CN110572358B - Data leakage processing method and device, electronic equipment and storage medium - Google Patents
Data leakage processing method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN110572358B CN110572358B CN201910697321.4A CN201910697321A CN110572358B CN 110572358 B CN110572358 B CN 110572358B CN 201910697321 A CN201910697321 A CN 201910697321A CN 110572358 B CN110572358 B CN 110572358B
- Authority
- CN
- China
- Prior art keywords
- target
- address
- network address
- electronic equipment
- external network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/126—Applying verification of the received information the source of the received data
Abstract
The embodiment of the invention provides a data leakage processing method, a data leakage processing device, electronic equipment and a storage medium, wherein the method comprises the following steps: when monitoring target data matched with preset monitoring parameters, the electronic equipment acquires a target external network address corresponding to the target data; if the target external network address does not exist in the database, the electronic equipment queries an internal network address corresponding to the target external network address from an address relation mapping table; and the electronic equipment determines the user information corresponding to the intranet address and sends out early warning information according to the user information. By adopting the method and the device, the source of the data leakage point can be effectively traced, and the risk brought by data leakage is further reduced.
Description
Technical Field
The present invention relates to the field of information security technologies, and in particular, to a data leakage processing method and apparatus, an electronic device, and a storage medium.
Background
Data leakage has become a primary problem for enterprise information security. The data leakage manner is also various. For example, enterprise employees are actively involved in data leakage. Of course, in some scenarios, there may be a situation where personnel inside the enterprise are passively compromised, or a third party causes the compromise. With the development of the internet and mobile internet technologies, more and more data leakage events are generated by relying on the internet and the mobile internet, which also leads more and more enterprises to bear risks brought by data leakage. Therefore, how to effectively trace the source of the data leakage point and further reduce the risk brought by the data leakage becomes a hot point of research.
Disclosure of Invention
The embodiment of the invention provides a data leakage processing method and device, electronic equipment and a storage medium, which can effectively trace the source of a data leakage point so as to reduce the risk brought by data leakage.
In a first aspect, an embodiment of the present invention provides a data leakage processing method, including:
when monitoring target data matched with preset monitoring parameters, the electronic equipment acquires a target external network address corresponding to the target data;
if the target external network address does not exist in the database, the electronic equipment queries an internal network address corresponding to the target external network address from an address relation mapping table;
and the electronic equipment determines user information corresponding to the intranet address and sends out early warning information according to the user information.
Optionally, before the electronic device queries an internal network address corresponding to the target external network address from an address relation mapping table, the method further includes:
the method comprises the steps that electronic equipment monitors an access request for accessing an external network through an internal network, wherein the access request comprises an external network address and an internal network address;
and the electronic equipment establishes an address relation mapping table according to the external network address and the internal network address included in the access request.
Optionally, the establishing, by the electronic device, an address relationship mapping table according to the extranet address and the intranet address included in the access request includes:
the electronic equipment acquires parameters in the external network address included in the access request;
the electronic equipment establishes a mapping relation among the external network address, the internal network address and the parameters included in the access request;
and the electronic equipment generates an address relation mapping table according to the mapping relation.
Optionally, the querying, by the electronic device, an internal network address corresponding to the target external network address from an address relation mapping table includes:
the electronic equipment extracts target parameters included in the target extranet address;
and the electronic equipment inquires the intranet address corresponding to the target parameter from the address relation mapping table.
Optionally, when the electronic device monitors target data matched with preset monitoring parameters, before acquiring a target external network address corresponding to the target data, the method further includes:
the electronic equipment combines at least one preset keyword and at least one sensitive load to generate a monitoring parameter;
and the electronic equipment monitors target data matched with the monitoring parameters in the specified data website according to a preset monitoring rule.
Optionally, the monitoring, by the electronic device, target data matched with the monitoring parameter in the specified data website according to a preset monitoring rule, including:
the electronic equipment logs in the specified data website by using account information corresponding to the specified data website;
and the electronic equipment monitors target data matched with the monitoring parameters in the specified data website according to a preset monitoring period.
Optionally, the method further comprises:
and if the target external network address does not exist in the database, the electronic equipment stores the target data and the target external network address into the database.
In a second aspect, an embodiment of the present invention provides a data leakage processing apparatus, which is applied to an electronic device, and includes:
the device comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is used for acquiring a target external network address corresponding to target data when the target data matched with preset monitoring parameters are monitored;
the query unit is used for querying an internal network address corresponding to the target external network address from an address relation mapping table if the target external network address does not exist in the database;
and the warning unit is used for determining the user information corresponding to the intranet address and sending out a warning message according to the user information.
In a third aspect, an embodiment of the present invention provides an electronic device, including a processor, a memory, and an output device, where the processor, the memory, and the output device are connected to each other, where the memory is used to store a computer program, and the computer program includes program instructions, and the processor is configured to call the program instructions to execute the method according to the first aspect.
In a fourth aspect, the present invention provides a computer-readable storage medium, which stores a computer program, where the computer program is executed by a processor to implement the method according to the first aspect.
In summary, when the target data matched with the preset monitoring parameter is monitored, the electronic device may obtain a target extranet address corresponding to the target data; if the target extranet address does not exist in the database, the electronic equipment can inquire the intranet address corresponding to the target extranet address from the address relation mapping table so as to determine the user information corresponding to the intranet address, and send out an early warning message according to the user information, so that the function of effectively tracing the data leakage point is realized, and early warning can be timely performed on corresponding suspected data leakage persons or data leakage persons, so that the risk brought by data leakage is reduced.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic flow chart of a data leakage processing method according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of an interface including keywords and sensitive loads according to an embodiment of the present invention;
FIG. 3 is a flow chart illustrating another data leakage processing method according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a data leakage processing apparatus according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be described below with reference to the drawings in the embodiments of the present invention.
Fig. 1 is a schematic flow chart of a data leakage processing method according to an embodiment of the present invention. The method can be applied to electronic devices. The electronic device includes, but is not limited to, a terminal, such as a desktop computer, a router, a server, and the like. In an application scenario, a monitoring program may be run in the electronic device to implement the data leakage processing method provided by the embodiment of the present invention. Specifically, the method may comprise the steps of:
s101, when monitoring target data matched with preset monitoring parameters, the electronic equipment acquires a target external network address corresponding to the target data.
The preset monitoring parameters may include a target keyword and/or a target sensitive load payload. The target keyword may refer to any one or more keywords of at least one preset keyword. For example, the at least one keyword may be a different form of expression of a company logo, such as a different form of expression of a company name abbreviation. As can be seen from fig. 2, the at least one keyword may include: xyd, Xyd. The target sensitive load may refer to any one or more of the preset at least one sensitive load. In one embodiment, the sensitive load may also be referred to as a payload, or a payload. For example, the at least one sensitive payload may be a different representation of the sensitive information, such as a different representation of a username in english. As may be detected from fig. 2, the at least one sensitive load may comprise: USERNAME, PASSSWORD, Username, Password, Smtp, Smtp, Mysql, MYSQL, SMTP. In one embodiment, the monitoring parameter may be generated by combining at least one preset keyword and at least one sensitive load.
The target data matched with the preset monitoring parameters may refer to any one or more data matched with the predicted monitoring parameters, such as code data. In one embodiment, the target data may include a combined result of any of the monitored parameters. The external network address corresponding to the target data may refer to an external Internet Protocol (IP) address and/or an external Uniform Resource Locator (URL) address corresponding to the target data.
S102, if the target external network address does not exist in the database, the electronic equipment inquires an internal network address corresponding to the target external network address from the address relation mapping table.
Wherein the electronic device may query the database for the presence of the target extranet address. If the target extranet address does not exist in the database, the electronic device may query an intranet address corresponding to the target extranet address from the address relation mapping table. In one embodiment, the intranet address may be an intranet IP address.
In one embodiment, the address mapping table may be established according to an external network address and an internal network address.
In one embodiment, the electronic device may monitor an access request for accessing the external network through the internal network before querying the internal network address corresponding to the target external network address from the address relation mapping table, where the access request includes the external network address and the internal network address; and the electronic equipment establishes an address relation mapping table according to the external network address and the internal network address included in the access request.
In one embodiment, the access request may carry an HTTP request (including an extranet address) and an intranet address, such as an intranet IP address 192.168.1.1- > extranet URL/IP address, the URL being HTTPs:// xxx.com/abc/efg, and the IP being HTTPs:// 168.9.9.2/abc/efg.
In one embodiment, the address mapping table may only include the correspondence between the external network address and the internal network address. Or, the address relation mapping table may further include a correspondence between the parameter and the intranet address. Or, the address mapping table may further include mapping relationships between the extranet address, the intranet address, and the parameters. The generation manner of the address map table in the third case will be described below.
In one embodiment, the electronic device establishes an address mapping table according to the extranet address and the intranet address included in the access request, including: the electronic equipment acquires the parameters in the external network address included in the access request; establishing a mapping relation among the external network address, the internal network address and the parameters included in the access request; and the electronic equipment generates an address relation mapping table according to the mapping relation. The parameters include, but are not limited to, nickname parameters, login account numbers, and other information for identifying the user identity. In one embodiment, the nickname parameter may be a user nickname. For example, referring to table 1, a mapping table of address relationships is provided in the embodiment of the present invention.
TABLE 1
| Internal network address | External network address | Parameter(s) |
| 192.168.1.1 | https://xxx.com/AAA/efg | AAA |
| 192.168.1.2 | https://168.9.9.2/BBB/efg | BBB |
| … | … | … |
For example, the electronic device may obtain an extranet URL included in the access request: parameter in https:// xxx.com/AAA/efg: AAA, and establishing an intranet IP address: 192.168.1.1, extranet URL: https:// xxx.com/AAA/efg, and parameters: AAA, and generates an address relationship mapping table as shown in table 1 according to the mapping relationship.
In one embodiment, the querying, by the electronic device, an internal network address corresponding to the target external network address from the address relationship mapping table may include: the electronic equipment extracts target parameters included in the target external network address; and inquiring the intranet address corresponding to the target parameter from the address relation mapping table. For example, the electronic device may extract an extranet URL: target parameters in https:// xxx.com/AAA/efg: AAA; the electronic device may look up the target parameters from table 1: the internal network address corresponding to the AAA: 192.168.1.1.
in an embodiment, considering that there is a case where the user is only a visitor and not a divulger, at this time, the access time of the user to the target extranet address may be determined, and the update time of the page corresponding to the target extranet address may be determined, and if the time interval between the access time and the update time is less than a preset time interval (e.g. 0 days), step S103 may be performed. The time interval is too small, indicating that there is a possibility of disclosure to the user, at which point step S103 may be performed for early warning.
In an embodiment, in consideration of a situation that a plurality of parameters may exist in an extranet address, the electronic device may query, when the target parameter includes one parameter, an intranet address corresponding to the target parameter from the address relation mapping table. When the target parameter comprises a plurality of parameters, a specified parameter of the plurality of parameters may be queried from the address map. The specified parameter is the top-ranked parameter in the target extranet address. For example, the target parameter may comprise a nickname parameter or a plurality of nickname parameters, and the specified parameter may refer to the nickname parameter ranked highest in the target foreign network address.
In one embodiment, if the target extranet address does not exist in the database, the electronic device may further store the target extranet address in the database. Or, the electronic device may also store the target data and the target extranet address into the data. The target foreign network address may then be extracted from the database when it is needed.
In one embodiment, if the target extranet address exists in the database, the electronic device may not perform the storage operation, such as discarding the target extranet address. By adopting the method, the problem of repeated storage of the external network address can be avoided, thereby reducing the storage pressure of the database.
S103, the electronic equipment determines the user corresponding to the intranet address and sends out early warning information according to the user information.
In order to reduce the risk of data leakage, the electronic device may determine user information corresponding to the intranet address, and send out an early warning message according to the user information. The early warning message includes, but is not limited to, sending in the form of mail, short message, and the like.
In an embodiment, the electronic device may determine, according to a preset correspondence between an intranet address and user information, user information corresponding to the queried intranet address. The user information includes, but is not limited to, name and contact information. The user contact information includes but is not limited to contact information such as a mailbox, a telephone number, a social account number and the like.
In one embodiment, the issuing, by the electronic device, an early warning message according to the user information may include: and the electronic equipment sends out early warning information according to the contact information in the user information. For example, the warning message is sent to a mailbox in the user message.
In one embodiment, in addition to issuing an alert for the user, a notification message may be sent at an intra-enterprise discussion platform or the like.
In one embodiment, the electronic device may also send corresponding notification information to the relevant administrator.
In an application scenario, if an employee in an enterprise logs in an external network through an internal network and reveals data (for example, the employee logs in the external network and unintentionally uploads sensitive company information), the electronic device may track out the employee in the enterprise by executing steps S101 to S103, and perform an early warning on the employee in the enterprise.
As can be seen, in the embodiment shown in fig. 1, when target data matching preset monitoring parameters is monitored, the electronic device may acquire a target extranet address corresponding to the target data; if the target extranet address does not exist in the database, the electronic equipment can inquire the intranet address corresponding to the target extranet address from the address relation mapping table so as to determine the user information corresponding to the intranet address and send out an early warning message according to the user information, so that the function of effectively tracing the data leakage point, particularly the data leaked by the staff in an enterprise is realized, and the early warning can be timely carried out on the corresponding suspected data leakage person or the data leakage person, so that the risk brought by the data leakage is reduced.
Fig. 3 is a schematic flow chart of another data leakage processing method according to an embodiment of the present invention. The method can be applied to electronic devices. The electronic device includes but is not limited to a terminal, a router, a server, and the like. In an application scenario, a monitoring program may be run in the electronic device to implement the data leakage processing method provided by the embodiment of the present invention. Specifically, the method may comprise the steps of:
s301, the electronic equipment combines at least one preset keyword and at least one sensitive load to generate a monitoring parameter.
In the embodiment of the invention, the electronic device can combine at least one preset keyword and at least one preset sensitive load to generate the monitoring parameter. A plurality of combination results can be obtained by combining at least one preset keyword and at least one sensitive load. The monitoring parameter may include any one or more of the plurality of combined results.
S302, the electronic equipment monitors target data matched with the monitoring parameters in the specified data website according to a preset monitoring rule.
In the embodiment of the invention, the electronic equipment can monitor the target data matched with the monitoring parameters in the specified data website according to the preset monitoring rule. For example, the specified data website may be a website such as a code hosting website. The target data may include any combination of the monitored parameters.
In one embodiment, the electronic device monitors target data matched with the monitoring parameters in a specified data website according to a preset monitoring rule, including: the electronic equipment logs in the specified data website by using account information corresponding to the specified data website; and the electronic equipment monitors the target data matched with the monitoring parameters in the specified data website according to a preset monitoring period. The account information may include a set account name and a password. The preset monitoring period may be a monitoring period of every minute, hour, or day, etc.
In one embodiment, the process of the electronic device monitoring the target data matching the monitoring parameter in the specified data website may be a process of searching the target data matching the monitoring parameter from the specified data website.
And S303, when monitoring target data matched with the preset monitoring parameters, the electronic equipment acquires a target external network address corresponding to the target data.
S304, if the target external network address does not exist in the database, the electronic equipment queries the internal network address corresponding to the target external network address from the address relation mapping table.
S305, the electronic equipment determines user information corresponding to the intranet address and sends out early warning information according to the user information.
Steps S303 to S305 can refer to the embodiment in fig. 1, and the embodiment of the present invention is not described herein again.
As can be seen, in the embodiment shown in fig. 3, when target data matching preset monitoring parameters is monitored, the electronic device may obtain a target extranet address corresponding to the target data; if the target extranet address does not exist in the database, the electronic equipment can inquire the intranet address corresponding to the target extranet address from the address relation mapping table so as to determine the user information corresponding to the intranet address, and send out an early warning message according to the user information, so that the function of effectively tracing the data leakage point is realized, and early warning can be timely performed on corresponding suspected data leakage persons or data leakage persons, so that the risk brought by data leakage is reduced.
Fig. 4 is a schematic structural diagram of a data leakage processing apparatus according to an embodiment of the present invention. The data leakage processing device can be applied to electronic equipment. The electronic device includes but is not limited to a terminal, a router, a server, and the like. Specifically, the data leakage processing apparatus may include:
an obtaining unit 401, configured to obtain a target extranet address corresponding to target data when the target data matching preset monitoring parameters is monitored;
a query unit 402, configured to query, if the target extranet address does not exist in the database, an intranet address corresponding to the target extranet address from the address relationship mapping table;
and an alarm unit 403, configured to determine a user corresponding to the intranet address, and send an early warning message to the user.
In one embodiment, the data leak processing apparatus may further include a processing unit 404.
In one embodiment, the processing unit 404 is configured to monitor an access request for accessing the extranet through the intranet before querying the intranet address corresponding to the target extranet address from the address mapping table, where the access request includes the extranet address and the intranet address; and establishing an address relation mapping table according to the external network address and the internal network address included in the access request.
In an embodiment, the processing unit 404 is specifically configured to obtain a parameter in an extranet address included in the access request; establishing a mapping relation among the external network address, the internal network address and the parameters included in the access request; and generating an address relation mapping table according to the mapping relation.
In an embodiment, the querying unit 402 is specifically configured to extract a target parameter included in the target extranet address; and inquiring the intranet address corresponding to the target parameter from the address relation mapping table.
In an embodiment, the processing unit 404 is further configured to, when target data matching a preset monitoring parameter is monitored, combine at least one preset keyword and at least one preset sensitive load to generate the monitoring parameter before acquiring a target extranet address corresponding to the target data; and monitoring target data matched with the monitoring parameters in the specified data website according to a preset monitoring rule.
In an embodiment, the processing unit 404 monitors target data matched with the monitoring parameter in the specified data website according to a preset monitoring rule, specifically, logs in the specified data website by using account information corresponding to the specified data website; and monitoring target data matched with the monitoring parameters in the specified data website according to a preset monitoring period.
In one embodiment, the processing unit 404 is further configured to store the target data and the target extranet address in the database if the target extranet address does not exist in the database.
As can be seen, in the embodiment shown in fig. 4, when target data matched with preset monitoring parameters is monitored, the electronic device may obtain a target extranet address corresponding to the target data; if the target extranet address does not exist in the database, the electronic equipment can inquire the intranet address corresponding to the target extranet address from the address relation mapping table so as to determine the user information corresponding to the intranet address, and send out an early warning message according to the user information, so that the function of effectively tracing the data leakage point is realized, and early warning can be timely performed on corresponding suspected data leakage persons or data leakage persons, so that the risk brought by data leakage is reduced.
Fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present invention. The electronic device in the present embodiment as shown in fig. 5 may include: one or more processors 501; one or more input devices 502, one or more output devices 503, and memory 504. In one embodiment, the one or more input devices 502 are optional devices. The processor 501, the input device 502, the output device 503 and the memory 504 are connected by a bus or other means. The memory 504 is used for storing a computer program comprising program instructions and the processor 501 is used for executing the program instructions stored by the memory 504.
In one embodiment, the processor 501 may be a Central Processing Unit (CPU), and the processor may be other general-purpose processors, i.e., a microprocessor or any conventional processor. The memory 504 may include a read-only memory and a random access memory, and provides instructions and data to the processor 501. Therefore, the processor 501 and the memory 504 are not limited herein.
In the embodiment of the present invention, one or more instructions stored in the computer storage medium are loaded and executed by the processor 501 to implement the corresponding steps of the method in the corresponding embodiment; in a specific implementation, at least one instruction in the computer storage medium is loaded by the processor 501 and performs the following steps:
when target data matched with preset monitoring parameters are monitored, a target external network address corresponding to the target data is obtained;
if the target external network address does not exist in the database, inquiring an internal network address corresponding to the target external network address from an address relation mapping table;
and determining user information corresponding to the intranet address, and sending an early warning message according to the user information through the output device 503.
In one embodiment, before querying the internal network address corresponding to the target external network address from the address mapping table, the at least one instruction is loaded by the processor 501 and further configured to perform:
monitoring an access request for accessing an external network through an internal network, wherein the access request comprises an external network address and an internal network address;
and establishing an address relation mapping table according to the external network address and the internal network address included in the access request.
In one embodiment, when the address mapping table is established according to the external network address and the internal network address included in the access request, the at least one instruction is loaded by the processor 501 and is specifically configured to execute:
acquiring parameters in an external network address included in the access request;
establishing a mapping relation among the external network address, the internal network address and the parameters included in the access request;
and generating an address relation mapping table according to the mapping relation.
In one embodiment, when the internal network address corresponding to the target external network address is queried from the address mapping table, the at least one instruction is loaded by the processor 501 and is specifically configured to execute:
extracting target parameters included in the target external network address;
and inquiring the intranet address corresponding to the target parameter from the address relation mapping table.
In an embodiment, when target data matching preset monitoring parameters is monitored, before a target external network address corresponding to the target data is acquired, the at least one instruction is loaded by the processor 501 and is specifically configured to execute:
combining at least one preset keyword and at least one preset sensitive load to generate a monitoring parameter;
and monitoring target data matched with the monitoring parameters in the specified data website according to a preset monitoring rule.
In one embodiment, when target data matching the monitoring parameter in the specified data website is monitored according to a preset monitoring rule, the at least one instruction is loaded by the processor 501 and is specifically configured to execute:
logging in the specified data website by using account information corresponding to the specified data website;
and monitoring target data matched with the monitoring parameters in the specified data website according to a preset monitoring period.
In one embodiment, the at least one instruction is loaded by processor 501 and is further operable to perform:
if the target extranet address does not exist in the database, the target data and the target extranet address are stored in the database.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and can include the processes of the embodiments of the methods described above when the computer program is executed. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), or the like.
While the invention has been described with reference to a number of embodiments, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.
Claims (9)
1. A data leakage processing method, comprising:
when monitoring target data matched with preset monitoring parameters in a specified data website, the electronic equipment acquires a target extranet address corresponding to the target data;
if the target external network address does not exist in the database, the electronic equipment extracts a target parameter included in the target external network address and inquires an internal network address corresponding to the target parameter from an address relation mapping table; the target parameter comprises information for identifying the user identity in the target external network address;
and the electronic equipment determines user information corresponding to the intranet address and sends out early warning information according to the user information.
2. The method according to claim 1, wherein before querying the intranet address corresponding to the target extranet address from the address mapping table, the method further comprises:
the method comprises the steps that electronic equipment monitors an access request for accessing an external network through an internal network, wherein the access request comprises an external network address and an internal network address;
and the electronic equipment establishes an address relation mapping table according to the external network address and the internal network address included in the access request.
3. The method according to claim 2, wherein the electronic device establishes an address mapping table according to the extranet address and the intranet address included in the access request, and the method includes:
the electronic equipment acquires parameters in the external network address included in the access request;
the electronic equipment establishes a mapping relation among the external network address, the internal network address and the parameters included in the access request;
and the electronic equipment generates an address relation mapping table according to the mapping relation.
4. The method according to claim 1, wherein before the electronic device acquires a target external network address corresponding to target data when monitoring the target data matching preset monitoring parameters, the method further comprises:
the electronic equipment combines at least one preset keyword and at least one sensitive load to generate a monitoring parameter;
and the electronic equipment monitors target data matched with the monitoring parameters in the specified data website according to a preset monitoring rule.
5. The method according to claim 4, wherein the electronic device monitors target data matched with the monitoring parameters in a specified data website according to a preset monitoring rule, and the method comprises the following steps:
the electronic equipment logs in the specified data website by using account information corresponding to the specified data website;
and the electronic equipment monitors target data matched with the monitoring parameters in the specified data website according to a preset monitoring period.
6. The method of claim 1, further comprising:
and if the target external network address does not exist in the database, the electronic equipment stores the target data and the target external network address into the database.
7. A data leakage processing device applied to electronic equipment is characterized by comprising:
the system comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is used for acquiring a target extranet address corresponding to target data when the target data matched with preset monitoring parameters are monitored in a specified data website;
the query unit is used for extracting a target parameter included in the target external network address and querying an internal network address corresponding to the target parameter from an address relation mapping table if the target external network address does not exist in the database; the target parameter comprises information for identifying the user identity in the target external network address;
and the warning unit is used for determining the user information corresponding to the intranet address and sending out a warning message according to the user information.
8. An electronic device comprising a processor, a memory and an output device, the processor, the memory and the output device being interconnected, wherein the memory is configured to store a computer program comprising program instructions, and wherein the processor is configured to invoke the program instructions to perform the method of any of claims 1-6.
9. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program which is executed by a processor to implement the method according to any one of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910697321.4A CN110572358B (en) | 2019-07-30 | 2019-07-30 | Data leakage processing method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910697321.4A CN110572358B (en) | 2019-07-30 | 2019-07-30 | Data leakage processing method and device, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110572358A CN110572358A (en) | 2019-12-13 |
| CN110572358B true CN110572358B (en) | 2022-03-22 |
Family
ID=68773290
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910697321.4A Active CN110572358B (en) | 2019-07-30 | 2019-07-30 | Data leakage processing method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110572358B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111294336B (en) * | 2020-01-15 | 2022-11-22 | 深圳开源互联网安全技术有限公司 | Login behavior detection method and device, computer equipment and storage medium |
| CN111984944B (en) * | 2020-08-28 | 2024-04-19 | 重庆小雨点小额贷款有限公司 | Source code processing method, related device and storage medium |
| CN113316109A (en) * | 2021-05-28 | 2021-08-27 | 中国银行股份有限公司 | User information monitoring method and router |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101984603B (en) * | 2010-11-11 | 2013-09-25 | 湖北省电力公司信息通信分公司 | Power sensitive information detection method based on e-mail interception |
| EP3095228B1 (en) * | 2014-01-14 | 2020-09-16 | Reprivata LLC | Network privacy |
| CN104866780B (en) * | 2015-04-24 | 2018-01-05 | 广东电网有限责任公司信息中心 | The leakage-preventing method of unstructured data assets based on classification |
| CN105553956A (en) * | 2015-12-09 | 2016-05-04 | 国家电网公司 | Mail blocking method and device based on sensitive information recognition |
| CN107846405B (en) * | 2017-10-31 | 2020-11-10 | 北京百悟科技有限公司 | Control system for internal and external network file mutual access and implementation method |
| CN109218168A (en) * | 2018-09-26 | 2019-01-15 | 江苏神州信源系统工程有限公司 | The blocking-up method and device of sensitive e-mail messages |
-
2019
- 2019-07-30 CN CN201910697321.4A patent/CN110572358B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN110572358A (en) | 2019-12-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9871817B2 (en) | Social engineering simulation workflow appliance | |
| CN110572358B (en) | Data leakage processing method and device, electronic equipment and storage medium | |
| JP4809477B2 (en) | Email address verification | |
| US8214897B2 (en) | System and method for usage-based misinformation detection and response | |
| US10887261B2 (en) | Dynamic attachment delivery in emails for advanced malicious content filtering | |
| US20150127678A1 (en) | Event triggered service for the lightweight directory access protocol | |
| CN110795315A (en) | Method and device for monitoring service | |
| US20160149948A1 (en) | Automated Cyber Threat Mitigation Coordinator | |
| CN111756745B (en) | Alarm method, alarm device, terminal equipment and computer readable storage medium | |
| CN112118238B (en) | Method, device, system, equipment and storage medium for authenticating login | |
| CN110728498A (en) | Information interaction method and device | |
| CN112733001A (en) | Method and device for acquiring subscription information and electronic equipment | |
| US10560473B2 (en) | Method of network monitoring and device | |
| EP3349410B1 (en) | Method and system for executing a transaction request using a communication channel | |
| CN113672475B (en) | Alarm processing method and device, computer equipment and storage medium | |
| US11258768B2 (en) | Optimization of the isolation and disabling of unauthorized applications by detection of false positives | |
| JP5674991B1 (en) | Personal information leak monitoring system, personal information leak monitoring method, and personal information leak monitoring program | |
| CN113778709B (en) | Interface calling method, device, server and storage medium | |
| US11134062B1 (en) | Isolating and disabling unauthorized applications | |
| US20220021655A1 (en) | Optimization of redundant usage patterns based on historical data and security constraints | |
| CN107909345A (en) | The processing method and processing device of work order | |
| WO2016199582A1 (en) | Cyberattack countermeasure range prioritizing system, and cyberattack countermeasure range prioritizing method | |
| US20160156600A1 (en) | Methods for universal resource identifier (‘uri’) integration | |
| CN115391632A (en) | Data query system, method, device and computer equipment based on RestFul protocol | |
| JP2017091472A (en) | Management server and management method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |