termination be defined as end of divulging a secret End.
It is shown in Figure 3 including following the embodiment of the invention discloses another specific leakage of data retroactive method Step:
Step S31:The outgoing messages of network termination in acquisition.
Step S32:Using default concerning security matters regular expression, judge whether included and default concerning security matters canonical table in outgoing messages Up to information corresponding to formula, if it is, the information type for determining outgoing messages is concerning security matters type, if it is not, then determining outer transmit The information type of breath is non-concerning security matters type.
Wherein, regular expression is a kind of logical formula to string operation, with some the specific words defined in advance The combination of symbol and these specific characters, form one " regular character string ".Information corresponding to " regular character string " includes but unlimited In information such as numeral, codes.Information corresponding to default concerning security matters regular expression can be concerning security matters numeral or concerning security matters generation Code, can also be the classified information of other forms if necessary.
Step S33:When the information type of outgoing messages is concerning security matters type, then will be corresponding in network termination be defined as end of divulging a secret End.
It is shown in Figure 4 the embodiment of the invention discloses the third specific leakage of data retroactive method, including following step Suddenly:
Step S41:The outgoing messages of network termination in acquisition.
Step S42:Outgoing messages are compared with the data fingerprint of default classified information, to determine the letter of outgoing messages Cease whether type is concerning security matters type.
Wherein, step S42 comprises the following steps in this specific embodiment:
Step S421:The data fingerprint of outgoing messages is calculated, obtains target fingerprint.
Wherein, data fingerprint is calculated by fuzzy hash algorithm, represents the data characteristics of outgoing messages.
Step S422:Calculate target fingerprint and the similarity of default confidential data fingerprint.
Step S423:Judge whether target fingerprint and the similarity of default confidential data fingerprint are more than default similarity threshold Value, if it is, the information type for determining outgoing messages is concerning security matters type, if it is not, then determining the information type of outgoing messages For non-concerning security matters type.
Wherein, default similarity threshold be judge outgoing messages information type whether be concerning security matters type critical condition, It is arranged as required to by client.
Step S43:When the information type of outgoing messages is concerning security matters type, then interior network termination is defined as terminal of divulging a secret.
In order to effectively block the approach of leakage of data, further reduction factor is according to the loss brought of divulging a secret, above example Outgoing messages can also be intercepted for the information of classified information type.It is of course also possible to by communications conduit to keeper Prompt message is sent, and by concerning security matters related data Document Solution.Keeper finds out accordingly according to the prompt message received Blabber's information.Wherein, the prompt message sent to keeper includes but is not limited to warning information.Prompting letter is sent to keeper The communications conduit of breath includes but is not limited to email channel, short message channel, social networks channel etc..
It is shown in Figure 5 the invention also discloses a kind of leakage of data retroactive method, comprise the following steps:
Step S51:The classified information that has leaked is obtained, target is obtained and divulges a secret information.
Step S52:Information of being divulged a secret to target is compared with history outgoing messages collection, true to be concentrated from history outgoing messages Make and divulged a secret the corresponding history outgoing messages of information with target, obtain target histories outgoing messages.
Wherein, above-mentioned history outgoing messages collection is the letter for recording the data such as the message of outgoing and corresponding interior network termination Breath set.
In the present embodiment, the process that information of being divulged a secret to target is compared with history outgoing messages collection, including it is but unlimited In:
Compared based on keyword and/or regular expression compares and/or the mode of data fingerprint comparison, letter of being divulged a secret to target Breath is compared with history outgoing messages collection.
Step S53:Interior network termination corresponding with target histories outgoing messages is defined as terminal of divulging a secret.
The synoptic diagram of leakage of data retroactive method, shown in Figure 6 disclosed in the present embodiment, including:Keeper uploads and let out Ciphertext part inputs information of divulging a secret, and traces the person liable that divulges a secret.
It is shown in Figure 7 the invention also discloses the embodiment of leakage of data retroactive method, shown in Fig. 7 For divulge a secret trace back process and the trace back process of divulging a secret for information of having divulged a secret of outgoing messages.
Wherein, specifically included for the trace back process of divulging a secret of outgoing messages:The information that internal network termination is outwardly sent is entered Row intercepts, and obtains outgoing messages, and outgoing messages are uploaded into DAF, then using above-mentioned DAF, Above-mentioned outgoing messages are compared with the default classified information sended in advance by administrator terminal, it is above-mentioned so as to analyze Whether the information type of outgoing messages is concerning security matters type, and information type can be blocked for the outgoing messages of concerning security matters type Cut processing;
In addition, specifically included for the trace back process of divulging a secret for information of having divulged a secret:Set by administrator terminal to data analysis It is standby to upload the classified information for having leaked into the external world, and utilize above-mentioned DAF, to the above-mentioned external world that leaked into Classified information is compared with the history outgoing messages collection collected in advance, with from above-mentioned history outgoing messages concentrate determine with History outgoing messages corresponding to the above-mentioned classified information for having leaked into the external world, then by Intranet corresponding to the history outgoing messages Terminal is defined as terminal of divulging a secret accordingly, further, can also be by the history outgoing messages and corresponding interior network termination letter Breath is sent to administrator terminal by default communications conduit, so as to facilitate keeper to orient the corresponding person liable that divulges a secret.
It is shown in Figure 8 the invention also discloses a kind of leakage of data traceability system, including:
First information acquisition module 11, for obtaining the outgoing messages of interior network termination.
Wherein, interior network termination refers to the communication equipment using Intranet, typically refers to the computer equipment of company, if necessary Can be other mobile communication equipments using Intranet.
In the present embodiment, outgoing messages refer to the file being sent out using Intranet, including but not limited to text, voice, The information of the forms such as video.In addition, the outgoing messages in the present embodiment can include the fileinfo without overcompression processing, when The fileinfo in compressed package can also so be included.
It is further noted that in order to eliminate the number such as invalid data that may be present in outgoing messages, duplicate data According to noise, the embodiment of the present invention further can also carry out data cleansing to the outgoing messages of acquisition, to delete in outgoing messages Invalid data and the data noise such as duplicate data, so as to trace the data for providing high quality for leakage of data.
In leakage of data traceability system disclosed in the present embodiment, if outgoing messages are uncompressed fileinfo, tool Body, when outgoing messages are uncompressed text message, then extract the content of corresponding text message, and the text to extracting Content carries out data cleansing;When outgoing messages are uncompressed voice messaging, generally first voice messaging is known by voice Other technical transform is text message, and the text message after then being converted to voice messaging carries out data cleansing;When outgoing messages are During uncompressed video information, generally video information is analyzed using image recognition technology, and to invalid data, repeat Data carry out cleaning treatment.
If outgoing messages is the fileinfo in compressed package, recursive solution press-stretched first is carried out to compressed package and is split into monofile, And data cleansing processing is carried out to each monofile obtained after decompression respectively.Wherein, the type of monofile includes but is not limited to Text, voice, video etc..The cleaning process of fileinfo after decompression was cleaned with reference to above-mentioned unpressed fileinfo Journey.
First information comparing module 12, for outgoing messages to be compared with default classified information, to determine outer transmit Whether the information type of breath is concerning security matters type.
In the present embodiment, first information comparing module is specifically used for, and judges whether closed in outgoing messages comprising default concerning security matters Key word, if it is, the information type for determining outgoing messages is concerning security matters type, if it is not, then determining the info class of outgoing messages Type is non-concerning security matters type.
Wherein, preset concerning security matters keyword be arranged as required to for client, including but not limited to contract data, technology code, Financial information, Graphing of Engineering;The number of default concerning security matters keyword is the integer more than or equal to 1.If included in outgoing messages Default concerning security matters keyword, no matter the number comprising keyword is for 1 or multiple in outgoing messages, then the letter of this outgoing messages Breath type is concerning security matters type, and otherwise, the information type of outgoing messages is non-concerning security matters type.
In the present embodiment, first information comparing module is specifically additionally operable to, and using default concerning security matters regular expression, judges outgoing Whether information corresponding with default concerning security matters regular expression is included in information, if it is, determining the information type of outgoing messages For concerning security matters type, if it is not, then the information type for determining outgoing messages is non-concerning security matters type.
Wherein, regular expression is a kind of logical formula to string operation, with some the specific words defined in advance The combination of symbol and these specific characters, form one " regular character string ".Information corresponding to " regular character string " includes but unlimited In information such as numeral, codes.Information corresponding to default concerning security matters regular expression can be concerning security matters numeral or concerning security matters generation Code, can also be the classified information of other forms if necessary.
First information comparing module 12 in the embodiment of the present invention also includes with lower unit, shown in Figure 9:
First computing unit 121, for calculating the data fingerprint of outgoing messages, obtains target fingerprint.
Wherein, data fingerprint is calculated by fuzzy hash algorithm, represents the data characteristics of outgoing messages.
Second computing unit 122, for calculating the similarity of target fingerprint and default confidential data fingerprint.
Judging unit 123, for judging whether target fingerprint and the similarity of default confidential data fingerprint are more than default phase Like degree threshold value, if it is, the information type for determining outgoing messages is concerning security matters type, if it is not, then determining the letter of outgoing messages Breath type is non-concerning security matters type.
Wherein, preset similarity threshold, for judge the information type of outgoing messages whether be concerning security matters type critical condition, It is arranged as required to by client.
First Intranet terminal deciding module 13, then will be right for being concerning security matters type when the information type of the outgoing messages The interior network termination answered is defined as terminal of divulging a secret.
Wherein, above-mentioned terminal of divulging a secret is corresponding interior network termination when the information type of outgoing messages is concerning security matters type.Can be with Understand, the terminal of divulging a secret determined by above-mentioned first Intranet terminal deciding module 13, can find out and divulge a secret accordingly Person's information.Further, the present embodiment can also lead to the end message of above-mentioned terminal of divulging a secret and corresponding blabber's information Default communications conduit is crossed to send to administrator terminal.Wherein, above-mentioned default communications conduit include but is not limited to email channel, Short message channel, social networks channel etc..
Further, the embodiment of the present invention can also be entered to historical outgoing messages and corresponding Intranet end message Row Document Solution, obtain corresponding history outgoing messages collection.In addition, the embodiment of the present invention will can also compare by above-mentioned first The information type corresponding to outgoing messages determined in module 12 is recorded to above-mentioned history outgoing messages and concentrated.
In order to effectively block the approach of leakage of data, further reduction factor is according to the loss brought of divulging a secret, above example It can also include:
Information intercepting module, for being intercepted to outgoing messages for the information of classified information type.It is it is of course also possible to logical Cross communications conduit and send prompt message to keeper, and by concerning security matters related data Document Solution.Keeper carries according to what is received Show that information searching goes out corresponding blabber's information.Wherein, the prompt message sent to keeper includes but is not limited to warning information. In addition, the communications conduit that prompt message is sent to keeper includes but is not limited to email channel, short message channel, social networks channel Deng.
It is shown in Figure 10 the invention also discloses a kind of leakage of data traceability system, including:
Second data obtaining module 21, for obtaining the classified information that has leaked, obtain target and divulge a secret information.
Second information comparison module 22, for being divulged a secret to target, information is compared with history outgoing messages collection, with from upper State history outgoing messages and concentrate and determine to divulge a secret the corresponding history outgoing messages of information with the target, obtain target histories outgoing Information.
Wherein, above-mentioned history outgoing messages collection is the letter for recording the data such as the message of outgoing and corresponding interior network termination Breath set.
In the present embodiment, include for information of being divulged a secret to target with the method that history outgoing messages collection is compared but unlimited In:Compared based on keyword and/or regular expression compares and/or the mode of data fingerprint comparison, letter of being divulged a secret to the target Breath is compared with history outgoing messages collection.
Second Intranet terminal deciding module 23, for interior network termination corresponding with the target histories outgoing messages to be determined For terminal of divulging a secret.
Invention additionally discloses a kind of leakage of data to trace equipment, including:Memory, processor and it is stored in the memory Leakage of data retrospect program that is upper and can running on the processor.Wherein, leakage of data retrospect program is arranged for carrying out The step of stating leakage of data retroactive method, will not be repeated here.
The invention also discloses a kind of computer-readable recording medium, is stored with leakage of data retrospect program.Wherein, data Divulge a secret and trace the step of realizing leakage of data retroactive method described above when program is executed by processor, will not be repeated here.
Finally, it is to be noted that, herein, such as first and second or the like relational terms be used merely to by One entity or operation make a distinction with another entity or operation, and not necessarily require or imply these entities or operation Between any this actual relation or order be present.Moreover, term " comprising ", "comprising" or its any other variant meaning Covering including for nonexcludability, so that process, method, article or equipment including a series of elements not only include that A little key elements, but also the other element including being not expressly set out, or also include for this process, method, article or The intrinsic key element of equipment.In the absence of more restrictions, the key element limited by sentence "including a ...", is not arranged Except other identical element in the process including the key element, method, article or equipment being also present.
Leakage of data retroactive method, equipment and computer-readable recording medium provided by the present invention have been carried out in detail above Thin to introduce, specific case used herein is set forth to the principle and embodiment of the present invention, and above example is said It is bright to be only intended to help the method and its core concept for understanding the present invention;Meanwhile for those of ordinary skill in the art, foundation The thought of the present invention, there will be changes in specific embodiments and applications, in summary, this specification content is not It is interpreted as limitation of the present invention.

Claims (11)

  1. A kind of 1. leakage of data retroactive method, it is characterised in that including:
    The outgoing messages of network termination in acquisition;
    The outgoing messages are compared with default classified information, to determine whether the information type of the outgoing messages is to relate to Close type;
    If the information type of the outgoing messages is concerning security matters type, the interior network termination is defined as terminal of divulging a secret.
  2. 2. leakage of data retroactive method according to claim 1, it is characterised in that described to the outgoing messages and default Classified information is compared, with determine the information type of the outgoing messages whether be concerning security matters type process, including:
    Judge whether comprising default concerning security matters keyword in the outgoing messages, if it is, determining the information of the outgoing messages Type is concerning security matters type, if it is not, then the information type for determining the outgoing messages is non-concerning security matters type.
  3. 3. leakage of data retroactive method according to claim 1, it is characterised in that described to the outgoing messages and default Classified information is compared, with determine the information type of the outgoing messages whether be concerning security matters type process, including:
    Using default concerning security matters regular expression, judge whether included and the default concerning security matters regular expression in the outgoing messages Corresponding information, if it is, the information type for determining the outgoing messages is concerning security matters type, if it is not, then determining described outer The information type of photos and sending messages is non-concerning security matters type.
  4. 4. leakage of data retroactive method according to claim 1, it is characterised in that described to the outgoing messages and default Classified information is compared, with determine the information type of the outgoing messages whether be concerning security matters type process, including:
    The data fingerprint of the outgoing messages is calculated, obtains target fingerprint;
    Calculate the similarity of the target fingerprint and default confidential data fingerprint;
    Judge whether the similarity is more than default similarity threshold, if it is, determining the information type of the outgoing messages For concerning security matters type, if it is not, then the information type for determining the outgoing messages is non-concerning security matters type.
  5. 5. leakage of data retroactive method according to claim 4, it is characterised in that the number for calculating the outgoing messages According to fingerprint, the process of target fingerprint is obtained, including:
    Using fuzzy hash algorithm, the data fingerprint of the outgoing messages is calculated, obtains the target fingerprint.
  6. 6. leakage of data retroactive method according to claim 1, it is characterised in that the species of the classified information includes: Contract data and/or technology code and/or financial information and/or Graphing of Engineering.
  7. 7. leakage of data retroactive method according to claim 1, it is characterised in that if the information type of the outgoing messages For concerning security matters type, then also include:
    Intercept process is carried out to the outgoing messages.
  8. 8. the leakage of data retroactive method according to any one of claim 1 to 7, it is characterised in that also include:
    The classified information that has leaked is obtained, target is obtained and divulges a secret information;
    Information of being divulged a secret to the target is compared with history outgoing messages collection, is determined with being concentrated from the history outgoing messages Divulged a secret the corresponding history outgoing messages of information with the target, obtain target histories outgoing messages;
    Interior network termination corresponding with the target histories outgoing messages is defined as terminal of divulging a secret.
  9. 9. leakage of data retroactive method according to claim 8, it is characterised in that it is described the target is divulged a secret information with The process that history outgoing messages collection is compared, including:
    Compared based on keyword and/or regular expression compares and/or the mode of data fingerprint comparison, letter of being divulged a secret to the target Breath is compared with history outgoing messages collection.
  10. 10. a kind of leakage of data traces equipment, it is characterised in that video retrospect equipment of divulging a secret includes:Memory, processor And it is stored in the leakage of data retrospect program that can be run on the memory and on the processor, the leakage of data retrospect Program is arranged for carrying out the step of leakage of data retroactive method as claimed in any one of claims 1-9 wherein.
  11. 11. a kind of computer-readable recording medium, it is characterised in that be stored with data on the computer-readable recording medium and let out Close retrospect program, the leakage of data retrospect program realize the number as described in any one of claim 1 to 9 when being executed by processor According to divulge a secret retroactive method the step of.
CN201710656764.XA 2017-08-03 2017-08-03 Data leakage tracing method and device and computer readable storage medium Active CN107483422B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710656764.XA CN107483422B (en) 2017-08-03 2017-08-03 Data leakage tracing method and device and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710656764.XA CN107483422B (en) 2017-08-03 2017-08-03 Data leakage tracing method and device and computer readable storage medium

Publications (2)

Publication Number Publication Date
CN107483422A true CN107483422A (en) 2017-12-15
CN107483422B CN107483422B (en) 2020-10-27

Family

ID=60598062

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710656764.XA Active CN107483422B (en) 2017-08-03 2017-08-03 Data leakage tracing method and device and computer readable storage medium

Country Status (1)

Country Link
CN (1) CN107483422B (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108494797A (en) * 2018-04-16 2018-09-04 深信服科技股份有限公司 Data monitoring and managing method, system, equipment and storage medium based on virtualization technology
CN108566372A (en) * 2018-03-01 2018-09-21 云易天成(北京)安全科技开发有限公司 Fileinfo leakage prevention method, medium and equipment based on hash algorithm
CN108959960A (en) * 2018-06-19 2018-12-07 努比亚技术有限公司 Prevent the method, apparatus and computer readable storage medium of privacy leakage
CN114077722A (en) * 2021-10-20 2022-02-22 深信服科技股份有限公司 Data leakage tracking method and device, electronic equipment and computer storage medium
WO2022103521A1 (en) * 2020-11-16 2022-05-19 Microsoft Technology Licensing, Llc Data leak detection using similarity mapping
WO2022135308A1 (en) * 2020-12-21 2022-06-30 华为云计算技术有限公司 Method and apparatus for detecting media data
CN115470524A (en) * 2022-10-31 2022-12-13 中国电力科学研究院有限公司 Method, system, equipment and medium for detecting leakage of confidential documents

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN201477603U (en) * 2009-08-31 2010-05-19 四川中跃科技有限责任公司 Party and government network secret-associated information remote supervision checking system
CN102968600A (en) * 2012-10-30 2013-03-13 国网电力科学研究院 Full life-cycle management method for sensitive data file based on fingerprint information implantation
CN104486320A (en) * 2014-12-10 2015-04-01 国家电网公司 Intranet sensitive information disclosure evidence collection system and method based on honeynet technology
CN104700034A (en) * 2013-12-04 2015-06-10 大连东浦机电有限公司 Method for monitoring risk of uploaded network disk data, based on keyword extraction strategy
CN106446707A (en) * 2016-08-31 2017-02-22 北京明朝万达科技股份有限公司 Dynamic data leakage prevention system and method

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN201477603U (en) * 2009-08-31 2010-05-19 四川中跃科技有限责任公司 Party and government network secret-associated information remote supervision checking system
CN102968600A (en) * 2012-10-30 2013-03-13 国网电力科学研究院 Full life-cycle management method for sensitive data file based on fingerprint information implantation
CN104700034A (en) * 2013-12-04 2015-06-10 大连东浦机电有限公司 Method for monitoring risk of uploaded network disk data, based on keyword extraction strategy
CN104486320A (en) * 2014-12-10 2015-04-01 国家电网公司 Intranet sensitive information disclosure evidence collection system and method based on honeynet technology
CN106446707A (en) * 2016-08-31 2017-02-22 北京明朝万达科技股份有限公司 Dynamic data leakage prevention system and method

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108566372A (en) * 2018-03-01 2018-09-21 云易天成(北京)安全科技开发有限公司 Fileinfo leakage prevention method, medium and equipment based on hash algorithm
CN108494797A (en) * 2018-04-16 2018-09-04 深信服科技股份有限公司 Data monitoring and managing method, system, equipment and storage medium based on virtualization technology
CN108959960A (en) * 2018-06-19 2018-12-07 努比亚技术有限公司 Prevent the method, apparatus and computer readable storage medium of privacy leakage
CN108959960B (en) * 2018-06-19 2020-08-21 南昌努比亚技术有限公司 Method, device and computer readable storage medium for preventing privacy disclosure
WO2022103521A1 (en) * 2020-11-16 2022-05-19 Microsoft Technology Licensing, Llc Data leak detection using similarity mapping
WO2022135308A1 (en) * 2020-12-21 2022-06-30 华为云计算技术有限公司 Method and apparatus for detecting media data
CN114077722A (en) * 2021-10-20 2022-02-22 深信服科技股份有限公司 Data leakage tracking method and device, electronic equipment and computer storage medium
CN115470524A (en) * 2022-10-31 2022-12-13 中国电力科学研究院有限公司 Method, system, equipment and medium for detecting leakage of confidential documents

Also Published As

Publication number Publication date
CN107483422B (en) 2020-10-27

Similar Documents

Publication Publication Date Title
CN107483422A (en) Leakage of data retroactive method, equipment and computer-readable recording medium
Zhang et al. A historical probability based noise generation strategy for privacy protection in cloud computing
Zhang et al. Cryptographic public verification of data integrity for cloud storage systems
US20180288084A1 (en) Method and device for automatically establishing intrusion detection model based on industrial control network
CN111368297B (en) Privacy protection mobile malicious software detection method, system, storage medium and application
CN111431862B (en) Network security deep protection method and system for threat-driven power monitoring system
CN112766495A (en) Deep learning model privacy protection method and device based on mixed environment
Kumar et al. Understanding the behaviour of android ransomware attacks with real smartphones dataset
Nguyen et al. Human-in-the-loop XAI-enabled vulnerability detection, investigation, and mitigation
Senosi et al. Classification and evaluation of privacy preserving data mining: a review
Ferrucci et al. A Wireless Intrusion Detection for the Next Generation (5G) Networks”
Akbar et al. Knowledge mining in cybersecurity: From attack to defense
Noor et al. An association rule mining-based framework for profiling regularities in tactics techniques and procedures of cyber threat actors
Ferrag et al. Revolutionizing cyber threat detection with large language models: A privacy-preserving bert-based lightweight model for iot/iiot devices
CN111475690B (en) Character string matching method and device, data detection method and server
CN116055067B (en) Weak password detection method, device, electronic equipment and medium
Hussain et al. Analysis application of big data-based analysis of network security and intelligence
Al Baalbaki et al. Autonomic critical infrastructure protection (acip) system
Srinarayani et al. Detection of Botnet Traffic using Deep Learning Approach
Gudlur et al. Industrial internet of things (iiot) of forensic and vulnerabilities
Wenbo et al. AMC-MDL: A novel approach of android malware classification using multimodel deep learning
Kim et al. Scam detection assistant: Automated protection from scammers
CN113360575A (en) Method, device, equipment and storage medium for supervising transaction data in alliance chain
Trifonov et al. Analytical Choice of an Effective Cyber Security Structure with Artificial Intelligence in Industrial Control Systems
Kaur et al. Wavelets based anomaly-based detection system or J48 and Naïve Bayes based signature-based detection system: A comparison

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant