CN112307133A - Security protection method and device, computer equipment and storage medium - Google Patents
Security protection method and device, computer equipment and storage medium Download PDFInfo
- Publication number
- CN112307133A CN112307133A CN202011183192.6A CN202011183192A CN112307133A CN 112307133 A CN112307133 A CN 112307133A CN 202011183192 A CN202011183192 A CN 202011183192A CN 112307133 A CN112307133 A CN 112307133A
- Authority
- CN
- China
- Prior art keywords
- service data
- sample
- safety protection
- determining
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 39
- 238000013145 classification model Methods 0.000 claims abstract description 30
- 238000000605 extraction Methods 0.000 claims description 13
- 230000011218 segmentation Effects 0.000 claims description 12
- 238000012549 training Methods 0.000 claims description 11
- 238000004590 computer program Methods 0.000 claims description 8
- 238000012545 processing Methods 0.000 claims description 8
- 238000013473 artificial intelligence Methods 0.000 abstract description 2
- 238000005516 engineering process Methods 0.000 abstract description 2
- 238000010801 machine learning Methods 0.000 abstract description 2
- 230000008569 process Effects 0.000 description 6
- 230000005540 biological transmission Effects 0.000 description 4
- 238000004422 calculation algorithm Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 238000007637 random forest analysis Methods 0.000 description 4
- 238000010276 construction Methods 0.000 description 3
- 238000013527 convolutional neural network Methods 0.000 description 3
- 238000007639 printing Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 2
- 238000002372 labelling Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 238000011176 pooling Methods 0.000 description 2
- 230000001960 triggered effect Effects 0.000 description 2
- 230000006835 compression Effects 0.000 description 1
- 238000007906 compression Methods 0.000 description 1
- 230000006378 damage Effects 0.000 description 1
- 238000003066 decision tree Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/28—Databases characterised by their database models, e.g. relational or object models
- G06F16/284—Relational databases
- G06F16/285—Clustering or classification
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/22—Indexing; Data structures therefor; Storage structures
- G06F16/2282—Tablespace storage structures; Management thereof
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/28—Databases characterised by their database models, e.g. relational or object models
- G06F16/283—Multi-dimensional databases or data warehouses, e.g. MOLAP or ROLAP
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/21—Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
- G06F18/214—Generating training patterns; Bootstrap methods, e.g. bagging or boosting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/23—Clustering techniques
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/24—Classification techniques
- G06F18/243—Classification techniques relating to the number of classes
- G06F18/24323—Tree-organised classifiers
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Databases & Information Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Bioinformatics & Computational Biology (AREA)
- Evolutionary Biology (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Artificial Intelligence (AREA)
- Life Sciences & Earth Sciences (AREA)
- Evolutionary Computation (AREA)
- Software Systems (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Bioethics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a safety protection method, a safety protection device, computer equipment and a storage medium, relates to the technical field of artificial intelligence, and mainly aims to put limited protection resources in enterprises into business data with the most protection value by adopting different safety protection standards for different types of business data so as to realize the most effective safety protection of the business data. The method comprises the following steps: determining a multi-dimensional attribute corresponding to service data requested by a user; inputting the multi-dimensional attributes into a preset service data classification model for classification to obtain class information corresponding to the service data; and determining a safety protection grade corresponding to the service data according to the category information, and performing safety protection on the service data by adopting a safety protection strategy corresponding to the safety protection grade. The invention adopts the machine learning technology and is mainly suitable for the safety protection of the business data.
Description
Technical Field
The invention relates to the technical field of artificial intelligence, in particular to a safety protection method, a safety protection device, computer equipment and a storage medium.
Background
In the big data era, almost any enterprise business can not be supported by data during operation, and mass data are easy to generate data security problems in the whole life cycle (collection, transmission, storage, use, destruction and the like), so that effective security protection needs to be performed on enterprise business data to ensure data security.
At present, in the process of performing security protection on enterprise business data, a uniform protection standard is generally adopted to perform security protection on the business data. However, in this method, it is difficult to define the protection ranges of different service data, and a uniform protection standard is adopted for different service data, which may result in that limited protection resources are put into data that does not need to be heavily protected, but not enough protection resources are put into data that needs to be heavily protected, thereby failing to perform effective security protection on the service data.
Disclosure of Invention
The invention provides a safety protection method, a safety protection device, computer equipment and a storage medium, which mainly adopt different safety protection standards for different types of business data, and can put limited protection resources in enterprises into the business data with the most protection value so as to realize the most effective safety protection of the business data.
According to a first aspect of the present invention, there is provided a safety protection method comprising:
determining a multi-dimensional attribute corresponding to service data requested by a user;
inputting the multi-dimensional attributes into a preset service data classification model for classification to obtain class information corresponding to the service data;
and determining a safety protection grade corresponding to the service data according to the category information, and performing safety protection on the service data by adopting a safety protection strategy corresponding to the safety protection grade.
According to a second aspect of the present invention, there is provided a safety shield apparatus comprising:
the determining unit is used for determining the multi-dimensional attributes corresponding to the service data requested by the user;
the classification unit is used for inputting the multi-dimensional attributes into a preset service data classification model for classification to obtain class information corresponding to the service data;
and the protection unit is used for determining the safety protection level corresponding to the service data according to the category information and carrying out safety protection on the service data by adopting a safety protection strategy corresponding to the safety protection level.
According to a third aspect of the present invention, there is provided a computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of:
determining a multi-dimensional attribute corresponding to service data requested by a user;
inputting the multi-dimensional attributes into a preset service data classification model for classification to obtain class information corresponding to the service data;
and determining a safety protection grade corresponding to the service data according to the category information, and performing safety protection on the service data by adopting a safety protection strategy corresponding to the safety protection grade.
According to a fourth aspect of the present invention, there is provided a computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the following steps when executing the program:
determining a multi-dimensional attribute corresponding to service data requested by a user;
inputting the multi-dimensional attributes into a preset service data classification model for classification to obtain class information corresponding to the service data;
and determining a safety protection grade corresponding to the service data according to the category information, and performing safety protection on the service data by adopting a safety protection strategy corresponding to the safety protection grade.
Compared with the prior mode of carrying out safety protection on the service data by adopting a unified protection standard, the safety protection method, the safety protection device, the computer equipment and the storage medium provided by the invention can determine the multi-dimensional attribute corresponding to the service data requested by a user; inputting the multi-dimensional attributes into a preset service data classification model for classification to obtain class information corresponding to the service data; meanwhile, the safety protection grade corresponding to the business data is determined according to the category information, and safety protection strategies corresponding to the safety protection grade are adopted to carry out safety protection on the business data, so that the safety protection grade corresponding to the business data can be determined by classifying the business data requested by the user, and the corresponding safety protection strategies are adopted to carry out safety protection on the business data, so that different safety protection standards can be adopted, limited protection resources in an enterprise can be put into the business data with the most protection value, and the most effective safety protection on the business data can be realized.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the invention without limiting the invention. In the drawings:
FIG. 1 is a flow chart of a security protection method provided by an embodiment of the invention;
FIG. 2 is a flow chart of another security protection method provided by the embodiment of the invention;
FIG. 3 is a schematic diagram illustrating a safety shield apparatus according to an embodiment of the present invention;
FIG. 4 is a schematic diagram illustrating another safety shield apparatus provided by an embodiment of the present invention;
fig. 5 shows a physical structure diagram of a computer device according to an embodiment of the present invention.
Detailed Description
The invention will be described in detail hereinafter with reference to the accompanying drawings in conjunction with embodiments. It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict.
At present, in the process of performing security protection on enterprise business data, a uniform protection standard is generally adopted to perform security protection on the business data. However, in this method, it is difficult to define the protection ranges of different service data, and a uniform protection standard is adopted for different service data, which may result in that limited protection resources are put into data that does not need to be heavily protected, but not enough protection resources are put into data that needs to be heavily protected, thereby failing to perform effective security protection on the service data.
In order to solve the above problem, an embodiment of the present invention provides a safety protection method, as shown in fig. 1, the method includes:
101. and determining the multi-dimensional attributes corresponding to the service data requested by the user.
The business data specifically comprises database table data, server files, business system business information and the like of an enterprise, the multidimensional attribute corresponding to the business data comprises a key field corresponding to the business data and corresponding meanings, data lengths, data types, business attributes, owner attributes and the like, and the owner attributes specifically comprise: customers, businesses, governments, etc. For the embodiment of the invention, in order to overcome the defect that the business data is subjected to safety protection by adopting a unified safety protection standard in the prior art, the embodiment of the invention classifies the business data in an enterprise by adopting a machine learning technology, determines the safety protection grade corresponding to the business data according to the classification result, and performs safety protection on the business data by adopting the safety protection strategy corresponding to the safety protection grade, so that the limited safety protection resources in the enterprise can be put into the business data with the most protection value by adopting different safety protection standards to realize effective safety protection on the business data. The embodiment of the invention is mainly suitable for performing security protection on the service data, and the execution main body of the embodiment of the invention is a device or equipment capable of performing security protection on the service data, and can be specifically arranged on one side of a client or a server.
For the embodiment of the invention, a data security protection platform is established, when a user requests for service data display, download, transmission, forwarding and printing, a data security protection platform interface is called to determine the multidimensional attribute corresponding to the service data requested by the user, specifically, the multidimensional attribute corresponding to the service data, such as data length, data type, service attribute and owner attribute, can be determined by inquiring a preset service data attribute table, different service data and corresponding attributes are recorded in the preset service data attribute table, when one service data is generated in an enterprise, attribute marking is carried out on the service data, the service data and the corresponding attributes are recorded in the preset service data attribute table, word segmentation processing can be carried out on the service data specifically aiming at the key field corresponding to the service data, and a preset key field table is inquired according to the word segmentation processing result, and determining a key field corresponding to the service data, so that a multi-dimensional attribute corresponding to the service data can be determined, and the category information corresponding to the service data can be determined according to the multi-dimensional attribute, and then the service data is subjected to security protection by adopting a corresponding security protection strategy according to the category information.
102. And inputting the multi-dimensional attributes into a preset service data classification model for classification to obtain class information corresponding to the service data.
The preset business data classification model can be a random forest classification model, for the embodiment of the invention, in order to determine the class information corresponding to the business data requested by a user, multidimensional attributes are input into the random forest classification model for data classification, the class information corresponding to the business data is determined, when the random forest classification model is used for classification, firstly, the weighted values corresponding to the multidimensional attributes are determined, the attribute characteristics corresponding to the multidimensional attributes are extracted, then the business data are classified based on the weighted values and the attribute characteristics, the class information corresponding to the business data is obtained, wherein the class information corresponding to the business data comprises enterprise core business data, common business data, client confidential information, client general information and company public business information, and the enterprise core business data is most confidential, the highest security protection level is used in a hidden mode, and then client confidential information, enterprise common operation data, client common information and company open operation information are used.
103. And determining a safety protection grade corresponding to the service data according to the category information, and performing safety protection on the service data by adopting a safety protection strategy corresponding to the safety protection grade.
For the embodiment of the invention, the security protection grades corresponding to different types of business data are different, for example, the core business data of an enterprise needs to be most confidential and needs the security protection of the highest level, so that the first-level security protection grade corresponding to the core business data of the enterprise is determined, the second-level security protection grade corresponding to the confidential information of a client, the third-level security protection grade corresponding to the common business data of the enterprise, the fourth-level security protection grade corresponding to the general information of the client and the fifth-level security protection grade corresponding to the public business information of the company are determined. Further, after the security protection level corresponding to the service data is determined according to the category information corresponding to the service data, security protection is performed on the service data by using a security protection strategy corresponding to the security protection level, for example, the category information is enterprise core operation data, the security protection level is determined to be one level, that is, the service data is the highest secret, downloading, transmission and printing are not allowed, and if a certain page system calls a data security protection platform interface, an operation refusal result is returned; for another example, the classification information is basic information of the client, the safety protection level is determined to be three levels, the signature and the report are triggered, and relevant operations are released after the examination and approval by relevant leaders; for another example, the classified information is company open operation information, and the safety protection level is determined to be five levels, so that the company can be directly released without examination and approval.
Compared with the conventional mode of performing safety protection on service data by adopting a unified protection standard, the safety protection method provided by the embodiment of the invention can determine the multi-dimensional attribute corresponding to the service data requested by a user; inputting the multi-dimensional attributes into a preset service data classification model for classification to obtain class information corresponding to the service data; meanwhile, the safety protection grade corresponding to the business data is determined according to the category information, and safety protection strategies corresponding to the safety protection grade are adopted to carry out safety protection on the business data, so that the safety protection grade corresponding to the business data can be determined by classifying the business data requested by the user, and the corresponding safety protection strategies are adopted to carry out safety protection on the business data, so that different safety protection standards can be adopted, limited protection resources in an enterprise can be put into the business data with the most protection value, and the most effective safety protection on the business data can be realized.
Further, to better describe the security protection process performed on the service data, as a refinement and an extension of the foregoing embodiment, an embodiment of the present invention provides another security protection method, as shown in fig. 2, where the method includes:
201. and determining the multi-dimensional attributes corresponding to the service data requested by the user.
Wherein, the multidimensional attribute includes a key field, a data type, a service attribute, and the like corresponding to the service data, and in order to determine the key field, the data type, and the service attribute corresponding to the service data, step 201 specifically includes: inquiring a preset service data attribute table according to the service data, and respectively determining the data type and the service attribute corresponding to the service data; performing word segmentation processing on the service data to obtain a word segmentation result corresponding to the service data, and determining a key field corresponding to the service data according to the word segmentation result and a preset key field table. The method comprises the steps of recording different service data and corresponding attributes thereof in a preset service data attribute table, determining data types, data lengths, service attributes, owner attributes and the like corresponding to the service data by inquiring the preset service data attribute table, wherein the owner attributes comprise clients, enterprises, governments and the like, further, in order to determine key fields corresponding to the service data, word segmentation processing can be carried out on the service data by utilizing a preset natural voice algorithm to obtain all word segments, then, inquiring a preset key field table according to the obtained word segments to determine the key fields corresponding to the service data, wherein the preset key field table stores all the key fields and corresponding meanings thereof.
Further, before classifying the service data, sample service data needs to be acquired and labeled, and a preset service data classification model is constructed according to the labeled sample service data, based on which the method further comprises: acquiring sample business data in an enterprise; determining an importance score corresponding to the sample business data, and determining category information corresponding to the sample business data according to the importance score; marking the sample service data according to the category information to obtain marked sample service data; and taking the marked sample business data as a sample training set, training the sample training set, and constructing a preset business data classification model. Further, the determining the importance score corresponding to the sample service data includes: clustering the sample service data to obtain sample service data under different clustering categories; determining target attributes respectively corresponding to the sample service data under different clustering categories; and scoring the sample service data according to the target attribute to obtain importance scores corresponding to the sample data under different cluster types. Further, the determining the category information corresponding to the sample service data according to the importance score includes: and adding the importance scores corresponding to the sample data, then taking an average value, and determining the category information corresponding to the sample service data under different cluster categories according to the average value.
Specifically, aiming at the construction process of a preset business data classification model, partial or all business data in an enterprise can be collected as sample business data, then multidimensional attributes corresponding to the sample business data are determined, and the sample business data are clustered according to the multidimensional attributes corresponding to different sample business data to obtain sample business data under different clustering categories.
Specifically, importance scores can be performed on each sample service data under different clustering categories, for example, attributes of several dimensions are screened from the multidimensional attributes as target attributes, importance scores are performed on the target attributes corresponding to each sample service data, so as to obtain the importance scores corresponding to each sample data, for example, the key field corresponding to the sample service data 1, the owner service attributes are "project construction" and "government", the corresponding scores are respectively 4 scores and 5 scores, the importance score corresponding to the sample service data 1 is obtained by summing up the scores, the key field corresponding to the sample service data 2 and the owner service attributes are "insurance" and "customer", the corresponding scores are respectively 2 scores and 1 score, the importance score corresponding to the sample service data 2 is obtained by summing up the scores and is 3 scores, so that the importance scores corresponding to each sample service data under different clustering categories can be determined, adding the importance scores corresponding to the sample service data, and then taking an average value, and determining the category information corresponding to the sample service data under different clustering categories according to the average value, for example, determining that the clustering category a includes three service data, wherein the importance score corresponding to the service data 1 is 8 points, the importance score corresponding to the service data 2 is 9 points, the importance score corresponding to the service data 3 is 4 points, adding the importance scores corresponding to the service data, and then taking the average value (8+9+4)/3 being 7 points, if the average value is greater than or equal to 8 points, determining that the category information corresponding to the sample service data under the clustering category is the enterprise core business service data; if the score is more than or equal to 5 and less than 8, the category information corresponding to the sample service data under the cluster category is determined to be client confidential information, obviously, the average value of the sample service data under the cluster category A is between 5 and 8, the category information corresponding to the sample service data under the cluster category A is determined to be the client confidential information, and therefore the category information corresponding to the sample service data under different cluster categories can be determined, namely, the category information corresponding to the sample service data under different cluster categories can be accurately determined by carrying out clustering and importance scoring algorithms on the sample service data.
In addition, for the clustering process of the sample service data, the clustering process of the sample service data to obtain the sample service data under different clustering categories includes: determining attribute characteristics corresponding to the sample service data according to the multi-dimensional attributes corresponding to the sample service data; calculating Euclidean distances between different sample service data according to the attribute characteristics corresponding to the sample service data; and clustering the sample service data according to the calculated Euclidean distance to obtain the sample service data under different clustering categories.
Specifically, firstly, a preset service data attribute table is inquired, multi-dimensional attributes corresponding to sample service data are determined, then, a convolutional neural network is used for carrying out feature extraction on the multi-dimensional attributes to obtain attribute features corresponding to the multi-dimensional attributes, then, according to the attribute features corresponding to different sample service data, the Euclidean distance between different sample service data is calculated by using a preset Euclidean distance algorithm, clustering processing is carried out on the sample service data according to the calculated Euclidean distance, and the Euclidean distance between the sample service data under the same clustering category is ensured to be smaller than the preset distance.
Further, labeling the sample service data according to the determined class information corresponding to the sample service data under different clustering classes, taking the labeled sample service data as a training set, training the training set by using a preset random forest algorithm, and constructing a preset service data classification model, wherein the service data classification model can output the class information corresponding to the service data according to the mapping relation between the multidimensional attribute of the service data and the class information.
202. And utilizing the feature extraction module to perform feature extraction on the multi-dimensional attributes to obtain attribute features corresponding to the multi-dimensional attributes.
The preset business data classification model comprises a feature extraction module and a classification module, multi-dimensional attributes corresponding to the business data are input to the feature extraction module of the preset classification model for feature extraction, and attribute features corresponding to the multi-dimensional attributes are determined, so that the category information corresponding to the business data is determined according to the extracted attribute features. The feature extraction module can be specifically a convolutional neural network, the convolutional neural network mainly comprises two parts, the first part is an input layer, the second part is composed of a convolutional layer and a pooling layer, after multi-dimensional attributes are input through the input layer, features corresponding to the multi-dimensional attributes are learned by using different convolutional kernels in the convolutional layer, and then the attribute features corresponding to the multi-dimensional attributes are obtained after downsampling, dimensionality reduction, redundant information removal and feature compression through the pooling layer.
203. Determining a weighted value corresponding to the multidimensional attribute in the classification module, inputting the attribute feature to the classification module, respectively calculating probability values of the service data belonging to different categories by using the weighted value, and determining category information corresponding to the service data based on the calculated probability values. .
The category information corresponding to the business data comprises enterprise core operation data, enterprise common operation data, client confidential information, client general information and company open operation information, the enterprise core operation data is the most confidential, the highest security protection level is used in a hidden mode, and then the client confidential information, the enterprise common operation data, the client general information and the company open operation information are respectively used. For the embodiment of the present invention, in order to improve the accuracy of classifying the service data, it is necessary to determine the weighted values corresponding to the different dimensional attributes, and specifically, the weighted values corresponding to the different dimensional attributes may be set according to the service requirements, for example, because the service attribute has a relatively large association with the category information of the service data, the data length of the service data has a relatively small association with the category information of the service data, the weighted value corresponding to the service attribute may be set to 0.5, and the weighted value corresponding to the data length is set to 0.1, so as to set the weighted value corresponding to the multidimensional attribute in the classification module, the classification module may be specifically a decision tree classifier, specifically, the attribute characteristics are input to the classification module, the attribute characteristics and the weighted values corresponding to the multidimensional attribute are respectively calculated, the probability values of the service data belonging to different categories are respectively calculated, and the maximum probability value is screened from, and determining the category information corresponding to the maximum probability value as the category information corresponding to the service data.
204. And determining a safety protection grade corresponding to the service data according to the category information, and performing safety protection on the service data by adopting a safety protection strategy corresponding to the safety protection grade.
For the embodiment, the security protection levels corresponding to different types of business data are different, for example, the core business data of an enterprise needs to be the most confidential and needs the highest level of security protection, so that it is determined that the core business data of the enterprise corresponds to the first level of security protection level, the confidential information of a client corresponds to the second level of security protection level, the common business data of the enterprise corresponds to the third level of security protection level, the general information of the client corresponds to the fourth level of security protection level, and the open business information of a company corresponds to the fifth level of security protection level. Further, after the security protection level corresponding to the service data is determined according to the category information corresponding to the service data, security protection is performed on the service data by using a security protection strategy corresponding to the security protection level, for example, the category information is core operation data of an enterprise, the security protection level is determined to be one level, that is, the service data is the highest secret, downloading, transmission and printing are not allowed, and if a certain page system calls a data security protection platform interface, an operation refusing result is returned; for another example, the category information is basic information of the client, the safety protection level is determined to be three levels, the signature is triggered, and after being examined and approved by a relevant leader, relevant operations are released; for another example, the category information is company open operation information, and if the safety protection level is determined to be five levels, the company can be directly released without examination and approval.
Compared with the conventional mode of performing safety protection on service data by adopting a unified protection standard, the other safety protection method provided by the embodiment of the invention can determine the multidimensional attribute corresponding to the service data requested by a user; inputting the multi-dimensional attributes into a preset service data classification model for classification to obtain class information corresponding to the service data; meanwhile, the safety protection grade corresponding to the business data is determined according to the category information, and safety protection strategies corresponding to the safety protection grade are adopted to carry out safety protection on the business data, so that the safety protection grade corresponding to the business data can be determined by classifying the business data requested by the user, and the corresponding safety protection strategies are adopted to carry out safety protection on the business data, so that different safety protection standards can be adopted, limited protection resources in an enterprise can be put into the business data with the most protection value, and the most effective safety protection on the business data can be realized.
Further, as a specific implementation of fig. 1, an embodiment of the present invention provides a safety protection device, as shown in fig. 3, where the safety protection device includes: a determination unit 31, a classification unit 32 and a guard unit 33.
The determining unit 31 may be configured to determine a multidimensional attribute corresponding to service data requested by a user. The determining unit 31 is a main functional module in the present apparatus for determining the multidimensional attribute corresponding to the service data requested by the user.
The classifying unit 32 may be configured to input the multidimensional attribute to a preset service data classification model for classification, so as to obtain class information corresponding to the service data. The classification unit 32 is a main function module, which is also a core module, for inputting the multidimensional attribute into a preset service data classification model to perform classification, so as to obtain class information corresponding to the service data.
The protection unit 33 may be configured to determine a security protection level corresponding to the service data according to the category information, and perform security protection on the service data by using a security protection policy corresponding to the security protection level. The protection unit 33 is a main function module, which determines the security protection level corresponding to the service data according to the category information and performs security protection on the service data by using a security protection policy corresponding to the security protection level, and is also a core module.
Further, in order to determine the category information corresponding to the service data, the preset service data classification model includes a feature extraction module and a classification module, as shown in fig. 4, the classification unit 32 includes an extraction module 321 and a classification module 322.
The extracting module 321 may be configured to perform feature extraction on the multidimensional attribute by using the feature extracting module to obtain an attribute feature corresponding to the multidimensional attribute.
The classification module 322 may be configured to determine weight values corresponding to the multidimensional attributes in the classification module, input the attribute features to the classification module, calculate probability values of the service data belonging to different categories respectively using the weight values, and determine category information corresponding to the service data based on the calculated probability values.
Further, the multidimensional attribute includes a key field corresponding to the service data, a data type and a service attribute, and in order to determine the multidimensional attribute corresponding to the service data requested by the user, the determining unit 31 may be specifically configured to query a preset service data attribute table according to the service data, and respectively determine the data type and the service attribute corresponding to the service data; performing word segmentation processing on the service data to obtain a word segmentation result corresponding to the service data, and determining a key field corresponding to the service data according to the word segmentation result and a preset key field table.
Further, in order to construct a preset business data classification model, the device further comprises: an acquisition unit 34, an annotation unit 35 and a construction unit 36.
The obtaining unit 34 may be configured to obtain sample business data in an enterprise.
The determining unit 31 may be configured to determine an importance score corresponding to the sample service data, and determine category information corresponding to the sample service data according to the importance score.
The labeling unit 35 may be configured to label the sample service data according to the category information to obtain labeled sample service data.
The constructing unit 36 may be configured to use the labeled sample service data as a sample training set, train the sample training set, and construct a preset service data classification model.
Further, in order to determine the importance score corresponding to the sample data, the determining unit 31 includes: a clustering module 311, a determination module 312, and a scoring module 313.
The clustering module 311 may be configured to cluster the sample service data to obtain sample service data under different clustering categories.
The determining module 312 may be configured to determine target attributes corresponding to the sample service data under the different cluster categories.
The scoring module 313 may be configured to score the sample service data according to the target attribute, so as to obtain importance scores corresponding to the sample data under different cluster categories.
Further, in order to perform clustering processing on the sample service data, the clustering module 311 includes a determining sub-module, a calculating sub-module and a clustering sub-module.
The determining submodule may be configured to determine an attribute feature corresponding to the sample service data according to the multidimensional attribute corresponding to the sample service data.
The calculating submodule can be used for calculating the Euclidean distance between different sample service data according to the attribute characteristics corresponding to the sample service data.
The clustering submodule can be used for clustering the sample service data according to the calculated Euclidean distance to obtain the sample service data under different clustering categories.
Further, in order to determine the category information corresponding to the sample service data, the determining unit 31 may be further configured to add the importance scores corresponding to the sample data, then take an average value, and determine the category information corresponding to the sample service data under different cluster categories according to the average value.
It should be noted that other corresponding descriptions of the functional modules related to the safety protection device provided in the embodiment of the present invention may refer to the corresponding description of the method shown in fig. 1, and are not described herein again.
Based on the method shown in fig. 1, correspondingly, an embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the following steps: determining a multi-dimensional attribute corresponding to service data requested by a user; inputting the multi-dimensional attributes into a preset service data classification model for classification to obtain class information corresponding to the service data; and determining a safety protection grade corresponding to the service data according to the category information, and performing safety protection on the service data by adopting a safety protection strategy corresponding to the safety protection grade.
Based on the above embodiments of the method shown in fig. 1 and the apparatus shown in fig. 3, an embodiment of the present invention further provides an entity structure diagram of a computer device, as shown in fig. 5, where the computer device includes: a processor 41, a memory 42, and a computer program stored on the memory 42 and executable on the processor, wherein the memory 42 and the processor 41 are both arranged on a bus 43 such that when the processor 41 executes the program, the following steps are performed: determining a multi-dimensional attribute corresponding to service data requested by a user; inputting the multi-dimensional attributes into a preset service data classification model for classification to obtain class information corresponding to the service data; and determining a safety protection grade corresponding to the service data according to the category information, and performing safety protection on the service data by adopting a safety protection strategy corresponding to the safety protection grade.
By the technical scheme, the invention can determine the multi-dimensional attributes corresponding to the service data requested by the user; inputting the multi-dimensional attributes into a preset service data classification model for classification to obtain class information corresponding to the service data; meanwhile, the safety protection grade corresponding to the business data is determined according to the category information, and safety protection strategies corresponding to the safety protection grade are adopted to carry out safety protection on the business data, so that the safety protection grade corresponding to the business data can be determined by classifying the business data requested by the user, and the corresponding safety protection strategies are adopted to carry out safety protection on the business data, so that different safety protection standards can be adopted, limited protection resources in an enterprise can be put into the business data with the most protection value, and the most effective safety protection on the business data can be realized.
It will be apparent to those skilled in the art that the modules or steps of the present invention described above may be implemented by a general purpose computing device, they may be centralized on a single computing device or distributed across a network of multiple computing devices, and alternatively, they may be implemented by program code executable by a computing device, such that they may be stored in a storage device and executed by a computing device, and in some cases, the steps shown or described may be performed in an order different than that described herein, or they may be separately fabricated into individual integrated circuit modules, or multiple ones of them may be fabricated into a single integrated circuit module. Thus, the present invention is not limited to any specific combination of hardware and software.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (10)
1. A method of safety protection, comprising:
determining a multi-dimensional attribute corresponding to service data requested by a user;
inputting the multi-dimensional attributes into a preset service data classification model for classification to obtain class information corresponding to the service data;
and determining a safety protection grade corresponding to the service data according to the category information, and performing safety protection on the service data by adopting a safety protection strategy corresponding to the safety protection grade.
2. The method according to claim 1, wherein the preset service data classification model includes a feature extraction module and a classification module, and the step of inputting the multidimensional attribute into the preset service data classification model for classification to obtain category information corresponding to the service data includes:
performing feature extraction on the multi-dimensional attributes by using the feature extraction module to obtain attribute features corresponding to the multi-dimensional attributes;
determining a weighted value corresponding to the multidimensional attribute in the classification module, inputting the attribute feature to the classification module, respectively calculating probability values of the service data belonging to different categories by using the weighted value, and determining category information corresponding to the service data based on the calculated probability values.
3. The method of claim 1, wherein the multidimensional attribute comprises a key field, a data type and a service attribute corresponding to the service data, and the determining the multidimensional attribute corresponding to the service data requested by the user comprises:
inquiring a preset service data attribute table according to the service data, and respectively determining the data type and the service attribute corresponding to the service data;
performing word segmentation processing on the service data to obtain a word segmentation result corresponding to the service data, and determining a key field corresponding to the service data according to the word segmentation result and a preset key field table.
4. The method of claim 1, wherein before the determining the multidimensional attribute corresponding to the service data requested by the user, the method further comprises:
acquiring sample business data in an enterprise;
determining an importance score corresponding to the sample business data, and determining category information corresponding to the sample business data according to the importance score;
marking the sample service data according to the category information to obtain marked sample service data;
and taking the marked sample business data as a sample training set, training the sample training set, and constructing a preset business data classification model.
5. The method of claim 4, wherein the determining the importance score corresponding to the sample traffic data comprises:
clustering the sample service data to obtain sample service data under different clustering categories;
determining target attributes respectively corresponding to the sample service data under different clustering categories;
and scoring the sample service data according to the target attribute to obtain importance scores corresponding to the sample data under different cluster types.
6. The method according to claim 5, wherein the clustering the sample service data to obtain sample service data under different clustering categories comprises:
determining attribute characteristics corresponding to the sample service data according to the multi-dimensional attributes corresponding to the sample service data;
calculating Euclidean distances between different sample service data according to the attribute characteristics corresponding to the sample service data;
and clustering the sample service data according to the calculated Euclidean distance to obtain the sample service data under different clustering categories.
7. The method according to claim 5, wherein the determining the category information corresponding to the sample service data according to the importance score includes:
and adding the importance scores corresponding to the sample data, then taking an average value, and determining the category information corresponding to the sample service data under different cluster categories according to the average value.
8. A safety shield apparatus, comprising:
the determining unit is used for determining the multi-dimensional attributes corresponding to the service data requested by the user;
the classification unit is used for inputting the multi-dimensional attributes into a preset service data classification model for classification to obtain class information corresponding to the service data;
and the protection unit is used for determining the safety protection level corresponding to the service data according to the category information and carrying out safety protection on the service data by adopting a safety protection strategy corresponding to the safety protection level.
9. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 7.
10. A computer arrangement comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the computer program realizes the steps of the method of any one of claims 1 to 7 when executed by the processor.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011183192.6A CN112307133A (en) | 2020-10-29 | 2020-10-29 | Security protection method and device, computer equipment and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011183192.6A CN112307133A (en) | 2020-10-29 | 2020-10-29 | Security protection method and device, computer equipment and storage medium |
Publications (1)
Publication Number | Publication Date |
---|---|
CN112307133A true CN112307133A (en) | 2021-02-02 |
Family
ID=74332009
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202011183192.6A Pending CN112307133A (en) | 2020-10-29 | 2020-10-29 | Security protection method and device, computer equipment and storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112307133A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113239687A (en) * | 2021-05-08 | 2021-08-10 | 北京天空卫士网络安全技术有限公司 | Data processing method and device |
CN116055587A (en) * | 2022-11-28 | 2023-05-02 | 中盈优创资讯科技有限公司 | Method and device for realizing hierarchical classification of API (application program interface) assets |
Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102289522A (en) * | 2011-09-19 | 2011-12-21 | 北京金和软件股份有限公司 | Method of intelligently classifying texts |
CN106447385A (en) * | 2016-08-31 | 2017-02-22 | 无锡雅座在线科技发展有限公司 | Data processing method and apparatus |
CN109597843A (en) * | 2018-12-19 | 2019-04-09 | 北京锐安科技有限公司 | Data managing method, device, storage medium and the electronic equipment of big data environment |
WO2019100724A1 (en) * | 2017-11-24 | 2019-05-31 | 华为技术有限公司 | Method and device for training multi-label classification model |
CN109992781A (en) * | 2019-04-02 | 2019-07-09 | 腾讯科技(深圳)有限公司 | Processing, device, storage medium and the processor of text feature |
CN110245684A (en) * | 2019-05-14 | 2019-09-17 | 杭州米雅信息科技有限公司 | Data processing method, electronic equipment and medium |
CN110580489A (en) * | 2018-06-11 | 2019-12-17 | 阿里巴巴集团控股有限公司 | Data object classification system, method and equipment |
CN111340148A (en) * | 2020-05-22 | 2020-06-26 | 支付宝(杭州)信息技术有限公司 | Training method of business classification model, business classification method and terminal |
WO2020147238A1 (en) * | 2019-01-18 | 2020-07-23 | 平安科技(深圳)有限公司 | Keyword determination method, automatic scoring method, apparatus and device, and medium |
CN111444334A (en) * | 2019-01-16 | 2020-07-24 | 阿里巴巴集团控股有限公司 | Data processing method, text recognition device and computer equipment |
CN111539005A (en) * | 2020-04-23 | 2020-08-14 | 中国电子技术标准化研究院 | Block chain data identification method and related device oriented to data security policy |
CN111667022A (en) * | 2020-06-30 | 2020-09-15 | 腾讯科技(深圳)有限公司 | User data processing method and device, computer equipment and storage medium |
-
2020
- 2020-10-29 CN CN202011183192.6A patent/CN112307133A/en active Pending
Patent Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102289522A (en) * | 2011-09-19 | 2011-12-21 | 北京金和软件股份有限公司 | Method of intelligently classifying texts |
CN106447385A (en) * | 2016-08-31 | 2017-02-22 | 无锡雅座在线科技发展有限公司 | Data processing method and apparatus |
WO2019100724A1 (en) * | 2017-11-24 | 2019-05-31 | 华为技术有限公司 | Method and device for training multi-label classification model |
CN110580489A (en) * | 2018-06-11 | 2019-12-17 | 阿里巴巴集团控股有限公司 | Data object classification system, method and equipment |
CN109597843A (en) * | 2018-12-19 | 2019-04-09 | 北京锐安科技有限公司 | Data managing method, device, storage medium and the electronic equipment of big data environment |
CN111444334A (en) * | 2019-01-16 | 2020-07-24 | 阿里巴巴集团控股有限公司 | Data processing method, text recognition device and computer equipment |
WO2020147238A1 (en) * | 2019-01-18 | 2020-07-23 | 平安科技(深圳)有限公司 | Keyword determination method, automatic scoring method, apparatus and device, and medium |
CN109992781A (en) * | 2019-04-02 | 2019-07-09 | 腾讯科技(深圳)有限公司 | Processing, device, storage medium and the processor of text feature |
CN110245684A (en) * | 2019-05-14 | 2019-09-17 | 杭州米雅信息科技有限公司 | Data processing method, electronic equipment and medium |
CN111539005A (en) * | 2020-04-23 | 2020-08-14 | 中国电子技术标准化研究院 | Block chain data identification method and related device oriented to data security policy |
CN111340148A (en) * | 2020-05-22 | 2020-06-26 | 支付宝(杭州)信息技术有限公司 | Training method of business classification model, business classification method and terminal |
CN111667022A (en) * | 2020-06-30 | 2020-09-15 | 腾讯科技(深圳)有限公司 | User data processing method and device, computer equipment and storage medium |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113239687A (en) * | 2021-05-08 | 2021-08-10 | 北京天空卫士网络安全技术有限公司 | Data processing method and device |
CN113239687B (en) * | 2021-05-08 | 2024-03-22 | 北京天空卫士网络安全技术有限公司 | Data processing method and device |
CN116055587A (en) * | 2022-11-28 | 2023-05-02 | 中盈优创资讯科技有限公司 | Method and device for realizing hierarchical classification of API (application program interface) assets |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2021093755A1 (en) | Matching method and apparatus for questions, and reply method and apparatus for questions | |
CN114930318B (en) | Classifying data using aggregated information from multiple classification modules | |
US20210281593A1 (en) | Systems and methods for machine learning-based digital content clustering, digital content threat detection, and digital content threat remediation in machine learning task-oriented digital threat mitigation platform | |
US10637826B1 (en) | Policy compliance verification using semantic distance and nearest neighbor search of labeled content | |
CN106650799A (en) | Electronic evidence classification extraction method and system | |
GB2417110A (en) | Extracting indices from scanned documents | |
CN109831459B (en) | Method, device, storage medium and terminal equipment for secure access | |
CN107273752B (en) | Vulnerability automatic classification method based on word frequency statistics and naive Bayes fusion model | |
GB2417109A (en) | Automatic document indexing and classification system | |
CN108090068A (en) | The sorting technique and device of table in hospital database | |
CN112307133A (en) | Security protection method and device, computer equipment and storage medium | |
CN113807940B (en) | Information processing and fraud recognition method, device, equipment and storage medium | |
CN110910991A (en) | Medical automatic image processing system | |
CN109960719A (en) | A kind of document handling method and relevant apparatus | |
CN111586695A (en) | Short message identification method and related equipment | |
US11822578B2 (en) | Matching machine generated data entries to pattern clusters | |
CN113495886A (en) | Method and device for detecting pollution sample data for model training | |
CN115115369A (en) | Data processing method, device, equipment and storage medium | |
CN112579781A (en) | Text classification method and device, electronic equipment and medium | |
CN110363534B (en) | Method and device for identifying abnormal transaction | |
CN112199388A (en) | Strange call identification method and device, electronic equipment and storage medium | |
CN111752734A (en) | Abnormal data classification method, abnormal data analysis method, abnormal data classification device and abnormal data analysis device, and storage medium | |
CN116226108A (en) | Data management method and system capable of realizing different management degrees | |
US11397853B2 (en) | Word extraction assistance system and word extraction assistance method | |
CN114090850A (en) | Log classification method, electronic device and computer-readable storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |