CN112115493B - Data leakage protection system based on data acquisition - Google Patents
Data leakage protection system based on data acquisition Download PDFInfo
- Publication number
- CN112115493B CN112115493B CN202010972286.5A CN202010972286A CN112115493B CN 112115493 B CN112115493 B CN 112115493B CN 202010972286 A CN202010972286 A CN 202010972286A CN 112115493 B CN112115493 B CN 112115493B
- Authority
- CN
- China
- Prior art keywords
- module
- file
- data
- port
- sensitive data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Virology (AREA)
- Medical Informatics (AREA)
- Databases & Information Systems (AREA)
- Computing Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a data acquisition-based data leakage protection system, which belongs to the technical field of big data management and comprises a sensitive data scanning unit, an intelligent encryption unit, a leakage prevention detection unit and a port management unit; the sensitive data scanning unit is used for scanning files containing sensitive data in a database; the intelligent encryption unit is used for encrypting files containing sensitive data; the anti-leakage detection unit is used for detecting a file containing sensitive data and preventing the file from leaking; the port management unit comprises a port control module for managing ports for accessing the database. Sensitive data scanning is carried out on the database, files with sensitive data are marked and encrypted, the encrypted files can effectively prevent data leakage, the marked files can be traced back to the operation port, and the port can be effectively prevented from being attacked by viruses through the management port, so that the data protection effect is improved.
Description
Technical Field
The invention relates to the technical field of big data management, in particular to a data leakage protection system based on data acquisition.
Background
Currently, the global big data industry is in active development period, technology evolution and application innovation are advanced in parallel and rapidly, novel data storage, calculation and analysis key technologies such as a non-relational database, distributed parallel calculation, machine learning and deep mining are developed and rapidly developed, big data mining and analysis begin to conduct and penetrate to the traditional first industry and the traditional second industry while creating business values and application values in the industries such as telecommunication, internet, finance, traffic and medical treatment, and big data gradually become national basic strategic resources and social basic production elements.
At the same time, big data security issues are gradually exposed. The big data becomes a key target of network attack due to the huge value of the big data and a centralized storage management mode, the problems of lasso attack and data leakage of the big data become serious day by day, and global big data security events are in a frequent situation. Correspondingly, the security requirement of big data has already urged the research and development and production of relevant security technology, solution and product, but compare with industry development, there is hysteresis, because the big data gives the characteristics of being by a large amount of data, and it is convenient to visit, therefore the data of keeping in the database reveals very easily, traditional data leak-proof mode generally adopts the mode to data encryption, but encrypted data will cause huge loss once cracked, and when the user visits the database through each port, the port also receives the attack easily, lead to revealing away from the data that the port visited, therefore traditional data leak-proof system protective effect is relatively poor.
Disclosure of Invention
The invention aims to solve the problems that the encrypted data of the data leakage prevention system is easy to crack, and the port is attacked to cause data leakage and loss, and provides a data leakage prevention system based on data acquisition.
The invention achieves the above purpose through the following technical scheme, a data leakage protection system based on data acquisition comprises a sensitive data scanning unit, an intelligent encryption unit, a leakage prevention detection unit and a port management unit;
the sensitive data scanning unit is used for scanning files containing sensitive data in a database;
the intelligent encryption unit is used for encrypting files containing sensitive data;
the leakage-proof detection unit is used for detecting a file containing sensitive data and preventing the file from leaking;
the port management unit comprises a port control module for managing ports for accessing the database.
Preferably, the intelligent encryption unit comprises a file encryption module and a file decryption module, the file encryption module is used for encrypting the file containing the sensitive data, and the file decryption module is used for decrypting the encrypted file.
Preferably, the intelligent encryption unit further comprises a user authentication module and a file destruction module, wherein the user authentication module is used for verifying user information for accessing the database, the file decryption module is started after the authentication is completed, the file destruction module is used for destroying files containing sensitive data, the file destruction module is started when the situation that the files in the database leave the database is detected.
Preferably, the anti-leakage detection unit includes a label deployment module and a monitoring and tracking module, the label deployment module is used for labeling the file containing the sensitive data, and the monitoring and tracking module is used for monitoring and operating the user port of the file containing the sensitive data.
Preferably, the port control module comprises a plug-in installation module, a network acquisition module, a virus killing module and an operation uploading module.
Preferably, the port control module is remotely installed on a port server connected with the database, the plug-in installation module is used for installing a control plug-in on the port server, the control plug-in comprises a login verification plug-in and a network card scanning plug-in, the network acquisition module and the virus searching and killing module are used for acquiring network flow data on the network card and searching and killing viruses on a network with bugs or viruses, and the operation uploading module is used for uploading an operation log on the port back to a background.
Compared with the prior art, the invention has the beneficial effects that: sensitive data scanning is carried out on a database, files with sensitive data are marked and encrypted, the encrypted files can effectively prevent data leakage, the marked files can be traced back to an operation port, and then the files are managed through a management port, so that the ports can be effectively prevented from being attacked by viruses, and the data protection effect is improved; the file encryption adopts an intelligent encryption mode, so that files containing sensitive data can be checked on line, once the files are downloaded or forwarded, the destruction function is automatically started, the files are prevented from being leaked in a large range, and the file storage safety is better.
Drawings
FIG. 1 is a schematic diagram of the overall system of the present invention.
Fig. 2 is a flowchart of an encryption method of an intelligent encryption unit according to the present invention.
FIG. 3 is a schematic diagram of the port control module of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without making any creative effort based on the embodiments in the present invention, belong to the protection scope of the present invention.
Referring to fig. 1, a data acquisition-based data leakage protection system includes a sensitive data scanning unit, an intelligent encryption unit, a leakage prevention detection unit, and a port management unit; the sensitive data scanning unit is used for scanning files containing sensitive data in the database, carrying out full or incremental scanning on data stored on a disk of the database at regular time, and identifying whether the scanned files contain the sensitive data or not by combining a content identification technology; the intelligent encryption unit is used for encrypting the file containing the sensitive data and not processing the file not containing the sensitive data; the anti-leakage detection unit is used for detecting the file containing the sensitive data to prevent the file from leaking and not processing the file not containing the sensitive data, so that the file containing the sensitive data in the database is encrypted and marked, the file can be effectively prevented from leaking out through encryption, and the subsequent tracking operation can be facilitated through marking; the port management unit comprises a port control module, the port control module is used for managing ports for accessing the database, the port management unit is used for managing port nodes for accessing the database, each port can be traced to the position of the port when looking at marked files containing sensitive data, and the port can be prevented from being attacked to cause data leakage by managing the port.
The intelligent encryption unit comprises a file encryption module and a file decryption module, the file encryption module is used for encrypting a file containing sensitive data, the encrypted file is decrypted by the file decryption module, the intelligent encryption unit further comprises a user authentication module and a file destroying module, the user authentication module is used for verifying user information of an access database, the file decryption module is started after authentication is completed, the file destroying module is used for destroying the file containing the sensitive data, the file destroying module is started after detecting that the file of the database leaves the database, as shown in figure 2, the file containing the sensitive data is encrypted, when the user accesses the encrypted file in the database, the user authentication module verifies the identity of the user, the user authentication module can also set an authentication authority level, the user accessing common files and accessing the encrypted file is divided, the situation that the user logging in the database is too much to manage the file is prevented, only the authenticated user can use the file decryption module to decrypt the encrypted file to check the sensitive data of the file, and the file module is used for detecting whether the user is online checking the file or downloading and forwarding the file, once the file is detected, the file is transferred and opened, the file is automatically destroyed to protect the file if the file, and the encrypted file can be deleted, and the file can be automatically deleted. Similarly, when a user edits a plaintext file normally, if corresponding sensitive information is added, the file can be automatically encrypted into a ciphertext file when being stored, so that the security of terminal data can be ensured, and the user experience is enhanced.
The anti-leakage detection unit comprises a mark deployment module and a monitoring and tracking module, the mark deployment module is used for marking files containing sensitive data, the monitoring and tracking module is used for monitoring and operating user ports of the files containing the sensitive data, the mark deployment module generates a database internal sensitive data distribution diagram through marks, and an automatic periodic incremental scanning strategy is configured, so that a user can be helped to master the distribution conditions of sensitive information inside an enterprise in real time, including file names, file types, storage paths, quantity and the like.
As shown in fig. 3, the port control module includes a plug-in installation module, a network acquisition module, a virus searching and killing module, and an operation uploading module, the port control module is remotely installed on a port server connected to the database, wherein the plug-in installation module is used to install the control plug-in on the port server, the control plug-in includes a login verification plug-in and a network card scanning plug-in, the network acquisition module and the virus searching and killing module are used to acquire network flow data on the network card and perform virus searching and killing on a network with bugs or viruses, the operation uploading module is used to upload operation logs on the port back to the background, when each port is connected to the database, the login verification plug-in and the network card scanning plug-in are installed in the port, when the tracking and monitoring module inside the leak-proof detection unit is positioned to an encrypted file that the port is accessing the database, the network acquisition module and the virus searching and killing module work together to scan and search and kill viruses on the network, thereby preventing the port from being attacked by viruses and causing leakage of the data file.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned.
Furthermore, it should be understood that although the present description refers to embodiments, not every embodiment may contain only a single embodiment, and such description is for clarity only, and those skilled in the art should integrate the description, and the embodiments may be combined as appropriate to form other embodiments understood by those skilled in the art.
Claims (3)
1. The utility model provides a protection system that data was revealed based on data acquisition which characterized in that: the system comprises a sensitive data scanning unit, an intelligent encryption unit, an anti-leakage detection unit and a port management unit;
the sensitive data scanning unit is used for scanning files containing sensitive data in a database;
the intelligent encryption unit is used for encrypting files containing sensitive data;
the leakage-proof detection unit is used for detecting a file containing sensitive data and preventing the file from leaking;
the port management unit comprises a port control module, and the port control module is used for managing ports for accessing the database;
the port control module comprises a plug-in mounting module, a network acquisition module, a virus searching and killing module and an operation uploading module;
the port control module is remotely installed on a port server which is connected with the database, wherein the plug-in installation module is used for installing a control plug-in on the port server, the control plug-in comprises a login verification plug-in and a network card scanning plug-in, the network acquisition module and the virus searching and killing module are used for acquiring network flow data on the network card and searching and killing viruses of networks with bugs or viruses, and the operation uploading module is used for uploading an operation log on the port back to a background;
the leakage-proof detection unit comprises a mark deployment module and a monitoring tracking module, wherein the mark deployment module is used for marking a file containing sensitive data, and the monitoring tracking module is used for monitoring and operating a user port of the file containing the sensitive data.
2. The system for protecting data leakage based on data acquisition according to claim 1, wherein: the intelligent encryption unit comprises a file encryption module and a file decryption module, the file encryption module is used for encrypting the file containing the sensitive data, and the file decryption module is used for decrypting the encrypted file.
3. The system for protecting data leakage based on data acquisition according to claim 2, wherein: the intelligent encryption unit further comprises a user authentication module and a file destroying module, wherein the user authentication module is used for verifying user information for accessing the database, the file decryption module is started after the authentication is completed, the file destroying module is used for destroying files containing sensitive data, and the file destroying module is started when the situation that the files in the database leave the database is detected.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010972286.5A CN112115493B (en) | 2020-09-16 | 2020-09-16 | Data leakage protection system based on data acquisition |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010972286.5A CN112115493B (en) | 2020-09-16 | 2020-09-16 | Data leakage protection system based on data acquisition |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112115493A CN112115493A (en) | 2020-12-22 |
| CN112115493B true CN112115493B (en) | 2022-11-18 |
Family
ID=73803204
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010972286.5A Active CN112115493B (en) | 2020-09-16 | 2020-09-16 | Data leakage protection system based on data acquisition |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112115493B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112733188B (en) * | 2021-01-13 | 2023-09-22 | 航天晨光股份有限公司 | Sensitive file management method |
Family Cites Families (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101098224B (en) * | 2006-06-28 | 2010-08-25 | 中色科技股份有限公司 | Method for encrypting/deciphering dynamically data file |
| JP5601840B2 (en) * | 2010-01-08 | 2014-10-08 | 株式会社日立ソリューションズ | Information leak prevention device to network |
| CN102004883B (en) * | 2010-12-03 | 2012-06-13 | 中国软件与技术服务股份有限公司 | Trace tracking method for electronic files |
| CN108521431A (en) * | 2018-04-25 | 2018-09-11 | 信阳师范学院 | A kind of information security of computer network system |
| CN109525558B (en) * | 2018-10-22 | 2022-02-22 | 深信服科技股份有限公司 | Data leakage detection method, system, device and storage medium |
| CN109492397A (en) * | 2018-11-15 | 2019-03-19 | 平顶山工业职业技术学院(平顶山煤矿技工学校) | A kind of computer information safe system |
| CN110049021A (en) * | 2019-03-27 | 2019-07-23 | 中国电力科学研究院有限公司 | Data of information system safety protecting method and system |
| CN111062055B (en) * | 2019-12-13 | 2021-12-24 | 江苏智谋科技有限公司 | Electronic file sensitive data leakage prevention system and method based on information security |
| CN111324900A (en) * | 2020-02-18 | 2020-06-23 | 上海迅软信息科技有限公司 | Anti-disclosure system for enterprise data security |
-
2020
- 2020-09-16 CN CN202010972286.5A patent/CN112115493B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN112115493A (en) | 2020-12-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Li et al. | Research on the architecture of trusted security system based on the internet of things | |
| CN102999732B (en) | Multi-stage domain protection method and system based on information security level identifiers | |
| CN103632080A (en) | Mobile data application safety protection system and mobile data application safety protection method based on USBKey | |
| CN103530570A (en) | Electronic document safety management system and method | |
| CN109308421B (en) | Information tamper-proofing method and device, server and computer storage medium | |
| CN102111267A (en) | Website safety protection method based on digital signature and system adopting same | |
| CN109976239A (en) | Industrial control system terminal security guard system | |
| CN103413088A (en) | Computer document operational safety audit system | |
| CN112115199A (en) | Data management system based on block chain technology | |
| CN107463839A (en) | A kind of system and method for managing application program | |
| CN111914300A (en) | Document encryption device and method for preventing file leakage | |
| CN114157457A (en) | Authority application and monitoring method for network data information security | |
| CN112115493B (en) | Data leakage protection system based on data acquisition | |
| CN113132318A (en) | Active defense method and system for information safety of power distribution automation system master station | |
| CN112837194A (en) | Intelligent system | |
| CN114218194A (en) | Data bank safety system | |
| Zheng | The application of information security encryption technology in military data system management | |
| CN103001937A (en) | System and method for defending against mobile storage medium virus in island-like Ethernet | |
| CN105608344A (en) | Application program safety management system and method | |
| CN101408919A (en) | Method and system for monitoring computer espionage behavior | |
| CN103488949B (en) | A kind of electronic document security system | |
| CN115941743A (en) | Method and system for identity authentication and data backup | |
| CN107315963A (en) | A kind of financial management method with remote access function | |
| CN106650492A (en) | Multi-device file protection method and device based on security catalog | |
| CN112565279A (en) | Sensor signal processing system based on safety network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: 230000 floors 4-5, building A1, Zhongguancun collaborative innovation Zhihui Park, the intersection of Nanfeihe road and Lanzhou Road, Baohe Economic Development Zone, Hefei, Anhui Province Applicant after: Anhui Changtai Technology Co.,Ltd. Address before: 230000 floor 13, building 2-C, China sound Valley International Intelligent Voice Industrial Park, 3333 Xiyou Road, high tech Zone, Hefei City, Anhui Province Applicant before: ANHUI CHANGTAI INFORMATION SECURITY SERVICE Co.,Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |