CN107633183B - Data leakage detection method based on sensitivity of query result set - Google Patents
Data leakage detection method based on sensitivity of query result set Download PDFInfo
- Publication number
- CN107633183B CN107633183B CN201710905803.5A CN201710905803A CN107633183B CN 107633183 B CN107633183 B CN 107633183B CN 201710905803 A CN201710905803 A CN 201710905803A CN 107633183 B CN107633183 B CN 107633183B
- Authority
- CN
- China
- Prior art keywords
- data
- sensitivity
- relationship
- result set
- query result
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a data leakage detection method based on the sensitivity of a query result set, which comprises the following steps: i, constructing a corresponding sensitivity evaluation model according to the sensitivity of data in a database, wherein the sensitivity evaluation model not only comprises the sensitivity and inheritance relationship of each table and attribute in the database, but also comprises the association relationship among the attributes; II, acquiring a result set returned by a user query database, and calculating the sensitivity of the query result set according to a sensitivity evaluation model; and III, accumulating the sensitivity of a plurality of query result sets of the user in a certain time window, and if the sensitivity exceeds a threshold value of the user (user role), giving an alarm to an administrator. The method can effectively detect the occurrence of data leakage events and improve the safety of data.
Description
Technical Field
The invention relates to a data leakage detection technology based on the sensitivity of a query result set, and belongs to the technical field of data security.
Background
Data is an important asset for organizations, businesses, and individuals, but data leakage events occur from time to time and cause significant losses to data owners. In recent years, data leakage is the source of the black industry chain of information selling. Although access control can ensure that only users with authority can access corresponding data, and can effectively prevent data leakage, generally, business systems adopt a relatively loose access control mechanism due to the influence of system performance, management cost and the like. The direct expression of the loose access mechanism is that users usually obtain more rights than actually needed, and can access sensitive data beyond normal business requirements, which obviously creates hidden danger for data security burying of a database system. Therefore, the traditional access control mechanism needs the cooperation of data leakage detection technology, so that a data owner can find and process data leakage events in time, and the loss caused by data leakage is reduced.
In the prior art, an M-Score method is mostly adopted for data leakage detection, but the method needs a database expert to define a detailed sensitivity function in advance, lacks consideration on the relation between data objects, and cannot accurately and efficiently evaluate the sensitivity degree of data. Therefore, the invention comprehensively considers the inheritance relationship, the association relationship and the reasoning relationship among the data objects, provides a more efficient and accurate data sensitivity evaluation method and is applied to data leakage detection.
Disclosure of Invention
The technical problem is as follows: the invention aims to solve the technical problem of how to design an effective data leakage detection method, which can efficiently and effectively detect the occurrence of data leakage events so as to ensure the safety of data.
The technical scheme is as follows: the invention adopts the following technical scheme:
a data leak detection method based on query result set sensitivity, the method comprising the steps of:
constructing a sensitivity evaluation model, wherein the sensitivity evaluation model comprises a table in a database, the sensitivity of attributes and inheritance relations of the attributes, and association relations among the attributes;
II, obtaining a returned result set of the interactive query request of the user and the database; calculating the sensitivity of the query result set according to a sensitivity evaluation model;
and III, accumulating the sensitivity of a plurality of query result sets of the user in a certain time window, and if the sensitivity exceeds a threshold value of the user (user role), giving an alarm to an administrator.
Further, in the step I, the sensitivity evaluation model is constructed according to the sensitivity of the database by referring to the domain knowledge of database experts.
The step I comprises the following steps:
s101, establishing an inheritance relationship data model IDM containing the sensitivity of each table and attribute of a database;
s102, establishing an incidence relation data model ADM containing incidence relation sensitivities among the attributes.
Further, in the step S101, the inheritance relationship data model IDM represents inheritance relationships among data in different layers, and is composed of the following five elements: data table, attribute column, unit data, hierarchical relation and initial marking function. In the model, a database table and attributes have different levels of sensitivity, the sensitivity of the attributes in the table is not lower than that of the table, and the general sensitivity of the attributes with strong identification capability is higher;
in step S102, the association relationship includes an inference relationship and a combination relationship. The inference relationship refers to a one-way association relationship in which one data object can infer another data object. The combination relation refers to a two-way association relation that the combination of two data objects can improve the information identification degree. The incidence relation data model ADM consists of five parts, namely a data object, a reasoning relation, a combination relation, a reasoning relation mark function and a combination relation mark function.
Further, in the step ii, a result set of the user query request is obtained, and the sensitivity of the result set is calculated, mainly considering the following three factors: the sensitivity of the data itself, the number of data records, and the data differentiation factor.
The step II comprises the following steps:
s201, calculating sensitivity NS (x) of each unit data x in a query result set according to an inheritance relation data model IDM;
s202, calculating the sensitivity MS (X) of each row of data X according to the sensitivity NS (X) of each unit data X and an association relation data model ADM; s203, aiming at the r row data in the Result Set of the query Result, calculating the sensitivity of the whole query Result Set.
Further, in the step iii, the alarm information includes information such as a user name, current query result set sensitivity, and a timestamp; the time window is set by an administrator according to experience knowledge and is a time period for which the sensitivity of data accessed by a user is kept relatively stable; the administrator may adjust the sensitivity threshold based on the permissions of different users or user roles, historical behavior, and other factors.
Further, in the step S101, the inheritance relationship data model IDM represents inheritance relationships among data in different layers, and is composed of the following five elements: the method comprises the following steps of (1) a data table, an attribute column, unit data, a hierarchical relationship and an initial marking function;
expressed as:
IDM=(T,A,C,HR,IL)
wherein T is a set of data tables; a is a collection of attribute columns; c is a set of cell data; HR represents the inheritance relationship between data objects of different layers; IL is an initial mark function, which defines the sensitivity of data tables, attribute columns and cell data;
in step S102, the association data model ADM is composed of five parts, namely, a data object, a reasoning relationship, a combination relationship, a reasoning relationship labeling function, and a combination relationship labeling function, and is expressed in a formula:
ADM=(I,IR,CR,IRL,CRL)
wherein, I refers to a data object, including a data table, an attribute column, unit data and the like; IR refers to reasoning relationships; CR refers to a combinatorial relationship; IRL refers to a reasoning relation marking function and gives a probability value of part of reasoning relations; CRL is a combined relation marking function and gives the sensitivity magnification of partial combined relation;
reasoning relations, i.e. between two data objects from one data object canReasoning to obtain the incidence relation of another data object, which is a unidirectional incidence relation; the formulation is expressed as: assuming that an inference relationship IR exists between data objects x, y, the probability of inferring data object y from data object x is denoted IRLx→yThe probability of reasoning about data object x from data object y is denoted IRLy→xIn general, IRLx→y≠IRLy→x;
A combination relationship, that is, an association relationship in which two data objects are combined to improve the identification degree of information, which is a bidirectional association relationship; the formulation is expressed as: assuming that a combined relationship CR exists between data objects x, y, the multiple of the combined magnification sensitivity of data object x and data object y is denoted as CRLx→yThe magnification of the combined magnification sensitivity of data object y and data object x is denoted as CRLy→xIn general, CRLx→y=CRLy→x。
Has the advantages that: compared with the prior art, the invention has the advantages that:
(1) when calculating the sensitivity of a data unit, the invention considers the sensitivity of tables and attributes and the inheritance relationship thereof; when calculating the sensitivity of a data record, the incidence relation between attributes is considered, including reasoning relation and combination relation; when the sensitivity (a plurality of data records) of the query result set is calculated, not only the sensitivity of the data records is considered, but also the influence of the number of the data records and the data distinguishing factor on the sensitivity degree of the query result set is considered. Therefore, the invention considers the factors more comprehensively, and the sensitivity of the query result set is calculated more reasonably and accurately.
(2) The invention adopts the sensitivity evaluation model, which can effectively reduce the intervention of manual sensitivity calculation on the query result set; the administrator can adjust the sensitivity threshold of each user (user role), and the method is flexible. Therefore, the data leakage detection method designed by the invention is more efficient and practical.
Drawings
FIG. 1 is a schematic flow chart of a data leakage detection method according to the present invention;
FIG. 2 is an example of an inheritance relationship data model in the present invention;
FIG. 3 is an example of an associative relationship data model inference relationship in the present invention;
FIG. 4 is an example of a relational data model composition relationship in the present invention.
Detailed Description
FIG. 1 is a flow chart of a data leakage detection method according to the present invention.
The embodiment provides a data leakage detection method based on the sensitivity of a query result set, which comprises the following steps:
the method comprises the following steps of firstly, constructing a sensitivity evaluation model, wherein the sensitivity evaluation model not only comprises a table in a database, the sensitivity of attributes and inheritance relations of the attributes, but also comprises association relations among the attributes;
step two, obtaining a return result set of the interactive query request of the user and the database; calculating the sensitivity of the query result set according to a sensitivity evaluation model;
and step three, accumulating the sensitivity of a plurality of query result sets of the user in a certain time window, and if the sensitivity exceeds the threshold of the user (user role), sending an alarm to an administrator.
Step one, establishing a sensitivity evaluation model according to domain knowledge of database experts, and specifically comprising the following steps:
s101, establishing an inheritance relationship data model IDM containing the sensitivity of each table and attribute of a database;
s102, establishing an incidence relation data model ADM containing incidence relation sensitivities among the attributes.
In step S101, the inheritance relationship data model IDM represents inheritance relationships between data in different layers, and is composed of the following five elements: data table, attribute column, unit data, hierarchical relation and initial mark function, which are represented by symbols as:
IDM=(T,A,C,HR,IL)
wherein T is a set of data tables; a is a collection of attribute columns; c is a set of cell data; HR ═ T × A ═ A × C denotes the inheritance relationship between data objects of different levels; IL is an initial labeling function that defines the sensitivity of the data table, attribute columns, and cell data.
The table and the attributes in the database have different levels of sensitivity, and the sensitivity of the attributes in the table is not lower than that of the table in which the attributes are located. Supposing that a database TestDB is provided, wherein the database comprises two tables, one Table is named Table _ User and comprises attributes of Name, Sex, Phone, Address and ID _ number; the Other Table is called Table _ Other and contains attributes Name, Passsword, Purchase _ history. From empirical knowledge, an inheritance relationship data model such as fig. 2 can be established, where a rectangle represents a data table or attribute and an ellipse represents specific data in a database. Assuming that the sensitivity ranges from 10 to 100, a larger value indicates that the table or attribute is more sensitive. The sensitivity of both tables is 10, the sensitivity of each attribute is different, and the sensitivity of the telephone number (Phone), the Address (Address) and the identification number (ID _ number) is high, because such information can be basically and directly positioned to an individual, and the sensitivity is low because the capability of the gender information (six) for identifying the individual is poor. The solid line between the upper and lower nodes represents the hierarchical relationship between the two nodes, for example, in fig. 2, the number "320 xxxxxxxxxxx" is one of the data in the attribute ID _ number, the Address "xxxxxx" in the Jiangsu province is one of the data in the attribute Address, and the ID _ number and the Address are the attributes in the Table _ User.
In step S102, the association data model ADM is composed of five parts, namely, a data object, a reasoning relationship, a combination relationship, a reasoning relationship labeling function, and a combination relationship labeling function, and is expressed in a formula:
ADM=(I,IR,CR,IRL,CRL)
wherein, I refers to a data object, and comprises different layers of a data table, an attribute column, unit data and the like;
refers to a reasoning relationship;
refers to a combination relationship; IRL refers to a reasoning relation marking function and gives a probability value of part of reasoning relations; CRL refers to a combined relation marking function, and gives partial combined relation sensitivityThe magnification factor.
The inference relationship, that is, the association relationship between two data objects, where one data object can infer the other data object, is a unidirectional association relationship. The formulation is expressed as: assuming that an inference relationship IR exists between data objects x, y, the probability of inferring data object y from data object x is denoted IRLx→yThe probability of reasoning about data object x from data object y is denoted IRLy→xIn general, IRLx→y≠IRLy→x。
The combination relationship, that is, the association relationship in which two data objects are combined to improve the identification degree of the information, is a bidirectional association relationship. The formulation is expressed as: assuming that a combined relationship CR exists between data objects x, y, the multiple of the combined magnification sensitivity of data object x and data object y is denoted as CRLx→yThe magnification of the combined magnification sensitivity of data object y and data object x is denoted as CRLy→xIn general, CRLx→y=CRLy→x。。
FIG. 3 is a schematic diagram of the inference relationship between the attribute ID _ number and other attributes, where the upper half of the rectangle in the diagram gives the name of the attribute, the lower half of the rectangle shows the attribute sensitivity defined in the hierarchical data model, the line between the attribute x and the attribute y represents the inference relationship between the two attributes, and the value on the line is the probability IR that y is known from x inferencex→y,IRx→y∈[0,1]. FIG. 4 is a schematic diagram of the combination relationship between the attribute Name and other attributes, in which the meaning of the rectangular box is the same as that in FIG. 3, the line between the attribute x and the attribute y represents the combination relationship between the two attributes, and the value on the line is the multiple CR of the combined magnification sensitivity of x and yx→y,CRx→y∈[1,10]The value is an empirical value given according to data sensitivity in the database, the larger the value is, the greater the sensitivity of the association is, the most sensitive is the association between the attribute Name and the attribute Password, so that the value of the connecting line between the attribute Name and the attribute Password is larger than that of other attributes.
The association relationship is considered from the attribute column level, and a two-dimensional table representation is used. Suppose there is a total of all databasesThere are M attributes. The inference relation probability value from attribute i to attribute j is denoted as Ai→j,Ai→j∈[0,1]And A isi→j≠Aj→i,
Then IR ═ Ai→jI is more than or equal to 1, and M is more than or equal to j; the combined relationship between attribute i and attribute j is represented as Bi→j,Bi→j∈[1,10]And Bi→j=Bj→i,
Then CR is ═ Bi→j1 is less than or equal to i, j is less than or equal to M, and j is more than i.
Step two, obtaining a result set of the user query request, and calculating the sensitivity of the result set, wherein the following three factors are mainly considered: the sensitivity of the data itself, the number of data records, and the data differentiation factor. The method comprises the following specific steps:
s201, calculating sensitivity NS (x) of each unit data x in a query result set according to an inheritance relation data model IDM;
s202, calculating the sensitivity MS (X) of each row of data X according to the sensitivity NS (X) of each unit data X and the n attributes of the association relation data model ADM and Result Set;
s203, aiming at the r row data in the ResultSet query result set, calculating the sensitivity of the whole query result set.
In step S201, the sensitivity of the unit data may be calculated according to the hierarchical relationship between the hierarchies. Given the data model IDM ═ (T, a, C, HR, IL) and nodes x, y, then
For example, in FIG. 2, the NS (x) value of "xxxxxx in Jiangsu province" in Address is 50. Because the sensitivity of the cell data is not specified in the model, its data sensitivity ns (x) is equal to the sensitivity of the node on the upper layer, i.e., the sensitivity of the attribute Address.
Step S20In 2, the sensitivity MS (X) is determined for a set X of a plurality of data objects, for example from the cell data c1,c2,...,cnA data set of c1,c2,...,cnAre respectively an attribute a1,a2,...,anThe sensitivity of the unit data is NS (c)1),NS(c2),...,NS(cn). The combined relationship amplifies sensitivity compared to the superposition of sensitivity of the data of the individual cells, while the inferred relationship reduces sensitivity, so that simple passing through NS (c) is not possible1)+NS(c2)+...+NS(cn) To calculate MS (X). The strategy adopted by the invention is as follows: for unit data cpThe corresponding attribute is apAnd c andpthe set of related combinatorial relationships is CRp={Bp→qQ is more than or equal to 1 and less than or equal to n, and can reason cpIs set to IRp={Aq→pQ is more than or equal to 1 and less than or equal to n, and unit data cpThe contribution to the set X sensitivity MS (X) is (max { B)p→q}-max{Aq→p})×NS(cp) Q is 1. ltoreq. n, so the sensitivity of the set X
In step S203, the sensitivity of the whole returned result set is calculated
Wherein the λ parameter is a weight of the number of data records to the sensitivity of the returned result set; dXIs a data differentiation factor, which indicates how unique the row of data is in the database, and can be represented by the number of times the piece of data appears in the database. Suppose that the row data X consists of unit data c1,c2,...,cnComposition c1,c2,...,cnThe corresponding attributes are respectively a1,a2,...,anThe following commands are executed:
is DXThe value of (c).
And step three, setting a corresponding data sensitivity threshold value for each user or user role. And in a certain time window, if the sensitivity of the query result set of the user exceeds a specified threshold, an alarm is sent to an administrator, and the alarm information comprises information such as a user name, the current sensitivity of the query result set, a timestamp and the like. The time window is set by an administrator according to experience knowledge and is a time period for which the sensitivity of data accessed by a user is kept relatively stable; the administrator may adjust the sensitivity threshold based on the permissions of different users or user roles, historical behavior, and other factors. In addition, if after an alarm occurs, it is confirmed that no data leak event has occurred, the administrator may choose to raise the data sensitivity threshold for that user or user role.
Finally, it should be noted that: the above embodiments are only used for illustrating the technical solutions of the present application and not for limiting the scope of protection thereof, and although the present application is described in detail with reference to the above embodiments, those of ordinary skill in the art should understand that: numerous variations, modifications, and equivalents will occur to those skilled in the art upon reading the present application and are within the scope of the claims appended hereto.
Claims (3)
1. A data leakage detection method based on the sensitivity of a query result set is characterized in that: the method comprises the following steps:
constructing a sensitivity evaluation model, wherein the sensitivity evaluation model comprises a table in a database, the sensitivity of attributes and inheritance relations of the attributes, and association relations among the attributes;
II, obtaining a returned result set of the interactive query request of the user and the database; calculating the sensitivity of the query result set according to a sensitivity evaluation model;
III, accumulating the sensitivity of a plurality of query result sets of the user in a certain time window, and if the sensitivity exceeds the threshold of the user or the user role, sending an alarm to an administrator;
in the step I, the sensitivity evaluation model comprises an inheritance relationship data model and an association relationship data model;
the step I comprises the following steps:
s101, establishing an inheritance relationship data model IDM containing the sensitivity of each table and attribute of a database;
s102, establishing an incidence relation data model ADM containing incidence relation sensitivities among the attributes;
in step S101, the inheritance relationship data model IDM represents inheritance relationships between data in different layers, and includes the following five elements: the method comprises the following steps of (1) a data table, an attribute column, unit data, a hierarchical relationship and an initial marking function;
expressed as:
IDM=(T,A,C,HR,IL)
wherein T is a set of data tables; a is a collection of attribute columns; c is a set of cell data; HR represents the inheritance relationship between data objects of different layers; IL is an initial mark function, which defines the sensitivity of data tables, attribute columns and cell data;
in step S102, the association data model ADM is composed of five parts, namely, a data object, a reasoning relationship, a combination relationship, a reasoning relationship labeling function, and a combination relationship labeling function, and is expressed in a formula:
ADM=(I,IR,CR,IRL,CRL)
wherein, I refers to a data object, including a data table, an attribute column and unit data; IR refers to reasoning relationships; CR refers to a combinatorial relationship; IRL refers to a reasoning relation marking function and gives a probability value of part of reasoning relations; CRL is a combined relation marking function and gives the sensitivity magnification of partial combined relation;
the reasoning relationship is that the incidence relationship of another data object can be inferred from one data object between two data objects, which is a unidirectional incidence relationship; the formulation is expressed as: assuming that an inference relationship IR exists between data objects x, y, the probability of inferring data object y from data object x is denoted IRLx→yReasoning about data from data object yThe probability of object x is denoted IRLy→x,IRLx→y≠IRLy→x;
A combination relationship, that is, an association relationship in which two data objects are combined to improve the identification degree of information, which is a bidirectional association relationship; the formulation is expressed as: assuming that a combined relationship CR exists between data objects x, y, the multiple of the combined magnification sensitivity of data object x and data object y is denoted as CRLx→yThe magnification of the combined magnification sensitivity of data object y and data object x is denoted as CRLy→x,CRLx→y=CRLy→x。
2. The method of claim 1, wherein the data leak detection based on query result set sensitivity comprises: in the step II, three factors of the sensitivity degree of the data, the number of data records and a data distinguishing factor are considered in calculating the sensitivity of the query result set;
the step II comprises the following steps:
s201, calculating sensitivity NS (x) of each unit data x in a query result set according to an inheritance relation data model IDM;
s202, calculating the sensitivity MS (X) of each row of data X according to the sensitivity NS (X) of each unit data X and an association relation data model ADM;
s203, aiming at r rows of data in a query result set, calculating the sensitivity of the whole query result set;
where the lambda parameter represents the weight of the sensitivity of the number of strips to the query result set, DXIs a differentiating factor for the row of data that indicates how unique the row of data is in the database.
3. The method of claim 1, wherein the data leak detection based on query result set sensitivity comprises: in the step III, the sensitivity threshold is an upper limit of data sensitivity set by the administrator for each user or user role.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710905803.5A CN107633183B (en) | 2017-09-29 | 2017-09-29 | Data leakage detection method based on sensitivity of query result set |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710905803.5A CN107633183B (en) | 2017-09-29 | 2017-09-29 | Data leakage detection method based on sensitivity of query result set |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107633183A CN107633183A (en) | 2018-01-26 |
| CN107633183B true CN107633183B (en) | 2020-10-02 |
Family
ID=61103173
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710905803.5A Active CN107633183B (en) | 2017-09-29 | 2017-09-29 | Data leakage detection method based on sensitivity of query result set |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107633183B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108446270B (en) * | 2018-03-06 | 2021-06-08 | 平安科技(深圳)有限公司 | Electronic device, early warning method of system sensitive content and storage medium |
| CN110704873B (en) * | 2019-09-25 | 2021-05-25 | 全球能源互联网研究院有限公司 | Method and system for preventing sensitive data from being leaked |
| CN113139206A (en) * | 2020-03-16 | 2021-07-20 | 刘琴 | Private customer information management system of medical institution |
| CN113157541B (en) * | 2021-04-20 | 2024-04-05 | 贵州优联博睿科技有限公司 | Multi-concurrency OLAP type query performance prediction method and system for distributed database |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2570959A2 (en) * | 2011-09-19 | 2013-03-20 | Deutsche Telekom AG | A method of estimating the potential damage of data leakage incident by assigning misuseability weight |
| CN105512566A (en) * | 2015-11-27 | 2016-04-20 | 电子科技大学 | Health data privacy protection method based on K-anonymity |
| CN106778314A (en) * | 2017-03-01 | 2017-05-31 | 全球能源互联网研究院 | A kind of distributed difference method for secret protection based on k means |
| CN106940777A (en) * | 2017-02-16 | 2017-07-11 | 湖南宸瀚信息科技有限责任公司 | A kind of identity information method for secret protection measured based on sensitive information |
| CN107169361A (en) * | 2017-06-15 | 2017-09-15 | 深信服科技股份有限公司 | The detection method and system of a kind of leaking data |
-
2017
- 2017-09-29 CN CN201710905803.5A patent/CN107633183B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2570959A2 (en) * | 2011-09-19 | 2013-03-20 | Deutsche Telekom AG | A method of estimating the potential damage of data leakage incident by assigning misuseability weight |
| CN105512566A (en) * | 2015-11-27 | 2016-04-20 | 电子科技大学 | Health data privacy protection method based on K-anonymity |
| CN106940777A (en) * | 2017-02-16 | 2017-07-11 | 湖南宸瀚信息科技有限责任公司 | A kind of identity information method for secret protection measured based on sensitive information |
| CN106778314A (en) * | 2017-03-01 | 2017-05-31 | 全球能源互联网研究院 | A kind of distributed difference method for secret protection based on k means |
| CN107169361A (en) * | 2017-06-15 | 2017-09-15 | 深信服科技股份有限公司 | The detection method and system of a kind of leaking data |
Non-Patent Citations (3)
| Title |
|---|
| A Dynamic Approach to Detect Anomalous Queries on Relational Databases;Mohammad Saiful Islam 等;《Proceedings of the 5th ACM Conference on Data and Application Security and Privacy》;20150331;第4.2节 敏感度得分,第4.3节 元祖敏感度 * |
| M-Score: A Misuseability Weight Measure;Amir Harel 等;《IEEE Transactions on Dependable and Secure Computing》;20120124;第414-428页 * |
| M-score: estimating the potential damage of data leakage incident by assigning misuseability weight;Amir Harel 等;《https://dl.acm.org/doi/abs/10.1145/1866886.1866891》;20101030;第7,13-14,22-40 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107633183A (en) | 2018-01-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107633183B (en) | Data leakage detection method based on sensitivity of query result set | |
| Templ et al. | Statistical disclosure control for micro-data using the R package sdcMicro | |
| US9336388B2 (en) | Method and system for thwarting insider attacks through informational network analysis | |
| CN104732154B (en) | By the method and system of data anonymous | |
| CN102480385B (en) | database security protection method and device | |
| Bau et al. | A promising direction for web tracking countermeasures | |
| CA3069908A1 (en) | Differentially private query budget refunding | |
| CN103577852B (en) | Graded monitoring method and system based on active RFID | |
| CN113141276A (en) | Knowledge graph-based information security method | |
| CN113407986B (en) | Frequent item set mining method for local differential privacy protection based on singular value decomposition | |
| CN116346638B (en) | Data tampering inference method based on power grid power and alarm information interaction verification | |
| Chandler et al. | Accounting for geographic variation in species‐habitat associations during habitat suitability modeling | |
| JP2023535851A (en) | METHOD, DEVICE, TERMINAL DEVICE, AND STORAGE MEDIUM FOR DATA PROCESSING MODEL BY PRIVACY PROTECTION | |
| Jiang | Research on Machine Learning Algorithm for Internet of Things Information Security Management System Research and Implementation | |
| CN102902614A (en) | Dynamic monitoring and intelligent guide method | |
| Self et al. | Identifying meteorological drivers of PM2. 5 levels via a Bayesian spatial quantile regression | |
| CN101986267A (en) | Requirement priority ordering method and system based on dependence reduction | |
| Lu et al. | Analyzing temporal-spatial evolution of rare events by using social media data | |
| Moghaddam et al. | AgeTrust: A new temporal trust-based collaborative filtering approach | |
| CN114662152B (en) | Real-time data-oriented localization differential privacy data stream publishing method | |
| Whang et al. | Disinformation techniques for entity resolution | |
| CN114372271A (en) | Effect evaluation method during data desensitization | |
| Liu et al. | Efficiently anonymizing social networks with reachability preservation | |
| Liu et al. | Trajectory privacy data publishing scheme based on local optimisation and R-tree | |
| CN103353917B (en) | The methods of risk assessment of safety precaution network internal fixtion protection object and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |