CN110765483A - Configured log desensitization method and device and electronic equipment - Google Patents
Configured log desensitization method and device and electronic equipment Download PDFInfo
- Publication number
- CN110765483A CN110765483A CN201910930710.7A CN201910930710A CN110765483A CN 110765483 A CN110765483 A CN 110765483A CN 201910930710 A CN201910930710 A CN 201910930710A CN 110765483 A CN110765483 A CN 110765483A
- Authority
- CN
- China
- Prior art keywords
- data
- log
- desensitization
- desensitized
- sensitive
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000586 desensitisation Methods 0.000 title claims abstract description 86
- 238000000034 method Methods 0.000 title claims abstract description 40
- 238000001514 detection method Methods 0.000 claims abstract description 25
- 238000004891 communication Methods 0.000 claims description 14
- 238000007781 pre-processing Methods 0.000 claims description 6
- 238000010276 construction Methods 0.000 claims description 4
- 230000008569 process Effects 0.000 claims description 2
- 238000010586 diagram Methods 0.000 description 10
- 238000004590 computer program Methods 0.000 description 7
- 230000000873 masking effect Effects 0.000 description 4
- 230000003287 optical effect Effects 0.000 description 4
- 230000008707 rearrangement Effects 0.000 description 4
- 238000007418 data mining Methods 0.000 description 2
- 239000013307 optical fiber Substances 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000004140 cleaning Methods 0.000 description 1
- 230000000295 complement effect Effects 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000013501 data transformation Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005111 flow chemistry technique Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000005065 mining Methods 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 238000007639 printing Methods 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 230000003252 repetitive effect Effects 0.000 description 1
- 231100000279 safety data Toxicity 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
Landscapes
- Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Databases & Information Systems (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Medical Informatics (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention discloses a configured log desensitization method, a configured log desensitization device, electronic equipment and a computer readable medium, wherein the method comprises the following steps: acquiring and standardizing log data; constructing a sensitive data filter, wherein the sensitive data filter comprises at least one configurable sensitive data detecting component; detecting the log data of the standardized processing by using the sensitive data filter to determine data to be desensitized; setting a data desensitization rule; and desensitizing the data to be desensitized based on the data desensitizing rule. The invention can realize desensitization to the appointed desensitization object and field by constructing the sensitive data filter and configuring the sensitive data detection component, and has simple and flexible operation.
Description
Technical Field
The invention relates to the field of computer information processing, in particular to a configured log desensitization method, a configured log desensitization device, electronic equipment and a computer readable medium.
Background
A large number of system logs exist in a business system of a financial platform, and if desensitization processing is not carried out on log data when the log data are formatted, sensitive information of a user can be leaked. In the prior art, when a developer carries out desensitization treatment, the developer needs to position the existing project codes one by one aiming at sensitive fields and correspondingly modify the codes greatly, so that the efficiency is low and the specification is not sufficient. If the user cares a little carelessly, the user information can be leaked. The processing techniques for desensitizing log data are not yet mature for desensitization objects and fields specified by the unified configuration.
Disclosure of Invention
The invention aims to solve the technical problem of how to desensitize log data by configuring desensitization objects and fields, thereby improving desensitization accuracy and efficiency.
One aspect of the present invention provides a configured log desensitization method, comprising: acquiring and standardizing log data; constructing a sensitive data filter, wherein the sensitive data filter comprises at least one configurable sensitive data detecting component; detecting the log data of the standardized processing by using the sensitive data filter to determine data to be desensitized; setting a data desensitization rule; and desensitizing the data to be desensitized based on the data desensitizing rule.
According to a preferred embodiment of the present invention, the normalizing the processed log data further includes: and preprocessing the log data to form data with uniform format, type and structure.
According to a preferred embodiment of the present invention, the at least one sensitive data detecting element is adapted to detect different kinds of data to be desensitized.
According to a preferred embodiment of the present invention, further comprising: and configuring the sensitive data detection component according to the type of the data to be desensitized.
According to a preferred embodiment of the present invention, the sensitive data detection component may be a value filter.
According to a preferred embodiment of the invention, the kind of data to be desensitized may comprise user private data, data related to user security, business sensitive data.
According to a preferred embodiment of the present invention, the data to be desensitized may specifically include: at least one of communication number, bank card number, identification number, user name, account password and IP address.
According to a preferred embodiment of the present invention, the setting of the data desensitization rule further includes: setting a desensitization mode of data to be desensitized; and setting a data format after desensitization of the data to be desensitized is completed.
According to a preferred embodiment of the present invention, the desensitization mode may specifically include: at least one of data replacement, data rearrangement, data encryption, data truncation, data masking, and data offset.
A second aspect of the present invention provides a configured log desensitization apparatus, comprising:
the log data processing module is used for acquiring and standardizing log data;
a filter construction module for constructing a sensitive data filter, the sensitive data filter comprising at least one configurable sensitive data detection component;
a data to be desensitized determining module, configured to detect the normalized log data using the sensitive data filter to determine data to be desensitized;
the desensitization rule setting module is used for setting a data desensitization rule;
and the desensitization processing module is used for desensitizing the data to be desensitized based on the data desensitization rule.
According to a preferred embodiment of the present invention, the normalizing the processed log data further includes:
and preprocessing the log data to form data with uniform format, type and structure.
According to a preferred embodiment of the present invention, the at least one sensitive data detecting element is adapted to detect different kinds of data to be desensitized.
According to a preferred embodiment of the present invention, further comprising: and the detection component configuration module is used for configuring the sensitive data detection component according to the type of the data to be desensitized.
According to a preferred embodiment of the present invention, the sensitive data detection component may be a value filter.
According to a preferred embodiment of the invention, the kind of data to be desensitized may comprise user private data, data related to user security, business sensitive data.
According to a preferred embodiment of the present invention, the data to be desensitized may specifically include: at least one of communication number, bank card number, identification number, user name, account password and IP address.
According to a preferred embodiment of the present invention, the desensitization rule setting module further includes: a desensitization mode setting unit for setting a desensitization mode of data to be desensitized; the data format setting unit sets the data format of the desensitized data after desensitization is completed.
According to a preferred embodiment of the present invention, the desensitization mode may specifically include: at least one of data replacement, data rearrangement, data encryption, data truncation, data masking, and data offset.
A third aspect of the present invention provides an electronic apparatus, wherein the electronic apparatus comprises: a processor; and the number of the first and second groups,
a memory storing computer executable instructions that, when executed, cause the processor to perform any of the methods.
A fourth aspect of the invention provides a computer readable storage medium, wherein the computer readable storage medium stores one or more programs which, when executed by a processor, implement any of the methods.
The technical scheme of the invention has the following beneficial effects:
the desensitization method realizes desensitization on the specified desensitization object and field by constructing the sensitive data filter and configuring the sensitive data detection component, is simple to operate, and flexibly improves the desensitization accuracy and efficiency.
Drawings
In order to make the technical problems solved by the present invention, the technical means adopted and the technical effects obtained more clear, the following will describe in detail the embodiments of the present invention with reference to the accompanying drawings. It should be noted, however, that the drawings described below are only drawings of exemplary embodiments of the invention, from which other embodiments can be derived by those skilled in the art without inventive step.
FIG. 1 is a schematic flow diagram of a configured log desensitization method of the present invention;
FIG. 2 is a schematic diagram illustrating a method for desensitizing a configured log according to an embodiment of the invention, wherein sensitive data detecting elements are configured according to data types to be desensitized;
FIG. 3 is a schematic diagram of a configured log desensitization device module architecture of the present invention;
FIG. 4 is a block diagram of a configurable log-desensitized electronic device architecture of the present invention;
FIG. 5 is a schematic diagram of a computer-readable storage medium of the present invention.
Detailed Description
Exemplary embodiments of the present invention will now be described more fully with reference to the accompanying drawings. The exemplary embodiments, however, may be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. Rather, these exemplary embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of the invention to those skilled in the art. The same reference numerals denote the same or similar elements, components, or parts in the drawings, and thus their repetitive description will be omitted.
Features, structures, characteristics or other details described in a particular embodiment do not preclude the fact that the features, structures, characteristics or other details may be combined in a suitable manner in one or more other embodiments in accordance with the technical idea of the invention.
In describing particular embodiments, the present invention has been described with reference to features, structures, characteristics or other details that are within the purview of one skilled in the art to provide a thorough understanding of the embodiments. One skilled in the relevant art will recognize, however, that the invention may be practiced without one or more of the specific features, structures, characteristics, or other details.
The flow charts shown in the drawings are merely illustrative and do not necessarily include all of the contents and operations/steps, nor do they necessarily have to be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the actual execution sequence may be changed according to the actual situation.
The block diagrams shown in the figures are functional entities only and do not necessarily correspond to physically separate entities. I.e. these functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor means and/or microcontroller means.
It will be understood that, although the terms first, second, third, etc. may be used herein to describe various elements, components, or sections, these terms should not be construed as limiting. These phrases are used to distinguish one from another. For example, a first device may also be referred to as a second device without departing from the spirit of the present invention.
The term "and/or" and/or "includes any and all combinations of one or more of the associated listed items.
A large number of system logs exist in a business system of the financial platform, and log information can be printed through a printing component. But user sensitive information may be included in the log information. Therefore, when the log information is printed, desensitization processing is required for user sensitive information in the log.
Developers usually need to rewrite the information factory, which applies the log frame log4j2, when desensitizing user sensitive information. The problems of the solution idea are as follows: the method comprises the steps of firstly, positioning existing project codes one by one aiming at sensitive fields, checking sensitive information of users one by one, and correspondingly modifying the codes greatly, so that the efficiency is low, the labor is wasted, and the specifications are not sufficient; secondly, the sensitive information of the user is not eradicated well, and if the sensitive information is written carelessly, the sensitive information of the user is partially leaked.
The solution idea of the invention is as follows: the information factory of the application log framework log4j2 is extended instead of the overwrite information factory. When the log template formats data, an information factory MessageFactory applying a log frame log4j2 is expanded, a sensitive data filter is constructed, and a sensitive data detection component is configured to realize desensitization on a specified desensitization object and field. The invention can avoid the problem of checking the sensitive information of the users one by one, but carries out uniform and standard configuration on the sensitive information of the users needing desensitization through the sensitive data filter, has simple and flexible operation, and improves the desensitization accuracy and efficiency.
FIG. 1 is a schematic flow diagram of a configured log desensitization method of the present invention; as shown in FIG. 1, the configured log desensitization method of the present invention comprises:
s101: log data is acquired and processed in a standardized manner.
And the developer acquires the log data through the log collection component. For example: log4net of net platform, supporting multiple storage modes (file, database), multiple formats, multiple log splitting modes. Log4j, slf4j and logback of the mainstream of the java platform.
slf4j is a specification, standard and interface made for all log frameworks, and is not a specific implementation of a framework, because the interface cannot be used independently and needs to be used with a specific log framework implementation, wherein the log framework implementation comprises log4j and logback.
log4j is an open source log component of apache implementation, logback is also designed by the author of log4j, has better characteristics, replaces a log framework of log4j, and is a native implementation of slf4 j.
Log4j2 is an improved version of Log4 j. x and logback, so that Log throughput and performance are improved by 10 times compared with Log4 j. x, some deadlocked bugs are solved, and configuration is simpler and more flexible.
After the log data are obtained, the log data are subjected to standardization processing.
Wherein, standardizing the processed log data further comprises: and preprocessing the log data to form data with uniform format, type and structure.
Specifically, the service system of the financial platform has many log data sources, and the log data acquired from each data source is dirty data and cannot be used for subsequent data analysis. After preprocessing such as data cleaning, data integration, data transformation and data reduction is carried out on the log data, the format, the type and the structure of the log data are unified, and meanwhile, desensitization objects and fields can be conveniently extracted in the subsequent data mining process, so that the quality of a data mining mode is greatly improved, and the time required by actual mining is reduced.
S102: constructing a sensitive data filter, wherein the sensitive data filter comprises at least one configurable sensitive data detecting component.
In view of the fact that data to be desensitized in log data need to be checked one by one in the prior art, manpower is wasted. The invention carries out uniform configuration on the data to be desensitized by constructing a sensitive data filter.
The kind of data to be desensitized may include user privacy data, data related to user security, business sensitive data.
FIG. 2 is a schematic diagram illustrating a method for desensitizing a configured log according to an embodiment of the invention, wherein sensitive data detecting elements are configured according to data types to be desensitized; as shown in FIG. 2, the sensitive data detection elements are configured according to the type of data to be desensitized.
For example, if the data to be desensitized includes user privacy data, configuring a sensitive data detection component for the user privacy data; as another example, to increase desensitization to business sensitive data as required, sensitive data detection components are added for business sensitive data.
After the sensitive data detecting component is configured, the sensitive data detecting component can be used for detecting different types of data to be desensitized.
After the type of desensitized data and the sensitive data detection components are determined, a sensitive data filter is constructed by encapsulating at least one sensitive data detection component.
The sensitive data filter is provided with a desensitization switch, a time consuming switch, and specifies a log maximum length. The sensitive data filter can be desensitized to log template keywords or log parameter object keywords.
The sensitive data filter of the invention is provided with a facede interface. The Facade interface is an abstraction layer concept because the Log frameworks Log4j, logback, Log4j2 are not convenient to migrate for different Java programs. By matching the Facade interface with the log frame and performing log recording, when the frame is replaced, only a small part of parameters of the Facade can be modified, and the frame can be directly replaced.
The sensitive data detection component may be a value filter.
S103: and detecting the log data of the standardized processing by using the sensitive data filter to determine data to be desensitized.
The data to be desensitized may specifically include: at least one of communication number, bank card number, identification number, user name, account password and IP address.
As an example, after detecting the log data of the standardized processing, the sensitive data filter determines that the data to be desensitized is the user communication number mobile.
The value filter is implemented as follows:
in the prior art, when a technician desensitizes a user communication number mobile, the technician locates the code and then modifies a large number of codes related to the user communication number mobile under different modules.
However, with the method of the present invention, the technician only needs to change the component for the user communication number mobile in the value filter, and the technician does not need to go to each module to modify the code.
As can be seen from the above codes, the technician can flexibly and conveniently specify the object or field to be desensitized through the value filter.
S104: a data desensitization rule is set.
Wherein the setting of the data desensitization rule further comprises: setting a desensitization mode of data to be desensitized; and setting a data format after desensitization of the data to be desensitized is completed.
Wherein, the desensitization mode specifically comprises the following steps: at least one of data replacement, data rearrangement, data encryption, data truncation, data masking, and data offset.
The data format after desensitization is completed may specifically include: a uniform symbol or text representation, etc.
Specifically, sensitive information such as the user identification number and the communication number may be unified into a symbolic representation such as an asterisk or a well #, for example, by data replacement.
S105: and desensitizing the data to be desensitized based on the data desensitizing rule.
As an example, the desensitization mode to the user communication number mobile is still selected, and as can be seen from the above codes, the desensitization mode to the user communication number mobile is data replacement, and the data format after the user communication number mobile completes desensitization is asterisk.
The desensitization method realizes desensitization on the specified desensitization object and field by constructing the sensitive data filter and configuring the sensitive data detection component, is simple to operate, and flexibly improves the desensitization accuracy and efficiency.
Those skilled in the art will appreciate that all or part of the steps to implement the above-described embodiments are implemented as programs (computer programs) executed by a computer data processing apparatus. When the computer program is executed, the method provided by the invention can be realized. Furthermore, the computer program may be stored in a computer readable storage medium, which may be a readable storage medium such as a magnetic disk, an optical disk, a ROM, a RAM, or a storage array composed of a plurality of storage media, such as a magnetic disk or a magnetic tape storage array. The storage medium is not limited to centralized storage, but may be distributed storage, such as cloud storage based on cloud computing.
Embodiments of the apparatus of the present invention are described below, which may be used to perform method embodiments of the present invention. The details described in the device embodiments of the invention should be regarded as complementary to the above-described method embodiments; reference is made to the above-described method embodiments for details not disclosed in the apparatus embodiments of the invention.
Those skilled in the art will appreciate that the modules in the above-described embodiments of the apparatus may be distributed as described in the apparatus, and may be correspondingly modified and distributed in one or more apparatuses other than the above-described embodiments. The modules of the above embodiments may be combined into one module, or further split into multiple sub-modules.
FIG. 3 is a schematic diagram of a configured log desensitization device module architecture of the present invention; as shown in FIG. 3, the configured log desensitization device 300 of the present invention includes: the system comprises a log data processing module 301, a filter construction module 302, a data to be desensitized determination module 303, a desensitization rule setting module 304 and a desensitization processing module 305.
And the log data processing module is used for acquiring and standardizing the log data.
The filter construction module is used for constructing a sensitive data filter, and the sensitive data filter comprises at least one configurable sensitive data detection component.
And the data to be desensitized determining module is used for detecting the log data subjected to the standardized processing by using the sensitive data filter so as to determine the data to be desensitized.
And the desensitization rule setting module is used for setting a data desensitization rule.
And the desensitization processing module is used for desensitizing the data to be desensitized based on the data desensitization rule.
Wherein the normalizing the processed log data further comprises: and preprocessing the log data to form data with uniform format, type and structure.
The at least one sensitive data detection component is used for detecting different types of data to be desensitized.
The configured log desensitization device of the invention also comprises: and the detection component configuration module is used for configuring the sensitive data detection component according to the type of the data to be desensitized.
In the collocated log desensitization device of the present invention, the sensitive data detection component can be a value filter.
The configured log desensitization device can comprise user privacy data, user safety data and business sensitive data.
The configured log desensitization device of the invention, the data to be desensitized, may specifically include: at least one of communication number, bank card number, identification number, user name, account password and IP address.
The configured log desensitization device of the invention, the desensitization rule setting module, further comprises: a desensitization mode setting unit for setting a desensitization mode of data to be desensitized; the data format setting unit sets the data format of the desensitized data after desensitization is completed.
The desensitization mode of the configured log desensitization device can specifically comprise the following steps: at least one of data replacement, data rearrangement, data encryption, data truncation, data masking, and data offset.
In the following, embodiments of the electronic device of the present invention are described, which may be regarded as specific physical implementations for the above-described embodiments of the method and apparatus of the present invention. Details described in the embodiments of the electronic device of the invention should be considered supplementary to the embodiments of the method or apparatus described above; for details which are not disclosed in embodiments of the electronic device of the invention, reference may be made to the above-described embodiments of the method or the apparatus.
FIG. 4 is a block diagram of the configurable log-desensitized electronic device architecture of the present invention. An electronic device 400 according to this embodiment of the invention is described below with reference to fig. 4. The electronic device 400 shown in fig. 4 is only an example and should not bring any limitation to the function and the scope of use of the embodiments of the present invention.
As shown in fig. 4, electronic device 400 is embodied in the form of a general purpose computing device. The components of electronic device 400 may include, but are not limited to: at least one processing unit 410, at least one memory unit 420, a bus 430 that connects the various system components (including the memory unit 420 and the processing unit 410), a display unit 440, and the like.
Wherein the storage unit stores program code executable by the processing unit 410 to cause the processing unit 410 to perform the steps according to various exemplary embodiments of the present invention described in the above-mentioned electronic prescription flow processing method section of the present specification. For example, the processing unit 410 may perform the steps as shown in fig. 1.
The storage unit 420 may include readable media in the form of volatile storage units, such as a random access memory unit (RAM)4201 and/or a cache memory unit 4202, and may further include a read only memory unit (ROM) 4203.
The storage unit 420 may also include a program/utility 4204 having a set (at least one) of program modules 4205, such program modules 4205 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each of which, or some combination thereof, may comprise an implementation of a network environment.
Bus 430 may be any bus representing one or more of several types of bus structures, including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processing unit, or a local bus using any of a variety of bus architectures.
The electronic device 400 may also communicate with one or more external devices 500 (e.g., keyboard, pointing device, bluetooth device, etc.), with one or more devices that enable a user to interact with the electronic device 400, and/or with any devices (e.g., router, modem, etc.) that enable the electronic device 400 to communicate with one or more other computing devices. Such communication may occur via input/output (I/O) interfaces 450. Also, the electronic device 400 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the internet) via the network adapter 460. The network adapter 460 may communicate with other modules of the electronic device 400 via the bus 430. It should be appreciated that although not shown in the figures, other hardware and/or software modules may be used in conjunction with electronic device 400, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments of the present invention described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiment of the present invention can be embodied in the form of a software product, which can be stored in a computer-readable storage medium (which can be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to make a computing device (which can be a personal computer, a server, or a network device, etc.) execute the above-mentioned method according to the present invention. The computer program, when executed by a data processing apparatus, enables the computer readable medium to implement the above-described method of the invention, namely: acquiring and standardizing log data; constructing a sensitive data filter, wherein the sensitive data filter comprises at least one configurable sensitive data detecting component; detecting the log data of the standardized processing by using the sensitive data filter to determine data to be desensitized; setting a data desensitization rule; and desensitizing the data to be desensitized based on the data desensitizing rule.
The computer program may be stored on one or more computer readable media, as shown in FIG. … …. The computer readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The computer readable storage medium may include a propagated data signal with readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A readable storage medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a readable storage medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).
In summary, the invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art will appreciate that some or all of the functionality of some or all of the components in embodiments in accordance with the invention may be implemented in practice using a general purpose data processing device such as a microprocessor or a Digital Signal Processor (DSP). The present invention may also be embodied as apparatus or device programs (e.g., computer programs and computer program products) for performing a portion or all of the methods described herein. Such programs implementing the present invention may be stored on computer-readable media or may be in the form of one or more signals. Such a signal may be downloaded from an internet website or provided on a carrier signal or in any other form.
While the foregoing embodiments have described the objects, aspects and advantages of the present invention in further detail, it should be understood that the present invention is not inherently related to any particular computer, virtual machine or electronic device, and various general-purpose machines may be used to implement the present invention. The invention is not to be considered as limited to the specific embodiments thereof, but is to be understood as being modified in all respects, all changes and equivalents that come within the spirit and scope of the invention.
Claims (10)
1. A method of configurable log desensitization, comprising:
acquiring and standardizing log data;
constructing a sensitive data filter, wherein the sensitive data filter comprises at least one configurable sensitive data detecting component;
detecting the log data of the standardized processing by using the sensitive data filter to determine data to be desensitized;
setting a data desensitization rule;
and desensitizing the data to be desensitized based on the data desensitizing rule.
2. The method of claim 1, wherein the normalizing processes log data, further comprising:
and preprocessing the log data to form data with uniform format, type and structure.
3. The method of any of claims 1-2, wherein the at least one sensitive data detection element is configured to detect different types of data to be desensitized.
4. The method of any one of claims 1-3, further comprising:
and configuring the sensitive data detection component according to the type of the data to be desensitized.
5. The method of any one of claims 1-4, wherein the sensitive data detection component is a value filter.
6. The method of any one of claims 1-5, wherein the categories of data to be desensitized may include user private data, data related to user security, business sensitive data.
7. The method according to any one of claims 1 to 6, wherein the data to be desensitized may include: at least one of communication number, bank card number, identification number, user name, account password and IP address.
8. A configured log desensitization apparatus, comprising:
the log data processing module is used for acquiring and standardizing log data;
a filter construction module for constructing a sensitive data filter, the sensitive data filter comprising at least one configurable sensitive data detection component;
a data to be desensitized determining module, configured to detect the normalized log data using the sensitive data filter to determine data to be desensitized;
the desensitization rule setting module is used for setting a data desensitization rule;
and the desensitization processing module is used for desensitizing the data to be desensitized based on the data desensitization rule.
9. An electronic device, wherein the electronic device comprises:
a processor; and the number of the first and second groups,
a memory storing computer-executable instructions that, when executed, cause the processor to perform the method of any of claims 1-7.
10. A computer readable storage medium, wherein the computer readable storage medium stores one or more programs which, when executed by a processor, implement the method of any of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910930710.7A CN110765483A (en) | 2019-09-29 | 2019-09-29 | Configured log desensitization method and device and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910930710.7A CN110765483A (en) | 2019-09-29 | 2019-09-29 | Configured log desensitization method and device and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110765483A true CN110765483A (en) | 2020-02-07 |
Family
ID=69330726
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910930710.7A Pending CN110765483A (en) | 2019-09-29 | 2019-09-29 | Configured log desensitization method and device and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110765483A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111881471A (en) * | 2020-07-21 | 2020-11-03 | 中国工商银行股份有限公司 | Non-intrusive log data desensitization method, device and system |
| CN112000982A (en) * | 2020-07-31 | 2020-11-27 | 青岛海尔科技有限公司 | Method and device for processing user application data |
| CN112784308A (en) * | 2021-02-18 | 2021-05-11 | 杭州天谷信息科技有限公司 | Sensitive log desensitization device and method based on java software system |
| CN114707180A (en) * | 2022-03-31 | 2022-07-05 | 马上消费金融股份有限公司 | Log desensitization method and device |
| WO2023015670A1 (en) * | 2021-08-12 | 2023-02-16 | 广东艾檬电子科技有限公司 | Method and apparatus for desensitizing log content, device and medium |
| CN116662218A (en) * | 2023-08-01 | 2023-08-29 | 北京德塔精要信息技术有限公司 | Method and device for collecting and processing logs in real time |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108829789A (en) * | 2018-06-01 | 2018-11-16 | 平安普惠企业管理有限公司 | Log processing method, device, computer equipment and storage medium |
| CN109190405A (en) * | 2018-09-03 | 2019-01-11 | 佛山科学技术学院 | A kind of government affairs big data desensitization process method and device |
| CN109558746A (en) * | 2018-11-06 | 2019-04-02 | 泰康保险集团股份有限公司 | Data desensitization method, device, electronic equipment and storage medium |
| CN109582861A (en) * | 2018-10-29 | 2019-04-05 | 复旦大学 | A kind of data-privacy information detecting system |
| CN110175465A (en) * | 2019-04-15 | 2019-08-27 | 深圳壹账通智能科技有限公司 | Log desensitization method, device, computer equipment and computer readable storage medium |
-
2019
- 2019-09-29 CN CN201910930710.7A patent/CN110765483A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108829789A (en) * | 2018-06-01 | 2018-11-16 | 平安普惠企业管理有限公司 | Log processing method, device, computer equipment and storage medium |
| CN109190405A (en) * | 2018-09-03 | 2019-01-11 | 佛山科学技术学院 | A kind of government affairs big data desensitization process method and device |
| CN109582861A (en) * | 2018-10-29 | 2019-04-05 | 复旦大学 | A kind of data-privacy information detecting system |
| CN109558746A (en) * | 2018-11-06 | 2019-04-02 | 泰康保险集团股份有限公司 | Data desensitization method, device, electronic equipment and storage medium |
| CN110175465A (en) * | 2019-04-15 | 2019-08-27 | 深圳壹账通智能科技有限公司 | Log desensitization method, device, computer equipment and computer readable storage medium |
Non-Patent Citations (2)
| Title |
|---|
| 梦相随1006: "log4j日志脱敏处理+java properties文件加载", 《HTTPS://WWW.CNBLOGS.COM/XIN1006/P/6172140.HTML》 * |
| 禅兜: "fastjson的值过滤器valuefilter", 《HTTPS://WWW.JIANSHU.COM/P/CBDA2306804C》 * |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111881471A (en) * | 2020-07-21 | 2020-11-03 | 中国工商银行股份有限公司 | Non-intrusive log data desensitization method, device and system |
| CN112000982A (en) * | 2020-07-31 | 2020-11-27 | 青岛海尔科技有限公司 | Method and device for processing user application data |
| CN112784308A (en) * | 2021-02-18 | 2021-05-11 | 杭州天谷信息科技有限公司 | Sensitive log desensitization device and method based on java software system |
| WO2023015670A1 (en) * | 2021-08-12 | 2023-02-16 | 广东艾檬电子科技有限公司 | Method and apparatus for desensitizing log content, device and medium |
| CN114707180A (en) * | 2022-03-31 | 2022-07-05 | 马上消费金融股份有限公司 | Log desensitization method and device |
| CN116662218A (en) * | 2023-08-01 | 2023-08-29 | 北京德塔精要信息技术有限公司 | Method and device for collecting and processing logs in real time |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11449379B2 (en) | Root cause and predictive analyses for technical issues of a computing environment | |
| CN110765483A (en) | Configured log desensitization method and device and electronic equipment | |
| US10248541B2 (en) | Extraction of problem diagnostic knowledge from test cases | |
| RU2586016C2 (en) | System for providing program analysis/verification service, method of controlling said system, computer-readable storage medium, device for program analysis/verification, device for controlling program analysis/verification means | |
| WO2019075390A1 (en) | Blackbox matching engine | |
| US20230418570A1 (en) | Constructing executable program code based on sequence codes | |
| CN109117368A (en) | A kind of interface test method, electronic equipment and storage medium | |
| US11178022B2 (en) | Evidence mining for compliance management | |
| US11354108B2 (en) | Assisting dependency migration | |
| US20210255853A1 (en) | Version control mechanisms augmented with semantic analysis for determining cause of software defects | |
| CN110347573B (en) | Application program analysis method, device, electronic equipment and computer readable medium | |
| CN114398673A (en) | Application compliance detection method and device, storage medium and electronic equipment | |
| CN113722758A (en) | Log desensitization method and device, computer equipment and storage medium | |
| AU2017276243B2 (en) | System And Method For Generating Service Operation Implementation | |
| CN114641771A (en) | Cluster security based on virtual machine content | |
| CN111580822A (en) | Internet of things equipment assembly version information extraction method based on VEX intermediate language | |
| US20190130021A1 (en) | Identifying parameter values in log entries | |
| US11308280B2 (en) | Capture and search of virtual machine application properties using log analysis techniques | |
| CN116974947A (en) | Component detection method and device, electronic equipment and storage medium | |
| CN109766260B (en) | Method, device, electronic equipment and storage medium for configuring test action | |
| WO2023151397A1 (en) | Application program deployment method and apparatus, device, and medium | |
| CN108885574B (en) | System for monitoring and reporting performance and correctness issues at design, compilation, and runtime | |
| US11709936B2 (en) | Automatic integrity vulnerability detection in an integrated development environment | |
| CN110674491B (en) | Method and device for real-time evidence obtaining of android application and electronic equipment | |
| RU2820191C2 (en) | Method of collecting and processing sensor information with edge analytics functions for cloud platform of internet of things |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200207 |