CN110636038A - Account number analysis method, account number analysis device, security gateway and system - Google Patents
Account number analysis method, account number analysis device, security gateway and system Download PDFInfo
- Publication number
- CN110636038A CN110636038A CN201910687178.0A CN201910687178A CN110636038A CN 110636038 A CN110636038 A CN 110636038A CN 201910687178 A CN201910687178 A CN 201910687178A CN 110636038 A CN110636038 A CN 110636038A
- Authority
- CN
- China
- Prior art keywords
- account
- field
- login
- account number
- flow
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004458 analytical method Methods 0.000 title claims abstract description 24
- 238000000034 method Methods 0.000 claims abstract description 43
- 238000000605 extraction Methods 0.000 claims abstract description 10
- 238000012545 processing Methods 0.000 claims description 43
- 238000003860 storage Methods 0.000 claims description 12
- 238000012790 confirmation Methods 0.000 claims description 6
- 238000007405 data analysis Methods 0.000 claims description 5
- 238000004891 communication Methods 0.000 claims description 4
- 238000010586 diagram Methods 0.000 description 17
- 230000006399 behavior Effects 0.000 description 7
- 230000003993 interaction Effects 0.000 description 6
- 238000011161 development Methods 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 5
- 238000003058 natural language processing Methods 0.000 description 4
- 230000003287 optical effect Effects 0.000 description 4
- 238000012795 verification Methods 0.000 description 4
- 230000008901 benefit Effects 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 230000004044 response Effects 0.000 description 3
- 238000012706 support-vector machine Methods 0.000 description 3
- 101000695861 Arabidopsis thaliana Brefeldin A-inhibited guanine nucleotide-exchange protein 5 Proteins 0.000 description 2
- 230000000875 corresponding effect Effects 0.000 description 2
- 238000013075 data extraction Methods 0.000 description 2
- 238000001514 detection method Methods 0.000 description 2
- 238000005206 flow analysis Methods 0.000 description 2
- 230000014509 gene expression Effects 0.000 description 2
- 230000005012 migration Effects 0.000 description 2
- 238000013508 migration Methods 0.000 description 2
- 238000010606 normalization Methods 0.000 description 2
- 238000002360 preparation method Methods 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 238000005215 recombination Methods 0.000 description 2
- 230000006798 recombination Effects 0.000 description 2
- 231100000279 safety data Toxicity 0.000 description 2
- GNFTZDOKVXKIBK-UHFFFAOYSA-N 3-(2-methoxyethoxy)benzohydrazide Chemical compound COCCOC1=CC=CC(C(=O)NN)=C1 GNFTZDOKVXKIBK-UHFFFAOYSA-N 0.000 description 1
- FGUUSXIOTUKUDN-IBGZPJMESA-N C1(=CC=CC=C1)N1C2=C(NC([C@H](C1)NC=1OC(=NN=1)C1=CC=CC=C1)=O)C=CC=C2 Chemical compound C1(=CC=CC=C1)N1C2=C(NC([C@H](C1)NC=1OC(=NN=1)C1=CC=CC=C1)=O)C=CC=C2 FGUUSXIOTUKUDN-IBGZPJMESA-N 0.000 description 1
- YTAHJIFKAKIKAV-XNMGPUDCSA-N [(1R)-3-morpholin-4-yl-1-phenylpropyl] N-[(3S)-2-oxo-5-phenyl-1,3-dihydro-1,4-benzodiazepin-3-yl]carbamate Chemical compound O=C1[C@H](N=C(C2=C(N1)C=CC=C2)C1=CC=CC=C1)NC(O[C@H](CCN1CCOCC1)C1=CC=CC=C1)=O YTAHJIFKAKIKAV-XNMGPUDCSA-N 0.000 description 1
- 230000009471 action Effects 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 230000002596 correlated effect Effects 0.000 description 1
- 230000004069 differentiation Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000007639 printing Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
- G06F21/6263—Protecting personal data, e.g. for financial or medical purposes during internet communication, e.g. revealing personal data from cookies
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Databases & Information Systems (AREA)
- Medical Informatics (AREA)
- Computing Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the invention provides an account number analyzing method, an account number analyzing device, a security gateway and a system. The account analysis method is used for account discovery and extraction associated with sensitive data, and comprises the following steps: analyzing the application data, determining login flow, and identifying the flow with sensitive information; determining an account credential field based on the login flow and the flow common field with the sensitive information; and determining an account field through the login flow and the account credential field. By adopting the scheme, the corresponding account can be extracted based on the analysis of the sensitive information, and the personnel of the application operation can be accurately positioned.
Description
Technical Field
The invention relates to the technical field of enterprise network security, in particular to an account number analysis method and device based on an application data security gateway and electronic equipment.
Background
With the development of the era, the advancement of technology, and the continuous change of business applications, data has become an important asset in production. In the current big data age, data assets continue to create value during the course of flow and use, and produce new data. With the evolution of IT architecture and the development of business application, data flow has become a normal state, and the situation of data static storage slowly becomes rare. The scope of data asset migration is expanding, changing from single business, data within a single system, to cross-business, cross-system, or even cross-organizational data migration in the past. In the face of this expanding range of asset circulation, the security challenges facing data assets are also increasing.
Fig. 1 shows a schematic diagram of a topology structure in an application data streaming system in the prior art, from which it can be seen that the main problems facing application data security are:
internal business personnel usually have legal authority to access sensitive data of an application system, and managers lack means to supervise whether users comply with the authority or not and whether business data are accessed for non-working reasons or not. The third-party partner in the organization is restricted by the management authority because the third-party partner accesses the sensitive data of the own application system in a business cooperation mode, the risk level of the third-party partner is higher than that of internal business personnel, and the behavior of illegally accessing the sensitive data from the application system is possible. In addition, with the development of services, a large number of data interfaces exist in the application system and can transmit sensitive data outwards, and behaviors of third-party application systems to pull data through the interfaces in a violation mode may exist. If the above conditions are not managed, data stealing/misuse/interception events are easy to occur, resulting in bad influence and loss.
Disclosure of Invention
In view of this, embodiments of the present invention provide an account analyzing and extracting method and apparatus associated with sensitive data, and an electronic device, which at least partially solve the problems in the prior art.
In a first aspect, an embodiment of the present invention provides an account parsing method based on an application data security gateway, where the account parsing method is used for discovering and extracting an account associated with sensitive data, and includes:
analyzing the application data, determining login flow, and identifying the flow with sensitive information;
determining an account credential field based on the login flow and the flow common field with the sensitive information;
and determining an account field through the login flow and the account credential field.
According to a specific implementation manner of the embodiment of the present invention, the determining, based on the login traffic and the traffic with the sensitive information, an account credential field includes:
analyzing the flow with the sensitive information to obtain a first account certificate field set;
analyzing the login flow to obtain an account number field set and a second account number certificate field set;
and determining the account number voucher field according to the intersection of the set of the first account number voucher field and the set of the second account number voucher field.
According to a specific implementation manner of the embodiment of the present invention, the analyzing the traffic with the sensitive information to obtain a first account credential field set is as follows:
and recommending possible account number certificate fields in the traffic with the sensitive information based on the pre-stored account number certificate fields to form a first account number certificate field set.
According to a specific implementation manner of the embodiment of the present invention, the analyzing the login traffic to obtain a set of account fields and a set of second account credential fields is as follows:
recommending possible account number fields in the login flow based on prestored account number certificate fields to form an account number field set; and
and recommending possible account number certificate fields in the login flow based on the pre-stored account number certificate fields to form a second account number certificate field set.
According to a specific implementation manner of the embodiment of the present invention, the account field is determined to be, by the login flow and the account credential field:
and after determining the configured account credential field according to the intersection of the set of the first account credential field and the set of the second account credential field, associating the account credential field with an account credential field obtained by analysis in login traffic, and further discovering the account field obtained by analysis in the login traffic.
According to a specific implementation manner of the embodiment of the present invention, the application data is obtained as follows:
receiving application data mirrored from the switch, the application data including login data and information returned by the application server according to the user request.
In a second aspect, the present invention further provides an embodiment of an account resolution apparatus based on an application data security gateway, configured to discover and extract an account associated with sensitive data, including:
the application data analysis module is used for analyzing the application data, determining login flow and identifying the flow with sensitive information;
the account certificate field determining module is used for determining an account certificate field based on the login flow and the flow common field with the sensitive information;
and the account field confirmation module is used for determining the account field through the login flow and the account certificate field.
According to a specific implementation manner of the embodiment of the present invention, the account credential field determining module includes:
the first set acquisition unit is used for analyzing the flow with the sensitive information to acquire a first account certificate field set;
the second set acquisition unit is used for analyzing the login flow to acquire an account field set and a second account certificate field set;
and the account credential field confirmation unit is used for determining the account credential field according to the intersection of the set of the first account credential field and the set of the second account credential field.
According to a specific implementation manner of the embodiment of the present invention, the analyzing the traffic with the sensitive information to obtain a first account credential field set is as follows:
and recommending possible account number certificate fields in the traffic with the sensitive information based on the pre-stored account number certificate fields to form a first account number certificate field set.
According to a specific implementation manner of the embodiment of the present invention, the analyzing the login traffic to obtain a set of account fields and a set of second account credential fields is as follows:
recommending possible account number fields in the login flow based on prestored account number certificate fields to form an account number field set; and
and recommending possible account number certificate fields in the login flow based on the pre-stored account number certificate fields to form a second account number certificate field set.
According to a specific implementation manner of the embodiment of the present invention, the account field is determined to be, by the login flow and the account credential field:
and after determining the configured account credential field according to the intersection of the set of the first account credential field and the set of the second account credential field, associating the account credential field with an account credential field obtained by analysis in login traffic, and further discovering the account field obtained by analysis in the login traffic.
According to a specific implementation manner of the embodiment of the present invention, the sensitive information is obtained by:
receiving application data mirrored from the switch, the application data including login data and information returned by the application server according to the user request.
In a third aspect, the present invention further provides an embodiment of a security gateway, including:
at least one processing device; and the number of the first and second groups,
a memory communicatively coupled to the at least one processing device; wherein,
the memory stores instructions executable by the at least one processing device to enable the at least one processing device to perform any one of the account resolution methods of the application data security gateway.
In a fourth aspect, the present invention further provides an embodiment of an application data gateway system, including:
the data processing system comprises an application data request end and a data center;
the data center comprises a switch, a security gateway and a plurality of application servers;
the application data request terminal is connected with the application server through a switch;
the security gateway is used for mirroring application data from the switch and comprises at least one processing device and a memory which is in communication connection with the at least one processing device; wherein,
the memory stores instructions executable by the at least one processing device to enable the at least one processing device to perform any one of the account resolution methods of an application data based security gateway.
In a fifth aspect, the present invention provides a non-transitory computer-readable storage medium embodiment storing computer instructions for enabling the at least one processing device to perform any one of the aforementioned account resolution methods based on an application data security gateway.
According to the embodiment of the invention, the corresponding account can be extracted based on the analysis of the sensitive information, and the personnel of the application operation can be accurately positioned.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
FIG. 1 is a diagram illustrating a topology in an application data flow system in the prior art;
FIG. 2 is a schematic topology diagram illustrating an embodiment of an application data gateway system of the present invention;
FIG. 3 is a flowchart illustrating steps of an embodiment of an account resolution method based on an application data security gateway according to the present invention;
FIG. 3A is a schematic diagram illustrating information interaction of an application data security gateway to obtain an account field and an account credential field based on login traffic;
FIG. 3B illustrates an information interaction diagram showing an application data security gateway obtaining account credential fields based on login traffic and traffic with sensitive information;
FIG. 4 is a flowchart illustrating steps of determining an account credential field in an embodiment of the account resolution method based on the application data security gateway according to the present invention;
FIG. 5 is a flowchart illustrating steps of an account resolution method based on an application data security gateway according to another embodiment of the present invention
FIG. 6 is a block diagram illustrating an embodiment of an account resolution device based on an application data security gateway according to the present invention;
fig. 7 is a block diagram illustrating a structure of an account credential field determination module in an embodiment of an account resolution apparatus based on an application data security gateway according to the present invention;
fig. 8 shows a block diagram of the architecture of one embodiment of the security gateway of the present invention.
Detailed Description
Embodiments of the present invention will be described in detail below with reference to the accompanying drawings.
The embodiments of the present disclosure are described below with specific examples, and other advantages and effects of the present disclosure will be readily apparent to those skilled in the art from the disclosure in the specification. It is to be understood that the described embodiments are merely illustrative of some, and not restrictive, of the embodiments of the disclosure. The disclosure may be embodied or carried out in various other specific embodiments, and various modifications and changes may be made in the details within the description without departing from the spirit of the disclosure. It is to be noted that the features in the following embodiments and examples may be combined with each other without conflict. All other embodiments, which can be derived by a person skilled in the art from the embodiments disclosed herein without making any creative effort, shall fall within the protection scope of the present disclosure.
It is noted that various aspects of the embodiments are described below within the scope of the appended claims. It should be apparent that the aspects described herein may be embodied in a wide variety of forms and that any specific structure and/or function described herein is merely illustrative. Based on the disclosure, one skilled in the art should appreciate that one aspect described herein may be implemented independently of any other aspects and that two or more of these aspects may be combined in various ways. For example, an apparatus may be implemented and/or a method practiced using any number of the aspects set forth herein. Additionally, such an apparatus may be implemented and/or such a method may be practiced using other structure and/or functionality in addition to one or more of the aspects set forth herein.
It should be noted that the drawings provided in the following embodiments are only for illustrating the basic idea of the present disclosure, and the drawings only show the components related to the present disclosure rather than the number, shape and size of the components in actual implementation, and the type, amount and ratio of the components in actual implementation may be changed arbitrarily, and the layout of the components may be more complicated.
In addition, in the following description, specific details are provided to facilitate a thorough understanding of the examples. However, it will be understood by those skilled in the art that the aspects may be practiced without these specific details.
The application data stream conversion system in the prior art comprises an application data request end and a data center; the data center comprises a switch, a security gateway and a plurality of application servers; the application data request terminal is connected with the application server through the switch. The application data request terminal can be an internal business person, a third party partner or an interface server for providing through services to the outside. Of course, other forms of terminals with other functions are also possible. During data flow between the requesting end and the application server, the following data security problems may be latent:
firstly, internal service personnel use legal authority for accessing sensitive data of an application system to cause data stealing or data abuse phenomenon due to illegal operation;
the behavior that the second and third-party partners illegally access the sensitive data from the application system due to the fact that the business partners access the sensitive data of the own application system;
and thirdly, sensitive data are not desensitized when the interface providing services to the outside transmits the sensitive data, so that data security risks are caused.
However, in the prior art, the association matching between the sensitive data and the account is inflexible and weak, and the sensitive data is quickly associated with the account, which is very important for tracing the source of the sensitive data.
Referring to fig. 2, fig. 2 shows an embodiment of the application data gateway system of the present invention, which includes:
the data processing system comprises an application data request end and a data center. The data center comprises a switch, a security gateway and a plurality of application servers; and the application data request terminal is connected with the application server through a switch. As mentioned above, the data request end can be an internal business person, a third party partner, or an interface server for providing through services to the outside
The security gateway is used for mirroring application data from the switch and comprises at least one processing device and a memory which is in communication connection with the at least one processing device; wherein,
the memory stores instructions executable by the at least one processing device to enable the at least one processing device to perform an account resolution method based on an application data security gateway.
Of course, the data center may also include a data security management and analysis system. And further analyzing, presenting, managing and the like the data acquired by the application data security gateway.
Next, the account analysis method based on the application data security gateway will be described.
Referring to fig. 3, fig. 3 is a flowchart illustrating steps of an embodiment of an account resolution method based on an application data security gateway, for account discovery and extraction associated with sensitive data, including:
s310, analyzing the application data, determining login flow, and identifying the flow with sensitive information;
the application data in this step is acquired as follows: and receiving application data mirrored from the switch, wherein the application data is information returned by the application server according to the user request.
The application data comprises two types, which are respectively 1) login flow; and 2) traffic with sensitive information:
1) and the flow rate of the log-in is recorded,
the login traffic contains two important pieces of information, one is the field of the account number, and the other is the credential field of the account number.
For example, when logging in the OA system, the keywords of the account field may be the account keywords of user name, loginname, name, user, and so on, and therefore, similar recommendation keywords, user name, loginname, name, and user, are preset in the system. The keywords of the account certificate field can be sessionid, jsessionid and the like, and similar recommendation keywords are preset in the system. And finding the login flow through preset keywords and keyword recommendation and search.
2) Traffic with sensitive information
The traffic is discovered through a recommendation strategy, and the traffic does not contain account keywords, but has a field containing account certificate keywords.
In one embodiment, the recommendation policy is recommended based on built-in keywords. Generally, the key words of the account credential field may be sessionid, jsessionid, and so on, and the key words are first built in
The data of the application data gateway mirror image has safety data and sensitive data, and the account needs to be further analyzed after the sensitive data is found through the identification algorithm of the sensitive data. That is, it is necessary to perform the following steps. If the step is a safety step, no processing is performed. After the application data gateway receives the application data mirrored from the switch, the flow analysis and restoration are required. For example, in one embodiment, the traffic of the application system uses http protocol, that is, the http protocol is used to carry service requests and responses of the application, and to see the behavior of the user accessing data through the application, the traffic needs to be parsed and restored.
Before data analysis, it is necessary to receive traffic. In the flow receiving link, the DPDK technology development can be adopted, a network protocol stack is adopted for realizing a complete network forwarding mode, and the method can be suitable for various flow types. The interface supports deployment modes such as concatenation and bypass. And then, the data packet is converted into the data stream through the recombination of the flow, so that the content is more conveniently processed. Compared with the traditional data packet-based processing mode, the stream engine has obvious advantages in the aspects of performance and accuracy.
In specific implementation, a content parsing engine is further provided, which has a rich content format feature library and can automatically identify the content format, for example, url, mime, sql, gzip, invert, chunk, xml, json, html, file, and the like. Moreover, the feature library supports upgrading and updating, can customize format features and has good adaptability.
S320, determining an account credential field based on the login flow and the flow common field with the sensitive information.
As can be seen from the above description of step S310, the common field of the login traffic and the traffic with sensitive information may be the account credential field.
Referring specifically to fig. 4, this step may be implemented as follows:
and step S410, analyzing the flow with the sensitive information to obtain a first account credential field set. The first account credential field may be obtained as follows: based on the pre-stored account credential field, in the traffic with the sensitive information, a possible account credential field is recommended, which may be sessionid, jsessionid, token, or the like, to form a first account credential field set.
Step S420, analyzing the login flow to obtain an account field set and a second account credential field set; this step can be achieved by:
recommending possible account number fields in the login flow based on prestored account number certificate fields to form an account number field set;
and recommending possible account number certificate fields in the login flow based on the pre-stored account number certificate fields to form a second account number certificate field set.
Step S430, determining an account credential field according to an intersection of the set of the first account credential field and the set of the second account credential field.
S330, determining an account field through the login flow and the account credential field.
Specifically, after the account credential field is determined, the account credential field is compared with the associated login traffic to resolve the account field.
For example, through the above steps, the configured account credential field is a, and the associated login traffic includes two parts of data, an account field B and a second account credential field C. In the actual analysis process, if the login flow and the flow with the sensitive data are correlated, A is the same as C. And then, determining an account field B through a second account certificate field C as an intermediary, further obtaining an account and accurately positioning an operator.
After the account number field is determined, the operator can be accurately positioned through the account number.
Referring to fig. 3A, fig. 3A is a schematic diagram illustrating information interaction among a user, a browser, an application server, and an application data security gateway, wherein the application data security gateway obtains an account through the information interaction. The method specifically comprises the following interaction processes:
step a: the user A opens a login page of the application system, the application system generates an account login credential ID (such as token, sessionID, jsssesson, etc.),
step b: the application system logs in the ID of the certificate and sends the ID to the browser;
step c: and the user A inputs an input account number and a password and clicks to log in.
Step d: the browser sends the account number, the password, the login credential ID and the requested interface (URL) to an application server;
step e: the application server verifies the login credentials ID, verifies the ID, password,
step f: the application server returns success or failure to the browser
Step g: the browser displays the result returned by the server
Step h: and mirroring the traffic, the browser and the application server traffic by the application data security gateway, analyzing a data set M comprising the account number and the account number voucher ID, and storing the data set M in a memory by taking the account number voucher ID as a key.
Referring to fig. 3B, an information interaction diagram illustrating an application data security gateway obtaining account credential fields based on login traffic and traffic with sensitive information is shown. The flow chart takes the example of user A performing a business operation, such as, for example, submitting a leave form on an OA system
Step i: user behavior input business parameters (such as leave time, post, etc.), click submission
Step j: the browser sends the input parameters, the login credential ID and the requested interface (URL) to the application server;
step k: the application server checks the login certificate ID and executes response operation according to the requested interface (URL) and the input parameters;
step l: the application server returns the result to the browser;
step m: the browser displays the result returned by the server
Step n: mirroring flow, browser and application server flow, of the application data security gateway, and analyzing an account number certificate ID data set N;
step o: the data sets N and M are related through the ID of the account certificate, and the account is found from M
Step p: printing sensitive labels on account numbers and account number certificate IDs
Step q: and determining a user corresponding to the account and the account certificate ID.
Further, in the above-described steps S320 and S330, data type identification is also involved. In particular implementations, the data type recognition techniques involve NLP (natural language processing), SVM (support vector machine), content search, and the like. The data type identification technology has a plurality of characteristics in realization, which are mainly expressed in the following aspects:
in the encoding formats of the embodiment of the invention, various encoding formats such as GB2312, GBK, GB18030, BIG5, Korean/Japanese and the like can be automatically identified, and are uniformly converted into a Unicode format through normalization processing, so that preparation is made for further processing.
In one embodiment, content search and matching is based on a content detection approach that supports matching based on keywords/dictionaries, regular expressions, and data identifiers, the keywords/support fuzzy matching using wildcard characters/?, case differentiation, statistics of repeated and non-repeated hits, and the data identifiers are special strings that add validity verification, which can improve the accuracy of verification of specific strings (e.g., identification numbers, credit card numbers, etc.).
In addition, the embodiment of the invention supports more than 100 data types, including definitions of common data types such as mobile phone numbers, identification numbers, names, bank card numbers and the like. Data extraction, whether structured format data, such as client or employee data in an application; or unstructured formatted data such as Office or PDF documents, may be scanned and extracted.
The logic of the account analysis of this embodiment is divided into two parts: recommendation and configuration. The recommendation will match all traffic according to the preconfigured keywords and recommend all suspicious account fields. The configuration will selectively decide which field to use as the account and which field to use as the account credential field based on the recommended results. Because the recommended information of the embodiment is complete, the selectable configuration content is more and relatively flexible.
In other words, the present embodiment embeds abundant account numbers and account number voucher keywords, and can precisely locate the relevant fields through the account numbers or the account number voucher keywords and extract account number information. Compared with the traditional mode that keywords are extracted from application system requests, the position of the account extraction method is very flexible, and the account extraction method can support account extraction from many positions, such as information XXX extracted from 'welcome you, XXX' to serve as an account.
Preferably, the present invention further provides an embodiment of an account resolution method based on an application data security gateway, and with reference to fig. 5, the method includes the following steps:
s510, analyzing the application data and identifying the flow with the sensitive information;
s520, identifying an application system related to the application data;
s530, inquiring a preset account knowledge base;
s540, judging whether the account knowledge base has the account of the application system and the method for extracting the account certificate or not,
if yes, step S550 is executed, and the account credential are analyzed by using a method in the account repository.
The content in the account knowledge base is constructed according to the account analysis method based on the application data security gateway. In any application system, the login interface is fixed, that is, the url is fixed, by adopting the method such as that shown in fig. 3, the method for analyzing and configuring the login traffic generates a specific method for analyzing and extracting the account and account credentials of a certain application system, and saves the method as a configuration file.
This configuration can be reused the next time the same application is encountered. For example, OA systems of the same manufacturer are used in different enterprises, and when the ADSG is deployed in different enterprises, the configuration of the OA application system in one enterprise is available on the ADSG of another enterprise.
If the method for extracting the account and the account credential of the application system does not exist in the account knowledge base in the step S540, the embodiment shown in fig. 3 is directly adopted for re-analysis, and then the following steps are performed:
s560, determining account credential fields based on the login traffic and the traffic sharing fields with sensitive information;
s570, determining an account field through the login flow and the account credential field.
In the embodiment, the account knowledge base of the application system is generated by analyzing the behavior of the application system. Based on the knowledge base, the association mode of the account and each interface is established, and the personnel of application operation are accurately positioned.
In another aspect, the present invention further provides an embodiment of an account resolution device based on an application data security gateway, configured to discover and extract an account associated with sensitive data, and referring to fig. 6, a structural block diagram of the account resolution device is shown, where the structural block diagram includes:
and the application data analysis module 60 is used for analyzing the application data, determining login flow and identifying flow with sensitive information.
The application data in the module is acquired in the following way: and receiving application data mirrored from the switch, wherein the application data is information returned by the application server according to the user request.
The application data comprises two types, which are respectively 1) login flow; and 2) traffic with sensitive information:
1) and the flow rate of the log-in is recorded,
the login traffic contains two important pieces of information, one is the field of the account number, and the other is the credential field of the account number.
For example, when logging in the OA system, the keywords of the account field may be the account keywords of user name, loginname, name, user, and so on, and therefore, similar recommendation keywords, user name, loginname, name, and user, are preset in the system. The keywords of the account certificate field can be sessionid, jsessionid and the like, and similar recommendation keywords are preset in the system. And finding the login flow through preset keywords and keyword recommendation and search.
2) Traffic with sensitive information
The traffic is discovered through a recommendation strategy, and the traffic does not contain account keywords, but has a field containing account certificate keywords.
The data of the application data gateway mirror image has safety data and sensitive data, and the account needs to be further analyzed after the sensitive data is found through the identification algorithm of the sensitive data. That is, it is necessary to perform the following steps. If the step is a safety step, no processing is performed. After the application data gateway receives the application data mirrored from the switch, the flow analysis and restoration are required. For example, in one embodiment, the traffic of the application system uses http protocol, that is, the http protocol is used to carry service requests and responses of the application, and to see the behavior of the user accessing data through the application, the traffic needs to be parsed and restored.
Before data analysis, it is necessary to receive traffic. In the flow receiving link, the DPDK technology development can be adopted, a network protocol stack is adopted for realizing a complete network forwarding mode, and the method can be suitable for various flow types. The interface supports deployment modes such as concatenation and bypass. And then, the data packet is converted into the data stream through the recombination of the flow, so that the content is more conveniently processed. Compared with the traditional data packet-based processing mode, the stream engine has obvious advantages in the aspects of performance and accuracy.
In specific implementation, a content parsing engine is further provided, which has a rich content format feature library and can automatically identify the content format, for example, url, mime, sql, gzip, invert, chunk, xml, json, html, file, and the like. Moreover, the feature library supports upgrading and updating, can customize format features and has good adaptability.
And an account credential field determining module 61, configured to determine an account credential field based on the login traffic and the traffic shared field with the sensitive information.
As described above for the application data parsing module 60, it can be seen that the common fields of the login traffic and the traffic with sensitive information may be the account credential fields.
Referring specifically to fig. 7, the account credential field determination module 61 may include:
the first set obtaining unit 611 is configured to analyze the traffic with the sensitive information to obtain a first account credential field set. The first account credential field may be obtained as follows: and recommending possible account number certificate fields in the traffic with the sensitive information based on the pre-stored account number certificate fields to form a first account number certificate field set.
A second set obtaining unit 612, configured to analyze the login traffic to obtain an account field set and a second account credential field set; the module can be realized by the following modes:
recommending possible account number fields in the login flow based on prestored account number certificate fields to form an account number field set;
and recommending possible account number certificate fields in the login flow based on the pre-stored account number certificate fields to form a second account number certificate field set.
An account field confirmation module 613, configured to determine an account credential field according to an intersection of the set of the first account credential field and the set of the second account credential field.
And an account field confirmation module 62, configured to determine an account field through the login traffic and the account credential field.
In particular, the account field may be determined for excluding the account credential field from the set of account fields. And after the account number voucher field is determined, comparing the account number voucher field with the associated login flow, and analyzing the account number field. After the account number field is determined, the operator can be accurately positioned through the account number.
Data type identification is also involved in the account credential field determination module 61 and the account field validation module 62 described above. In particular implementations, the data type recognition techniques involve NLP (natural language processing), SVM (machine learning), content search, and the like. The data type identification technology has a plurality of characteristics in realization, which are mainly expressed in the following aspects:
in the encoding formats of the embodiment of the invention, various encoding formats such as GB2312, GBK, GB18030, BIG5, Korean/Japanese and the like can be automatically identified, and are uniformly converted into a Unicode format through normalization processing, so that preparation is made for further processing.
In one embodiment, content search and matching is the most basic content detection method, and matching is supported according to keywords/dictionaries, regular expressions and data identifiers, the keywords/support fuzzy matching is realized by using wildcards/?, case distinguishing is supported, repeated and non-repeated hit content is counted, and the data identifiers are special character strings with added legality verification, so that the verification accuracy of specific character strings (such as identity card numbers, credit card numbers and the like) can be improved.
In addition, the embodiment of the invention supports more than 100 data types, including definitions of common data types such as mobile phone numbers, identification numbers, names, bank card numbers and the like. Data extraction, whether structured format data, such as client or employee data in an application; or unstructured formatted data such as Office or PDF documents, may be scanned and extracted.
The logic of the account analysis of this embodiment is divided into two parts: recommendation and configuration. The recommendation will match all traffic according to the preconfigured keywords and recommend all suspicious account fields. The configuration will selectively decide which field to use as the account and which field to use as the account credential field based on the recommended results. Because the recommended information of the embodiment is complete, the selectable configuration content is more and relatively flexible.
In other words, the present embodiment embeds abundant account numbers and account number voucher keywords, and can precisely locate the relevant fields through the account numbers or the account number voucher keywords and extract account number information. Compared with the traditional mode that keywords are extracted from application system requests, the position of the account extraction method is very flexible, and the account extraction method can support account extraction from many positions, such as information XXX extracted from 'welcome you, XXX' to serve as an account.
The embodiment of the invention also provides an embodiment of a security gateway, which comprises at least one processing device; and a memory communicatively coupled to the at least one processing device; the memory stores instructions executable by the at least one processing device, and the instructions are executed by the at least one processing device to enable the at least one processing device to execute the account number analysis method based on the application data security gateway.
Referring now to FIG. 8, a schematic diagram of a security gateway 80 suitable for use in implementing embodiments of the present disclosure is shown.
As shown in fig. 8, security gateway 80 may include a processing device 801 that may perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM)802 or a program loaded from a storage device 806 into a Random Access Memory (RAM) 803. In the RAM 803, various programs and data necessary for the operation of the security gateway 80 are also stored. The processing apparatus 801, the ROM 802, and the RAM 803 are connected to each other by a bus 804. Further, a communication device 807 is connected to the bus 804. The security gateway 80 stores instructions executable by the at least one processing device 801 that, when executed, may enable the processing device to perform the aforementioned account resolution method based on an application data security gateway.
Furthermore, the present invention provides a non-transitory computer-readable storage medium embodiment storing computer instructions for enabling the at least one processing device to perform any one of the aforementioned account resolution methods based on an application data security gateway.
It should be noted that the computer readable medium in the present disclosure can be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In contrast, in the present disclosure, a computer readable signal medium may comprise a propagated data signal with computer readable program code embodied therein, either in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: electrical wires, optical cables, RF (radio frequency), etc., or any suitable combination of the foregoing.
The computer readable medium may be embodied in the security gateway; or may exist separately and not be incorporated into the security gateway.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units described in the embodiments of the present disclosure may be implemented by software or hardware. Where the name of a unit does not in some cases constitute a limitation of the unit itself, for example, the first retrieving unit may also be described as a "unit for retrieving at least two internet protocol addresses".
It should be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof.
The above description is only for the specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (15)
1. An account parsing method based on an application data security gateway, which is used for account discovery and extraction associated with sensitive data, includes:
analyzing the application data, determining login flow, and identifying the flow with sensitive information;
determining an account credential field based on the login flow and the flow common field with the sensitive information;
and determining an account field through the login flow and the account credential field.
2. The account resolution method of claim 1, wherein the determining an account credential field based on the login traffic and the traffic with sensitive information comprises:
analyzing the flow with the sensitive information to obtain a first account certificate field set;
analyzing the login flow to obtain an account number field set and a second account number certificate field set;
and determining the configured account credential field according to the intersection of the set of the first account credential field and the set of the second account credential field.
3. The account resolution method according to claim 2, wherein the resolving the traffic with the sensitive information obtains a first set of account credential fields as:
and recommending possible account number certificate fields in the traffic with the sensitive information based on the pre-stored account number certificate fields to form a first account number certificate field set.
4. The account resolution method according to claim 3, wherein the resolving the login traffic obtains a set of account fields and a set of second account credential fields as:
recommending possible account number fields in the login flow based on prestored account number certificate fields to form an account number field set; and
and recommending possible account number certificate fields in the login flow based on the pre-stored account number certificate fields to form a second account number certificate field set.
5. The account resolution method according to any one of claims 2 to 4, wherein the account field is determined by the login traffic and the account credential field as follows:
and after determining the configured account credential field according to the intersection of the set of the first account credential field and the set of the second account credential field, associating the account credential field with an account credential field obtained by analysis in login traffic, and further discovering the account field obtained by analysis in the login traffic.
6. The account number resolution method according to any one of claims 1 to 5, wherein the application data is acquired by:
receiving application data mirrored from the switch, the application data including login data and information returned by the application server according to the user request.
7. An account number resolving device based on an application data security gateway is used for account number discovery and extraction associated with sensitive data, and comprises the following components:
the application data analysis module is used for analyzing the application data, determining login flow and identifying the flow with sensitive information;
the account certificate field determining module is used for determining an account certificate field based on the login flow and the flow common field with the sensitive information;
and the account field confirmation module is used for determining the account field through the login flow and the account certificate field.
8. The account resolution device of claim 7, wherein the account credential field determination module comprises:
the first set acquisition unit is used for analyzing the flow with the sensitive information to acquire a first account certificate field set;
the second set acquisition unit is used for analyzing the login flow to acquire an account field set and a second account certificate field set;
and the account credential field confirmation unit is used for determining the configured account credential field according to the intersection of the set of the first account credential field and the set of the second account credential field.
9. The account resolution device according to claim 8, wherein the resolving the traffic with the sensitive information obtains a first set of account credential fields as:
and recommending possible account number certificate fields in the traffic with the sensitive information based on the pre-stored account number certificate fields to form a first account number certificate field set.
10. The account resolution device of claim 9, wherein the parsing the login traffic obtains a set of account fields and a set of second account credential fields as:
recommending possible account number fields in the login flow based on prestored account number certificate fields to form an account number field set; and
and recommending possible account number certificate fields in the login flow based on the pre-stored account number certificate fields to form a second account number certificate field set.
11. The account resolution device according to claim 10, wherein the account field is determined by the login traffic and the account credential field as:
and after determining the configured account credential field according to the intersection of the set of the first account credential field and the set of the second account credential field, associating the account credential field with an account credential field obtained by analysis in login traffic, and further discovering the account field obtained by analysis in the login traffic.
12. The account number resolution device according to any one of claims 7 to 11, wherein the sensitive information is obtained by:
receiving application data mirrored from the switch, the application data including login data and information returned by the application server according to the user request.
13. A security gateway, comprising:
at least one processing device; and the number of the first and second groups,
a memory communicatively coupled to the at least one processing device; wherein,
the memory stores instructions executable by the at least one processing device to enable the at least one processing device to perform the account resolution method based on the application data security gateway of any of the preceding claims 1 to 6.
14. An application data gateway system, comprising:
the data processing system comprises an application data request end and a data center;
the data center comprises a switch, a security gateway and a plurality of application servers;
the application data request terminal is connected with the application server through a switch;
the security gateway is used for mirroring application data from the switch and comprises at least one processing device and a memory which is in communication connection with the at least one processing device; wherein,
the memory stores instructions executable by the at least one processing device to enable the at least one processing device to perform the account resolution method based on the application data security gateway of claims 1 to 6.
15. A non-transitory computer readable storage medium storing computer instructions for enabling the at least one processing device to perform the account resolution method based on an application data security gateway of any one of the preceding claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910687178.0A CN110636038A (en) | 2019-07-29 | 2019-07-29 | Account number analysis method, account number analysis device, security gateway and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910687178.0A CN110636038A (en) | 2019-07-29 | 2019-07-29 | Account number analysis method, account number analysis device, security gateway and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110636038A true CN110636038A (en) | 2019-12-31 |
Family
ID=68969588
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910687178.0A Pending CN110636038A (en) | 2019-07-29 | 2019-07-29 | Account number analysis method, account number analysis device, security gateway and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110636038A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111291353A (en) * | 2020-02-05 | 2020-06-16 | 深信服科技股份有限公司 | Account number association method and device and computer storage medium |
| CN112287318A (en) * | 2020-10-29 | 2021-01-29 | 平安科技(深圳)有限公司 | Cross-application program login method, device, equipment and medium |
| CN115086052A (en) * | 2022-06-23 | 2022-09-20 | 全知科技(杭州)有限责任公司 | Method for automatically analyzing account based on HTTP traffic |
| CN115664866A (en) * | 2022-12-27 | 2023-01-31 | 深圳红途科技有限公司 | Access account identification method and device, computer equipment and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103546462A (en) * | 2013-10-08 | 2014-01-29 | 任少华 | Third party certification system with specific associated processes or third party certification method |
| CN104780175A (en) * | 2015-04-24 | 2015-07-15 | 广东电网有限责任公司信息中心 | Hierarchical classification access authorization management method based on roles |
| US20160283737A1 (en) * | 2015-03-24 | 2016-09-29 | Tata Consultancy Services Limited | System and method enabling multiparty and multi level authorizations for accessing confidential information |
| CN109766719A (en) * | 2018-12-28 | 2019-05-17 | 微梦创科网络科技(中国)有限公司 | A kind of sensitive information detection method, device and electronic equipment |
| CN110035087A (en) * | 2019-04-24 | 2019-07-19 | 全知科技(杭州)有限责任公司 | A kind of method, apparatus, equipment and storage medium from flow reduction account information |
-
2019
- 2019-07-29 CN CN201910687178.0A patent/CN110636038A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103546462A (en) * | 2013-10-08 | 2014-01-29 | 任少华 | Third party certification system with specific associated processes or third party certification method |
| US20160283737A1 (en) * | 2015-03-24 | 2016-09-29 | Tata Consultancy Services Limited | System and method enabling multiparty and multi level authorizations for accessing confidential information |
| CN104780175A (en) * | 2015-04-24 | 2015-07-15 | 广东电网有限责任公司信息中心 | Hierarchical classification access authorization management method based on roles |
| CN109766719A (en) * | 2018-12-28 | 2019-05-17 | 微梦创科网络科技(中国)有限公司 | A kind of sensitive information detection method, device and electronic equipment |
| CN110035087A (en) * | 2019-04-24 | 2019-07-19 | 全知科技(杭州)有限责任公司 | A kind of method, apparatus, equipment and storage medium from flow reduction account information |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111291353A (en) * | 2020-02-05 | 2020-06-16 | 深信服科技股份有限公司 | Account number association method and device and computer storage medium |
| CN111291353B (en) * | 2020-02-05 | 2023-03-21 | 深信服科技股份有限公司 | Account number association method and device and computer storage medium |
| CN112287318A (en) * | 2020-10-29 | 2021-01-29 | 平安科技(深圳)有限公司 | Cross-application program login method, device, equipment and medium |
| CN112287318B (en) * | 2020-10-29 | 2024-07-02 | 平安科技(深圳)有限公司 | Cross-application login method, device, equipment and medium |
| CN115086052A (en) * | 2022-06-23 | 2022-09-20 | 全知科技(杭州)有限责任公司 | Method for automatically analyzing account based on HTTP traffic |
| CN115086052B (en) * | 2022-06-23 | 2023-07-18 | 全知科技(杭州)有限责任公司 | Method for automatically analyzing account based on HTTP (hyper text transport protocol) traffic |
| CN115664866A (en) * | 2022-12-27 | 2023-01-31 | 深圳红途科技有限公司 | Access account identification method and device, computer equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110855676B (en) | Network attack processing method and device and storage medium | |
| CN110636038A (en) | Account number analysis method, account number analysis device, security gateway and system | |
| CN112468520B (en) | Data detection method, device and equipment and readable storage medium | |
| US11671448B2 (en) | Phishing detection using uniform resource locators | |
| EP3178011B1 (en) | Method and system for facilitating terminal identifiers | |
| US12021894B2 (en) | Phishing detection based on modeling of web page content | |
| US9934310B2 (en) | Determining repeat website users via browser uniqueness tracking | |
| US8407766B1 (en) | Method and apparatus for monitoring sensitive data on a computer network | |
| CN110661776B (en) | Sensitive data tracing method, device, security gateway and system | |
| CN103685307A (en) | Method, system, client and server for detecting phishing fraud webpage based on feature library | |
| US9756034B2 (en) | Law enforcement agency portal | |
| CN111404937B (en) | Method and device for detecting server vulnerability | |
| US12072946B2 (en) | Optimizing scraping requests through browsing profiles | |
| US20210203691A1 (en) | Malware and phishing detection and mediation platform | |
| CN111355730A (en) | Platform login method, device, equipment and computer readable storage medium | |
| CN112231686A (en) | System security authentication method and device based on security authentication identifier | |
| Wang et al. | A framework for formal analysis of privacy on SSO protocols | |
| CN109302381B (en) | Radius attribute extension method, device, electronic equipment and computer readable medium | |
| WO2021133592A1 (en) | Malware and phishing detection and mediation platform | |
| US10623396B2 (en) | System and method for controlling system | |
| CN114024688B (en) | Network request method, network authentication method, terminal equipment and server | |
| US11438375B2 (en) | Method and system for preventing medium access control (MAC) spoofing attacks in a communication network | |
| CN116367101B (en) | User authority management method and device | |
| CN114268472B (en) | User authentication method and system of application system based on block chain | |
| CN115150122A (en) | Data processing method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20191231 |
|
| RJ01 | Rejection of invention patent application after publication |