CN108959965A - Data review of compliance method and apparatus - Google Patents
Data review of compliance method and apparatus Download PDFInfo
- Publication number
- CN108959965A CN108959965A CN201810734763.7A CN201810734763A CN108959965A CN 108959965 A CN108959965 A CN 108959965A CN 201810734763 A CN201810734763 A CN 201810734763A CN 108959965 A CN108959965 A CN 108959965A
- Authority
- CN
- China
- Prior art keywords
- data
- unexamined
- target
- result
- generated
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
- G06F21/6263—Protecting personal data, e.g. for financial or medical purposes during internet communication, e.g. revealing personal data from cookies
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Abstract
The embodiment of the present application discloses a kind of data review of compliance method and apparatus.One specific embodiment of this method includes: to obtain unexamined data acquisition system;Determine the characteristic of the unexamined data in unexamined data acquisition system;Based on each characteristic, determine at least one the unexamined data for meeting preset condition as the unexamined data acquisition system of target;The unexamined data of each target in data acquisition system unexamined for target, parse the unexamined data of the target, generate at least one parsing result;At least one parsing result generated and information to be matched preset, corresponding with preset condition are matched, matching result information is generated;Based on matching result information generated, the examination result of the unexamined data of the target is generated.This embodiment improves the flexibilities of data processing, help to improve the efficiency of data audit.
Description
Technical field
The invention relates to field of computer technology, and in particular to data review of compliance method and apparatus.
Background technique
With the development of internet technology, the data occurred on network are more and more, in many fields, need to network number
According to being audited, to ensure that the data transmitted or stored are to meet defined data.For example, some classified papers are needed in network
Middle transmission needs the information such as the transmission path to classified papers, storage address to examine in order to avoid classified papers will not be revealed
Core.Traditional audit mode generallys use the mode of manual examination and verification, needs to consume a large amount of manual examination and verification time, waste of manpower money
Source, and review efficiency is relatively low.
Summary of the invention
The purpose of the embodiment of the present application is to propose a kind of improved data review of compliance method and apparatus, to solve
The technical issues of background section above is mentioned.
In a first aspect, the embodiment of the present application provides a kind of data review of compliance method, this method comprises: obtaining pending
Look into data acquisition system;Determine the characteristic of the unexamined data in unexamined data acquisition system;Based on each characteristic, determine full
The unexamined data of at least one of sufficient preset condition are as the unexamined data acquisition system of target;In data acquisition system unexamined for target
The unexamined data of each target, the unexamined data of the target are parsed, generate at least one parsing result;It will be generated
At least one parsing result and information to be matched preset, corresponding with preset condition matched, generate matching result letter
Breath;Based on matching result information generated, the examination result of the unexamined data of the target is generated.
In some embodiments, based on matching result information, after the examination result for generating unexamined data, method is also
It include: to execute the operation that corresponding relationship is pre-established with the examination result of the unexamined data of the target.
In some embodiments, the unexamined data of each target in data acquisition system unexamined for target, to the mesh
It marks unexamined data to be parsed, generates at least one parsing result;By at least one parsing result generated and it is preset,
Information to be matched corresponding with preset condition is matched, and matching result information is generated;Based on matching result information generated,
After the examination result for generating the unexamined data of the target, method further include: be based on examination result generated, generate and examine knot
Fruit report.
In some embodiments, the unexamined data of the target are parsed, generate at least one parsing result, comprising:
The unexamined data of the target are parsed, generate include at least one node analytic tree, wherein analytic tree each of includes
Node corresponds to a parsing result.
In some embodiments, analytic tree includes at least one layer, and every layer therein includes at least one node;And it will
At least one parsing result generated and information to be matched preset, corresponding with preset condition are matched, and matching is generated
Result information, comprising:, successively will be to the corresponding solution of node according to preset order to each layer that analytic tree generated includes
Analysis result and information to be matched preset, corresponding with preset condition are matched, and matching result information is generated.
In some embodiments, by least one parsing result generated and it is preset, corresponding with preset condition to
Match information is matched, after generating matching result information, method further include: instruct the unexamined data input of the target in advance
Experienced regular testing model exports the check inspection result of the unexamined data of the target, wherein regular testing model is for characterizing
The corresponding relationship of unexamined data and check inspection result.
Second aspect, the embodiment of the present application provide a kind of data review of compliance device, which includes: to obtain list
Member is configured to obtain unexamined data acquisition system;First determination unit is configured to determine pending in unexamined data acquisition system
Look into the characteristic of data;Second determination unit is configured to based on each characteristic, and determination meets preset condition at least
One unexamined data is as the unexamined data acquisition system of target;First generation unit is configured to data unexamined for target
The unexamined data of each target in set, parse the unexamined data of the target, generate at least one parsing result;It will
At least one parsing result generated and information to be matched preset, corresponding with preset condition are matched, and matching is generated
Result information;Based on matching result information generated, the examination result of the unexamined data of the target is generated.
In some embodiments, device further include: execution unit is configured to carry out careful with the unexamined data of the target
The fruit that comes to an end pre-establishes the operation of corresponding relationship.
In some embodiments, device further include: the second generation unit is configured to based on examination result generated,
Generate examination result report.
In some embodiments, the first generation unit is further configured to: the unexamined data of the target are parsed,
Generate the analytic tree including at least one node, wherein each node that analytic tree includes corresponds to a parsing result.
In some embodiments, analytic tree includes at least one layer, and every layer therein includes at least one node;First is raw
Further be configured at unit: each layer for including to analytic tree generated successively will be to node pair according to preset order
The parsing result and information to be matched preset, corresponding with preset condition answered are matched, and matching result information is generated.
In some embodiments, device further include: verification unit is configured to the unexamined data input of the target is preparatory
Trained regular testing model exports the check inspection result of the unexamined data of the target, wherein regular testing model is used for table
Levy the corresponding relationship of unexamined data Yu check inspection result.
Data review of compliance method and apparatus provided by the embodiments of the present application, by the way that preset condition is arranged, from unexamined
The unexamined data for meeting preset condition are chosen in data acquisition system, then the unexamined data of selection are parsed, and are parsed
As a result, then matching parsing result with preset information to be matched, matching result information is obtained, finally based on matching knot
Fruit information generates examination result, to improve the flexibility of data processing, helps to improve the efficiency of data audit.
Detailed description of the invention
By reading a detailed description of non-restrictive embodiments in the light of the attached drawings below, the application's is other
Feature, objects and advantages will become more apparent upon:
Fig. 1 is that this application can be applied to exemplary system architecture figures therein;
Fig. 2 is the flow chart according to one embodiment of the data review of compliance method of the application;
Fig. 3 is the illustrative diagram according to the analytic tree of the data review of compliance method of the application;
Fig. 4 is the flow chart according to another embodiment of the data review of compliance method of the application;
Fig. 5 is the structural schematic diagram according to one embodiment of the data review of compliance device of the application;
Fig. 6 is adapted for the structural schematic diagram for the computer system for realizing the server of the embodiment of the present application.
Specific embodiment
The application is described in further detail with reference to the accompanying drawings and examples.It is understood that this place is retouched
The specific embodiment stated is used only for explaining related invention, rather than the restriction to the invention.It also should be noted that in order to
Convenient for description, part relevant to related invention is illustrated only in attached drawing.
It should be noted that in the absence of conflict, the features in the embodiments and the embodiments of the present application can phase
Mutually combination.The application is described in detail below with reference to the accompanying drawings and in conjunction with the embodiments.
Fig. 1 shows the data review of compliance method or data review of compliance device that can apply the embodiment of the present application
Exemplary system architecture 100.
As shown in Figure 1, system architecture 100 may include terminal device 101,102,103, network 104 and server 105.
Network 104 between terminal device 101,102,103 and server 105 to provide the medium of communication link.Network 104 can be with
Including various connection types, such as wired, wireless communication link or fiber optic cables etc..
User can be used terminal device 101,102,103 and be interacted by network 104 with server 105, to receive or send out
Send message etc..Various applications can be installed, such as the application of text-processing class, financial category are answered on terminal device 101,102,103
With, web browser applications, searching class application etc..
Terminal device 101,102,103 can be the various electronic equipments with data processing and transmission, including but unlimited
In smart phone, tablet computer, pocket computer on knee and desktop computer etc..
Server 105 can be to provide the server of various services, such as obtain to from terminal device 101,102,103
The back-end data processing server that is handled of data.Back-end data processing server can analyze the data of acquisition
Deng processing, and processing result (such as examination result to data) is fed back into terminal device, or be stored in server.From the background
Data processing server can be individual server, be also possible to the server cluster of the server composition of multiple communication connections.
It should be noted that data review of compliance method provided by the embodiment of the present application is generally held by server 105
Row, correspondingly, data review of compliance device is generally positioned in server 105.
It should be understood that the number of terminal device, network and server in Fig. 1 is only schematical.According to realization need
It wants, can have any number of terminal device, network and server.It should be noted that being not required in unexamined data from remote
In the case that journey obtains, above system framework can not include terminal device and network.
With continued reference to Fig. 2, the process of one embodiment of the data review of compliance method according to the application is shown
200.The data review of compliance method, comprising the following steps:
Step 201, unexamined data acquisition system is obtained.
In the present embodiment, electronic equipment (such as the clothes shown in FIG. 1 of data review of compliance method operation thereon
Business device) can be by wired connection mode or radio connection from unexamined data acquisition system is remotely obtained, it can also be from this
Ground obtains unexamined data acquisition system.Wherein, unexamined data can be various types of data, including but not limited to below at least
It is a kind of: the data of text type, the data of form types, the data of program code type, the structuring number applied to database
According to etc..
Step 202, the characteristic of the unexamined data in unexamined data acquisition system is determined.
In the present embodiment, based on the unexamined data acquisition system obtained in step 201, above-mentioned electronic equipment can determine to
Examine the characteristic of the unexamined data in data acquisition system.Specifically, above-mentioned electronic equipment can determine unexamined data set
The characteristic of the unexamined data of each of conjunction, or determine the feature of the unexamined data in part in unexamined data acquisition system
Data.Wherein, characteristic can be the data for characterizing certain attribute of unexamined data.For example, characteristic can be to
Examine the marks (such as cryptographic Hash, key assignments etc.) of data, unexamined data author's (such as user name, computer name etc.), to
Examine the source address (such as IP address) of data, format (such as doc format, txt format), the unexamined number of unexamined data
According to fingerprint (such as the fingerprint obtained based on preset fingerprint algorithm (such as k-shingle algorithm, Simhash algorithm etc.))
Deng.
Step 203, it is based on each characteristic, determines at least one the unexamined data for meeting preset condition as target
Unexamined data acquisition system.
In the present embodiment, each characteristic determined based on step 202, above-mentioned electronic equipment can be based on each spy
Data are levied, determine at least one the unexamined data for meeting preset condition as the unexamined data acquisition system of target.Wherein, above-mentioned pre-
If condition can be the pre-set condition for classifying to unexamined data of technical staff.For example, preset condition can
To include but is not limited to following at least one: the source address of unexamined data belongs to preset address, and unexamined data are deposited
Storage area domain belongs to preset storage region, and the mark of unexamined data, which belongs to, is contained in preset logo collection etc..It needs
Bright, preset condition may include multiple conditions, when some unexamined data meets all or part in multiple conditions,
It can determine that the unexamined data meet preset condition.
In practice, above-mentioned preset condition can determine that the rule may include preset condition and place based on default rule
Reason mode, which can be one section of program, by executing the rule, can determine and meet in advance from unexamined data acquisition system
If the unexamined data of condition, and above-mentioned processing mode is executed to the unexamined data for meeting preset condition.As an example, certain is advised
It is then the confidentiality examination rule of the document setup used for user, which does not allow the ordinary user of certain unit secret
Document is put into the equipment of non-concerning security matters.The equipment of ordinary user or non-concerning security matters can be divided into a user in advance by technical staff
In group (such as GroupA), and fingerprint (such as RuleA) is generated to security files, the application range of the rule is limited to this
In the local storage region (such as ChannelA) of each computer of unit, the processing mode of the rule is set as to prevent text
Part transmits and deletes file, generates event (ActionA).Then the rule (such as PolicyA) can be by " GroupA+RuleA+
ChannelA+ActionA " characterization.
Step 204, the unexamined data of each target in data acquisition system unexamined for target, to the unexamined number of the target
According to being parsed, at least one parsing result is generated;By at least one parsing result generated and preset and preset condition
Corresponding information to be matched is matched, and matching result information is generated;Based on matching result information generated, the target is generated
The examination result of unexamined data.
In the present embodiment, the unexamined data of each target in data acquisition system unexamined for target, above-mentioned electronics are set
It is standby that the unexamined data of the target can be parsed first, generate at least one parsing result.Specifically, above-mentioned electronic equipment
The unexamined data can be parsed in various manners.For example, it is assumed that the unexamined data of the target are text file, on
Key data that electronic equipment can include from this article this document is stated (such as except the files category such as filename, file header, file size
Property information outside data) in extract keyword, using the keyword of extraction as parsing result;Alternatively, above-mentioned electronic equipment can be with
Keyword is extracted as parsing result from some specific position (such as the positions such as header, footer) of this article this document.For another example
Assuming that the format of the unexamined data of target is structural body, above-mentioned electronic equipment can extract critical data (example from the structural body
The measurement data (such as amount of access of certain network) that such as certain target object is measured), as parsing result.
Then, above-mentioned electronic equipment can be by least one parsing result generated and preset and preset condition pair
The information to be matched answered is matched, and matching result information is generated.Specifically, information to be matched can be technical staff in advance with
Above-mentioned preset condition establishes the information of corresponding relationship.Some parsing result at least one parsing result generated with to
It is identical or when part is identical with information, it can determine the parsing result and information matches to be matched success.Above-mentioned matching knot
Whether it includes with information to be matched to matched information that fruit information can be at least one above-mentioned parsing result of characterization, such as
" not including that it fails to match ", or " including successful match ".As an example it is supposed that at least one above-mentioned parsing result is at least one
A keyword, match information is keyword " secret ", then when at least one above-mentioned keyword including keyword " secret ", then
With success, the matching result information of generation can be " classified papers ".
Finally, above-mentioned electronic equipment can be based on matching result information generated, the unexamined data of the target are generated
Examination result.Specifically, matching result information can be determined as examination result by above-mentioned electronic equipment;Alternatively, above-mentioned electronics is set
It is standby that the examination result including above-mentioned matching result information can be generated.For example, examination result can also include to matching result into
The description information of row description, description information can include but is not limited to following at least one: the equipment for examining the time, being examined
Title etc..
In some optional implementations of the present embodiment, above-mentioned electronic equipment can be in accordance with the following steps to the target
Unexamined data are parsed, and at least one parsing result is generated:
The unexamined data of the target are parsed, the analytic tree including at least one node is generated.Wherein, analytic tree packet
The each node included corresponds to a parsing result.As an example, as shown in figure 3, node A~node E forms an analytic tree,
Wherein, the compressed file a.zip, node B and node C that node A characterizes that above-mentioned electronic equipment obtains characterize compression text respectively
The file b.txt and c.doc that part a.zip includes, node D and node E characterize the file d.xls quoted in file c.doc respectively
With the attribute information (such as author, creation time of file c.doc etc.) of file c.doc.It should be noted that tree data knot
The construction method of structure is the well-known technique studied and applied extensively at present, and details are not described herein.
In some optional implementations of the present embodiment, above-mentioned analytic tree may include at least one layer, therein
Every layer includes at least one node.Above-mentioned electronic equipment can generate in accordance with the following steps matching result information:
It, successively will be to the corresponding parsing result of node according to preset order to each layer that analytic tree generated includes
And information to be matched preset, corresponding with preset condition is matched, and matching result information is generated.As an example, such as Fig. 3 institute
Show, analytic tree includes three layers, and first layer includes node A, and the second layer includes node B and node C, and third layer includes node D and section
Point E.Assuming that information to be matched is keyword " secret ", then above-mentioned electronic equipment can be according to suitable from first layer to third layer
Sequence successively matches keyword " secret " with the text that each node includes, when the file or information of some node characterization
In when including keyword " secret ", then the node and information matches to be matched are successfully.Assuming that including keyword " machine in node D
It is close ", then the matching result information generated can be " successful match, file d.xls are classified papers ".Pass through layer-by-layer matched side
Formula can make matched step more regular and comprehensive, matched efficiency can be improved, and reduce matched fault rate.It is logical
Building analytic tree is crossed, parsing result can be made to present in the form of structuring, the accuracy of parsing result can be improved, is convenient for skill
Art personnel are managed unexamined data.
In some optional implementations of the present embodiment, above-mentioned electronic equipment can generate matching result information it
Afterwards, following steps are executed:
By the regular testing model of the unexamined data input training in advance of the target, the inspection of the unexamined data of the target is exported
Test examination result.Wherein, regular testing model is used to characterize the corresponding relationship of unexamined data Yu check inspection result.Above-mentioned inspection
Testing examination result can characterize whether unexamined data are to close rule data, alternatively, above-mentioned check inspection result can be by rule
Certain feature of testing model output, the characterization unexamined data of target (such as characterization should when the unexamined data of target are text
Term vector, the text and similarity of pre-set text of text etc.) characteristic.Above-mentioned check inspection result can be used as pair
The suggestion for examining rule is formulated, technical staff can be adjusted examination rule according to check inspection result, examine to improve
The reasonability of rule.
It is based on examining a large amount of unexamined data and inspection as an example, above-mentioned rule testing model can be technical staff
Come to an end fruit statistics and generate, be stored with unexamined data and check inspection result corresponding relationship mapping table;?
It can be based on preset training sample, using machine learning method to initial model (such as convolutional neural networks, circulation nerve
Network, support vector machines etc.) be trained after obtained model.
The method provided by the above embodiment of the application is chosen from unexamined data acquisition system by the way that preset condition is arranged
Meet the unexamined data of preset condition, then the unexamined data of selection are parsed, obtains parsing result, it then will parsing
As a result it is matched with preset information to be matched, obtains matching result information, be finally based on matching result information, generated and examine
As a result, helping to improve the efficiency of data audit to improve the flexibility of data processing.
With further reference to Fig. 4, it illustrates the processes 400 of another embodiment of data review of compliance method.The number
According to the process 400 of review of compliance method, comprising the following steps:
Step 401, unexamined data acquisition system is obtained.
In the present embodiment, step 401 and the step 201 in Fig. 2 corresponding embodiment are almost the same, and which is not described herein again.
Step 402, the characteristic of the unexamined data in unexamined data acquisition system is determined;
In the present embodiment, step 402 and the step 202 in Fig. 2 corresponding embodiment are almost the same, and which is not described herein again.
Step 403, it is based on each characteristic, determines at least one the unexamined data for meeting preset condition as target
Unexamined data acquisition system.
In the present embodiment, step 403 and the step 203 in Fig. 2 corresponding embodiment are almost the same, and which is not described herein again.
Step 404, the unexamined data of each target in data acquisition system unexamined for target, to the unexamined number of the target
According to being parsed, at least one parsing result is generated;By at least one parsing result generated and preset and preset condition
Corresponding information to be matched is matched, and matching result information is generated;Based on matching result information generated, the target is generated
The examination result of unexamined data;Execute the operation that corresponding relationship is pre-established with the examination result of the unexamined data of the target.
In the present embodiment, the electronic equipment of data review of compliance method operation thereon can be first, in accordance with such as figure
Step 204 in 2 illustrated embodiments generates the examination result of the unexamined data of the target.Then above-mentioned electronic equipment can execute
The operation of corresponding relationship is pre-established with the examination result of the unexamined data of the target.Wherein, aforesaid operations can be technology people
The pre-set one section of program of member.As an example it is supposed that the examination result characterization unexamined data irregularity of target (such as storage should
The equipment of unexamined data is the equipment of unauthorized), then this section of program can be indicated the unexamined data of irregularity from storage
The equipment of the unexamined data is deleted.
Step 405, it is based on examination result generated, generates examination result report.
In the present embodiment, above-mentioned electronic equipment can be generated based on the examination result of each unexamined data of generation
Examination result report.Wherein, examination result report may include examination result generated, can also include other information (example
Such as the description information of each examination result).As an example, examination result report may include the examination generated the preset period
As a result, above-mentioned electronic equipment executes 401~step 404 of above-mentioned steps in real time in the period, terminate in the period
Afterwards, examination result report is generated.
Optionally, above-mentioned electronic equipment, which can report the examination result of generation, is sent to terminal device used by a user
(such as terminal device shown in FIG. 1), so that user can check that examination result is reported, and with reference to examination result report to careful
Rule is looked into be adjusted.
Figure 4, it is seen that the data review of compliance method compared with the corresponding embodiment of Fig. 2, in the present embodiment
Process 400 highlight the corresponding operations of examination result of the unexamined data of performance objective, and generate examination result report
Step.The scheme of the present embodiment description can make the step of handling unexamined data more abundant as a result, improve data processing
Efficiency, and improve generate examination result report efficiency, the examination result of generation is checked convenient for user.
With further reference to Fig. 5, as the realization to method shown in above-mentioned each figure, this application provides a kind of data compliance
One embodiment of checking device, the Installation practice is corresponding with embodiment of the method shown in Fig. 2, which can specifically answer
For in various electronic equipments.
As shown in figure 5, the data review of compliance device 500 of the present embodiment includes: that acquiring unit 501, first determines list
First 502, second determination unit 503 and the first generation unit 504.Wherein, acquiring unit 501 is configured to obtain unexamined data
Set;First determination unit 502 is configured to determine the characteristic of the unexamined data in unexamined data acquisition system;Second really
Order member 503 is configured to determine at least one the unexamined data for meeting preset condition as mesh based on each characteristic
Mark unexamined data acquisition system;Each target that first generation unit 504 is configured in data acquisition system unexamined for target waits for
It examines data, the unexamined data of the target is parsed, generate at least one parsing result;By at least one solution generated
Analysis result and information to be matched preset, corresponding with preset condition are matched, and matching result information is generated;Based on being generated
Matching result information, generate the examination result of the unexamined data of the target.
In the present embodiment, the acquiring unit 501 of data review of compliance device 500 can by wired connection mode or
Person's radio connection can also obtain unexamined data acquisition system from local from unexamined data acquisition system is remotely obtained.Wherein, to
Examine that data can be various types of data, it is including but not limited to following at least one: data, the form types of text type
Data, the data of program code type, applied to structural data of database etc..
In the present embodiment, the unexamined data acquisition system obtained based on acquiring unit 501, above-mentioned first determination unit 502
It can determine the characteristic of the unexamined data in unexamined data acquisition system.Specifically, above-mentioned electronic equipment can determine to
It examines the characteristic of the unexamined data of each of data acquisition system, or determines that the part in unexamined data acquisition system is unexamined
The characteristic of data.Wherein, characteristic can be the data for characterizing certain attribute of unexamined data.For example, characteristic
It (such as user name, is calculated according to the author that can be the marks (such as cryptographic Hash, key assignments etc.) of unexamined data, unexamined data
Machine name etc.), format (such as the doc format, txt lattice of the source address (such as IP address) of unexamined data, unexamined data
Formula), the fingerprints of unexamined data is (such as based on preset fingerprint algorithm (such as k-shingle algorithm, Simhash algorithm etc.)
Obtained fingerprint) etc..
In the present embodiment, each characteristic determined based on the first determination unit 502, above-mentioned second determination unit
503 can be based on each characteristic, determine at least one the unexamined data for meeting preset condition as the unexamined number of target
According to set.Wherein, above-mentioned preset condition can be the pre-set item for classifying to unexamined data of technical staff
Part.For example, preset condition can include but is not limited to following at least one: the source address of unexamined data belongs to presetly
Location, the storage region of unexamined data belong to preset storage region, and the mark of unexamined data, which belongs to, is contained in preset mark
Know set etc..It should be noted that preset condition may include multiple conditions, when some unexamined data meets multiple conditions
In all or part when, can determine that the unexamined data meet preset condition.
In practice, above-mentioned preset condition can determine that the rule may include preset condition and place based on default rule
Reason mode, which can be one section of program, by executing the rule, can determine and meet in advance from unexamined data acquisition system
If the unexamined data of condition, and above-mentioned processing mode is executed to the unexamined data for meeting preset condition.As an example, certain is advised
It is then the confidentiality examination rule of the document setup used for user, which does not allow the ordinary user of certain unit secret
Document is put into the equipment of non-concerning security matters.The equipment of ordinary user or non-concerning security matters can be divided into a user in advance by technical staff
In group (such as GroupA), and fingerprint (such as RuleA) is generated to security files, the application range of the rule is limited to this
In the local storage region (such as ChannelA) of each computer of unit, the processing mode of the rule is set as to prevent text
Part transmits and deletes file, generates event (ActionA).Then the rule (such as PolicyA) can be by " GroupA+RuleA+
ChannelA+ActionA " characterization.
In the present embodiment, each of the unexamined data acquisition system of target for being determined based on the second determination unit 503
The unexamined data of target, above-mentioned first generation unit 504 can first parse the unexamined data of the target, generate at least
One parsing result.Specifically, above-mentioned first generation unit 504 can in various manners solve the unexamined data
Analysis.For example, it is assumed that the unexamined data of the target are text file, above-mentioned first generation unit 504 can be from this article this document packet
Keyword is extracted in the key data (such as data in addition to the file attribute informations such as filename, file header, file size) included,
Using the keyword of extraction as parsing result;Alternatively, above-mentioned first generation unit 504 can from this article this document some is specific
Keyword is extracted as parsing result in position (such as the positions such as header, footer).For another example assuming the lattice of the unexamined data of target
Formula is structural body, above-mentioned first generation unit 504 can be extracted from the structural body critical data (such as to certain target object into
The measurement data (such as amount of access of certain network etc.) that row measurement obtains), as parsing result.
Then, above-mentioned first generation unit 504 can by least one parsing result generated and it is preset, with it is default
The corresponding information to be matched of condition is matched, and matching result information is generated.Specifically, information to be matched can be technical staff
The information of corresponding relationship is established with above-mentioned preset condition in advance.Some parsing result at least one parsing result generated
Succeed with that when information to be matched is identical or part is identical, can determine the parsing result and information matches to be matched.It is above-mentioned
Whether it includes with information to be matched to matched information that matching result information can be in above-mentioned at least one parsing result of characterization,
Such as " not including that it fails to match ", or " including successful match ".As an example it is supposed that at least one above-mentioned parsing result is extremely
A few keyword, match information are keyword " secret ", then when including keyword " secret " at least one above-mentioned keyword,
The matching result information of then successful match, generation can be " classified papers ".
Finally, above-mentioned first generation unit 504 can be based on matching result information generated, it is unexamined to generate the target
The examination result of data.Specifically, matching result information can be determined as examination result by above-mentioned first generation unit 504;Or
The examination result including above-mentioned matching result information can be generated in person, above-mentioned first generation unit 504.For example, examination result is also
It may include the description information that matching result is described, description information can include but is not limited to following at least one: examining
Look into the time, the title of equipment examined etc..
In some optional implementations of the present embodiment, the device 500 can also include: execution unit (in figure not
Show), it is configured to carry out the operation that corresponding relationship is pre-established with the examination result of the unexamined data of the target.
In some optional implementations of the present embodiment, which can also include: the second generation unit (figure
In be not shown), be configured to generate examination result report based on examination result generated.
In some optional implementations of the present embodiment, the first generation unit 504 can be further configured to: right
The unexamined data of the target are parsed, and generate the analytic tree including at least one node, wherein each section that analytic tree includes
Point corresponds to a parsing result.
In some optional implementations of the present embodiment, analytic tree includes at least one layer, and every layer therein includes
At least one node;First generation unit 504 can be further configured to: each layer for including to analytic tree generated,
According to preset order, successively will to the corresponding parsing result of node and information to be matched preset, corresponding with preset condition into
Row matching, generates matching result information.
In some optional implementations of the present embodiment, the device 500 can also include: verification unit (in figure not
Show), it is configured to the regular testing model of the unexamined data input training in advance of the target exporting the unexamined number of the target
According to check inspection result, wherein regular testing model is used to characterize the corresponding relationships of unexamined data Yu check inspection result.
The device provided by the above embodiment of the application is chosen from unexamined data acquisition system by the way that preset condition is arranged
Meet the unexamined data of preset condition, then the unexamined data of selection are parsed, obtains parsing result, it then will parsing
As a result it is matched with preset information to be matched, obtains matching result information, be finally based on matching result information, generated and examine
As a result, helping to improve the efficiency of data audit to improve the flexibility of data processing.
Below with reference to Fig. 6, it illustrates the server for being suitable for being used to realize the embodiment of the present application (such as clothes shown in FIG. 1
Be engaged in device) computer system 600 structural schematic diagram.Server shown in Fig. 6 is only an example, should not be to the application reality
The function and use scope for applying example bring any restrictions.
As shown in fig. 6, computer system 600 includes central processing unit (CPU) 601, it can be read-only according to being stored in
Program in memory (ROM) 602 or be loaded into the program in random access storage device (RAM) 603 from storage section 608 and
Execute various movements appropriate and processing.In RAM 603, also it is stored with system 600 and operates required various programs and data.
CPU 601, ROM 602 and RAM 603 are connected with each other by bus 604.Input/output (I/O) interface 605 is also connected to always
Line 604.
I/O interface 605 is connected to lower component: the importation 606 including keyboard, mouse etc.;It is penetrated including such as cathode
The output par, c 607 of spool (CRT), liquid crystal display (LCD) etc. and loudspeaker etc.;Storage section 608 including hard disk etc.;
And the communications portion 609 of the network interface card including LAN card, modem etc..Communications portion 609 via such as because
The network of spy's net executes communication process.Driver 610 is also connected to I/O interface 605 as needed.Detachable media 611, such as
Disk, CD, magneto-optic disk, semiconductor memory etc. are mounted on as needed on driver 610, in order to read from thereon
Computer program be mounted into storage section 608 as needed.
Particularly, in accordance with an embodiment of the present disclosure, it may be implemented as computer above with reference to the process of flow chart description
Software program.For example, embodiment of the disclosure includes a kind of computer program product comprising be carried on computer-readable medium
On computer program, which includes the program code for method shown in execution flow chart.In such reality
It applies in example, which can be downloaded and installed from network by communications portion 609, and/or from detachable media
611 are mounted.When the computer program is executed by central processing unit (CPU) 601, limited in execution the present processes
Above-mentioned function.It should be noted that computer-readable medium described herein can be computer-readable signal media or
Computer-readable medium either the two any combination.Computer-readable medium for example can be --- but it is unlimited
In system, device or the device of --- electricity, magnetic, optical, electromagnetic, infrared ray or semiconductor, or any above combination.It calculates
The more specific example of machine readable medium can include but is not limited to: electrical connection, portable meter with one or more conducting wires
Calculation machine disk, hard disk, random access storage device (RAM), read-only memory (ROM), erasable programmable read only memory
(EPROM or flash memory), optical fiber, portable compact disc read-only memory (CD-ROM), light storage device, magnetic memory device or
The above-mentioned any appropriate combination of person.In this application, computer-readable medium, which can be, any includes or storage program has
Shape medium, the program can be commanded execution system, device or device use or in connection.And in the application
In, computer-readable signal media may include in a base band or as carrier wave a part propagate data-signal, wherein
Carry computer-readable program code.The data-signal of this propagation can take various forms, including but not limited to electric
Magnetic signal, optical signal or above-mentioned any appropriate combination.Computer-readable signal media can also be computer-readable Jie
Any computer-readable medium other than matter, the computer-readable medium can be sent, propagated or transmitted for being held by instruction
Row system, device or device use or program in connection.The program code for including on computer-readable medium
It can transmit with any suitable medium, including but not limited to: wireless, electric wire, optical cable, RF etc. or above-mentioned any conjunction
Suitable combination.
The calculating of the operation for executing the application can be write with one or more programming languages or combinations thereof
Machine program code, described program design language include object oriented program language-such as Java, Smalltalk, C+
+, it further include conventional procedural programming language-such as " C " language or similar programming language.Program code can
Fully to execute, partly execute on the user computer on the user computer, be executed as an independent software package,
Part executes on the remote computer or executes on a remote computer or server completely on the user computer for part.
In situations involving remote computers, remote computer can pass through the network of any kind --- including local area network (LAN)
Or wide area network (WAN)-is connected to subscriber computer, or, it may be connected to outer computer (such as utilize Internet service
Provider is connected by internet).
Flow chart and block diagram in attached drawing are illustrated according to the system of the various embodiments of the application, method and computer journey
The architecture, function and operation in the cards of sequence product.In this regard, each box in flowchart or block diagram can generation
A part of one module, program segment or code of table, a part of the module, program segment or code include one or more use
The executable instruction of the logic function as defined in realizing.It should also be noted that in some implementations as replacements, being marked in box
The function of note can also occur in a different order than that indicated in the drawings.For example, two boxes succeedingly indicated are actually
It can be basically executed in parallel, they can also be executed in the opposite order sometimes, and this depends on the function involved.Also it to infuse
Meaning, the combination of each box in block diagram and or flow chart and the box in block diagram and or flow chart can be with holding
The dedicated hardware based system of functions or operations as defined in row is realized, or can use specialized hardware and computer instruction
Combination realize.
Being described in unit involved in the embodiment of the present application can be realized by way of software, can also be by hard
The mode of part is realized.Described unit also can be set in the processor, for example, can be described as: a kind of processor packet
Include acquiring unit, the first determination unit, the second determination unit and the first generation unit.Wherein, the title of these units is at certain
In the case of do not constitute restriction to the unit itself, for example, acquiring unit is also described as " obtaining unexamined data set
The unit of conjunction ".
As on the other hand, present invention also provides a kind of computer-readable medium, which be can be
Included in server described in above-described embodiment;It is also possible to individualism, and without in the supplying server.It is above-mentioned
Computer-readable medium carries one or more program, when said one or multiple programs are executed by the server,
So that the server: obtaining unexamined data acquisition system;Determine the characteristic of the unexamined data in unexamined data acquisition system;Base
In each characteristic, determine at least one the unexamined data for meeting preset condition as the unexamined data acquisition system of target;It is right
The unexamined data of each target in the unexamined data acquisition system of target, parse the unexamined data of the target, generate extremely
A few parsing result;By at least one parsing result generated and information to be matched preset, corresponding with preset condition
It is matched, generates matching result information;Based on matching result information generated, the examination of the unexamined data of the target is generated
As a result.
Above description is only the preferred embodiment of the application and the explanation to institute's application technology principle.Those skilled in the art
Member is it should be appreciated that invention scope involved in the application, however it is not limited to technology made of the specific combination of above-mentioned technical characteristic
Scheme, while should also cover in the case where not departing from foregoing invention design, it is carried out by above-mentioned technical characteristic or its equivalent feature
Any combination and the other technical solutions formed.Such as features described above has similar function with (but being not limited to) disclosed herein
Can technical characteristic replaced mutually and the technical solution that is formed.
Claims (12)
1. a kind of data review of compliance method, which is characterized in that the described method includes:
Obtain unexamined data acquisition system;
Determine the characteristic of the unexamined data in the unexamined data acquisition system;
Based on each characteristic, determine at least one the unexamined data for meeting preset condition as the unexamined data set of target
It closes;
The unexamined data of each target in data acquisition system unexamined for the target, solve the unexamined data of the target
Analysis generates at least one parsing result;By at least one parsing result generated with it is preset, corresponding with the preset condition
Information to be matched matched, generate matching result information;Based on matching result information generated, it is pending to generate the target
Look into the examination result of data.
2. data review of compliance method according to claim 1, which is characterized in that be based on the matching result described
Information, after the examination result for generating the unexamined data, the method also includes:
Execute the operation that corresponding relationship is pre-established with the examination result of the unexamined data of the target.
3. data review of compliance method according to claim 1, which is characterized in that described pending for the target
The unexamined data of each target in data acquisition system are looked into, the unexamined data of the target are parsed, generate at least one parsing
As a result;By at least one parsing result generated and information progress to be matched preset, corresponding with the preset condition
Match, generates matching result information;Based on matching result information generated, generate the unexamined data of the target examination result it
Afterwards, the method also includes:
Based on examination result generated, examination result report is generated.
4. data review of compliance method according to claim 1, which is characterized in that the described pair of unexamined data of the target
It is parsed, generates at least one parsing result, comprising:
The unexamined data of the target are parsed, generate the analytic tree including at least one node, wherein what analytic tree included
Each node corresponds to a parsing result.
5. data review of compliance method according to claim 4, which is characterized in that analytic tree includes at least one layer,
Every layer therein includes at least one node;And
It is described to carry out at least one parsing result generated with information to be matched preset, corresponding with the preset condition
Matching generates matching result information, comprising:
It, successively will be to the corresponding parsing result of node and pre- according to preset order to each layer that analytic tree generated includes
If, corresponding with preset condition information to be matched matched, generate matching result information.
6. data review of compliance method described in one of -5 according to claim 1, which is characterized in that it is described by it is generated extremely
A few parsing result and information to be matched preset, corresponding with the preset condition are matched, and matching result letter is generated
After breath, the method also includes:
By the regular testing model of the unexamined data input training in advance of the target, the inspection for exporting the unexamined data of the target is examined
Come to an end fruit, wherein the rule testing model is used to characterize the corresponding relationship of unexamined data Yu check inspection result.
7. a kind of data review of compliance device, which is characterized in that described device includes:
Acquiring unit is configured to obtain unexamined data acquisition system;
First determination unit is configured to determine the characteristic of the unexamined data in the unexamined data acquisition system;
Second determination unit is configured to determine at least one the unexamined number for meeting preset condition based on each characteristic
According to as the unexamined data acquisition system of target;
First generation unit, the unexamined data of each target being configured in data acquisition system unexamined for the target are right
The unexamined data of the target are parsed, and at least one parsing result is generated;By at least one parsing result generated and in advance
If, corresponding with preset condition information to be matched matched, generate matching result information;Based on matching generated
Result information generates the examination result of the unexamined data of the target.
8. data review of compliance device according to claim 7, which is characterized in that described device further include:
Execution unit is configured to carry out the operation that corresponding relationship is pre-established with the examination result of the unexamined data of the target.
9. data review of compliance device according to claim 7, which is characterized in that described device further include:
Second generation unit is configured to generate examination result report based on examination result generated.
10. data review of compliance device according to claim 7, which is characterized in that first generation unit is into one
Step is configured to:
The unexamined data of the target are parsed, generate the analytic tree including at least one node, wherein what analytic tree included
Each node corresponds to a parsing result.
11. data review of compliance device according to claim 10, which is characterized in that analytic tree includes at least one
Layer, every layer therein includes at least one node;First generation unit is further configured to:
It, successively will be to the corresponding parsing result of node and pre- according to preset order to each layer that analytic tree generated includes
If, corresponding with preset condition information to be matched matched, generate matching result information.
12. the data review of compliance device according to one of claim 7-11, which is characterized in that described device is also wrapped
It includes:
Verification unit is configured to the regular testing model of the unexamined data input training in advance of the target exporting the target
The check inspection result of unexamined data, wherein the rule testing model is for characterizing unexamined data and check inspection knot
The corresponding relationship of fruit.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810734763.7A CN108959965B (en) | 2018-07-06 | 2018-07-06 | Data compliance examination method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810734763.7A CN108959965B (en) | 2018-07-06 | 2018-07-06 | Data compliance examination method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108959965A true CN108959965A (en) | 2018-12-07 |
| CN108959965B CN108959965B (en) | 2020-01-17 |
Family
ID=64484222
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810734763.7A Active CN108959965B (en) | 2018-07-06 | 2018-07-06 | Data compliance examination method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108959965B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109726242A (en) * | 2018-12-29 | 2019-05-07 | 陕西西部资信股份有限公司 | Data processing method and system |
| CN110991352A (en) * | 2019-12-05 | 2020-04-10 | 广东傲智创新科技有限公司 | File data examination method and device |
| CN112966139A (en) * | 2021-02-26 | 2021-06-15 | 苍穹数码技术股份有限公司 | Data processing method and device, electronic equipment and computer storage medium |
| CN113094459A (en) * | 2021-04-21 | 2021-07-09 | 自然资源部地图技术审查中心 | Map checking method and device |
| CN115907655A (en) * | 2022-11-17 | 2023-04-04 | 北京构力科技有限公司 | Method, device, equipment and medium for examining civil air defense building model |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101847190A (en) * | 2010-05-31 | 2010-09-29 | 北京测腾信息技术有限公司 | Method and system for ferrying data safely |
| CN102984128A (en) * | 2012-11-05 | 2013-03-20 | 中国电力科学研究院 | Computer information privacy detection method based on network |
| CN105912946A (en) * | 2016-04-05 | 2016-08-31 | 上海上讯信息技术股份有限公司 | Document detection method and device |
| CN107544884A (en) * | 2017-09-21 | 2018-01-05 | 郑州云海信息技术有限公司 | Script inspection method, system, device and storage medium based on storage system |
| CN108090351A (en) * | 2017-12-14 | 2018-05-29 | 北京百度网讯科技有限公司 | For handling the method and apparatus of request message |
-
2018
- 2018-07-06 CN CN201810734763.7A patent/CN108959965B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101847190A (en) * | 2010-05-31 | 2010-09-29 | 北京测腾信息技术有限公司 | Method and system for ferrying data safely |
| CN102984128A (en) * | 2012-11-05 | 2013-03-20 | 中国电力科学研究院 | Computer information privacy detection method based on network |
| CN105912946A (en) * | 2016-04-05 | 2016-08-31 | 上海上讯信息技术股份有限公司 | Document detection method and device |
| CN107544884A (en) * | 2017-09-21 | 2018-01-05 | 郑州云海信息技术有限公司 | Script inspection method, system, device and storage medium based on storage system |
| CN108090351A (en) * | 2017-12-14 | 2018-05-29 | 北京百度网讯科技有限公司 | For handling the method and apparatus of request message |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109726242A (en) * | 2018-12-29 | 2019-05-07 | 陕西西部资信股份有限公司 | Data processing method and system |
| CN110991352A (en) * | 2019-12-05 | 2020-04-10 | 广东傲智创新科技有限公司 | File data examination method and device |
| CN112966139A (en) * | 2021-02-26 | 2021-06-15 | 苍穹数码技术股份有限公司 | Data processing method and device, electronic equipment and computer storage medium |
| CN112966139B (en) * | 2021-02-26 | 2024-02-09 | 苍穹数码技术股份有限公司 | Data processing method, device, electronic equipment and computer storage medium |
| CN113094459A (en) * | 2021-04-21 | 2021-07-09 | 自然资源部地图技术审查中心 | Map checking method and device |
| CN115907655A (en) * | 2022-11-17 | 2023-04-04 | 北京构力科技有限公司 | Method, device, equipment and medium for examining civil air defense building model |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108959965B (en) | 2020-01-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108959965A (en) | Data review of compliance method and apparatus | |
| CN109002842A (en) | Image-recognizing method and device | |
| CN108171276A (en) | For generating the method and apparatus of information | |
| CN109446099A (en) | Automatic test cases generation method, device, medium and electronic equipment | |
| CN104598218B (en) | For merging and reusing the method and system of gateway information | |
| CN108520470A (en) | Method and apparatus for generating customer attribute information | |
| CN108090351A (en) | For handling the method and apparatus of request message | |
| CN108256591A (en) | For the method and apparatus of output information | |
| CN109359194A (en) | Method and apparatus for predictive information classification | |
| CN109086780A (en) | Method and apparatus for detecting electrode piece burr | |
| CN107193974A (en) | Localized information based on artificial intelligence determines method and apparatus | |
| CN109933514A (en) | A kind of data test method and apparatus | |
| CN110377522A (en) | The test method for scene of trading, calculates equipment and medium at device | |
| CN110347428A (en) | A kind of detection method and device of code similarity | |
| CN116209997A (en) | System and method for classifying software vulnerabilities | |
| CN107634947A (en) | Limitation malice logs in or the method and apparatus of registration | |
| CN109976995A (en) | Method and apparatus for test | |
| CN108446659A (en) | Method and apparatus for detecting facial image | |
| CN107506256A (en) | A kind of method and apparatus of crash data monitoring | |
| CN110020358A (en) | Method and apparatus for generating dynamic page | |
| CN108959087A (en) | test method and device | |
| CN110278201A (en) | Security strategy evaluation method and device, computer-readable medium and electronic equipment | |
| CN110188159A (en) | Collage-credit data cut-in method, device, equipment and computer readable storage medium | |
| CN109002385A (en) | Method for testing pressure and device for data flow system | |
| CN110471848A (en) | A kind of method and apparatus of dynamic returned packet |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |