CN112328764A - File identification method and device and computer readable storage medium - Google Patents
File identification method and device and computer readable storage medium Download PDFInfo
- Publication number
- CN112328764A CN112328764A CN202011221921.2A CN202011221921A CN112328764A CN 112328764 A CN112328764 A CN 112328764A CN 202011221921 A CN202011221921 A CN 202011221921A CN 112328764 A CN112328764 A CN 112328764A
- Authority
- CN
- China
- Prior art keywords
- file
- matching
- target file
- extracting
- type
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/30—Information retrieval; Database structures therefor; File system structures therefor of unstructured textual data
- G06F16/33—Querying
- G06F16/332—Query formulation
- G06F16/3329—Natural language query formulation or dialogue systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
Abstract
The disclosure relates to a file identification method, a file identification device and a computer readable storage medium, wherein the method comprises the following steps: extracting a target file based on the mirror image network flow; matching the extracted target file according to the file characteristics; and outputting corresponding prompt information according to the matching result. The device comprises a corresponding extraction module, a matching module and a prompt module. Through the embodiments of the disclosure, the occurrence of the file transmission behavior containing the confidential information in the network can be accurately detected.
Description
Technical Field
The present disclosure relates to the field of data processing technologies, and in particular, to a file identification method, device, and computer-readable storage medium.
Background
In the prior art, some modes of extracting files correspondingly through mirror image network flow exist, but a scheme for specially detecting file leakage is lacked at present aiming at the condition that the extracted files belong to confidential files.
Disclosure of Invention
The disclosure is directed to a method and an apparatus for identifying a file, and a computer-readable storage medium, which can accurately detect the occurrence of a file transmission behavior including confidential information in a network.
According to one aspect of the present disclosure, there is provided a file identification method, including:
extracting a target file based on the mirror image network flow;
matching the extracted target file according to the file characteristics;
and outputting corresponding prompt information according to the matching result.
In some embodiments, the extracting the target file based on the mirror network traffic includes:
analyzing the monitored network data packet;
and extracting the corresponding target file by using the file characteristics and/or the keywords.
In some embodiments, the extracting the corresponding target document by using the document feature and/or the keyword includes at least one of the following modes:
extracting a first type target file according to the first type file characteristics and/or the first type keywords;
extracting a second type target file according to the second type file characteristics and/or the second type keywords;
and extracting the third type target file according to the third type file characteristics and/or the third type keywords.
In some embodiments, the matching the extracted target document according to the document features includes:
the extracted target document is matched according to the general document features and/or the predefined document features.
In some embodiments, wherein matching the extracted target document according to the common document features comprises at least one of:
matching the extracted target file according to the identity characteristics;
matching the extracted target file according to the network node characteristics;
matching the extracted target file according to the financial characteristics;
and matching the extracted target file according to the financial characteristics.
In some embodiments, the predefined file characteristics are defined in a manner including:
defining the predefined file characteristics in terms of the importance of user information and/or device information; and/or
Defining the predefined file characteristics with operational information.
In some embodiments, the outputting the corresponding prompt information according to the matching result includes:
and under the condition that the extracted target file and the file characteristics can be matched, outputting alarm information.
According to one aspect of the present disclosure, there is provided an apparatus for identifying a file, including:
an extraction module configured to extract a target file based on the mirrored network traffic;
a matching module configured to match the extracted target file according to file features;
and the prompt module is configured to output corresponding prompt information according to the matching result.
In some embodiments, the first and second light sources, wherein,
the matching module is further configured to match the extracted target document according to the general document features and/or the predefined document features, wherein:
the generic file features include: identity, network node, financial;
the predefined file characteristics include: the predefined file characteristics are defined in the importance of user information and/or device information, and the predefined file characteristics are defined in the operation information.
According to one aspect of the present disclosure, there is provided a computer-readable storage medium having stored thereon computer-executable instructions that, when executed by a processor, implement:
according to the file identification method.
The file identification method, device and computer readable storage medium of various embodiments of the present disclosure extract a target file based at least on a mirror image network traffic; matching the extracted target file according to the file characteristics; and outputting corresponding prompt information according to the matching result, extracting the file from the network flow mirror image, and performing sensitive file feature matching on the extracted file, so that whether the sensitive file is leaked or not can be identified through monitoring of the mirror image network flow.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure, as claimed.
Drawings
In the drawings, which are not necessarily drawn to scale, like reference numerals may designate like components in different views. Like reference numerals with letter suffixes or like reference numerals with different letter suffixes may represent different instances of like components. The drawings illustrate various embodiments generally, by way of example and not by way of limitation, and together with the description and claims, serve to explain the disclosed embodiments.
FIG. 1 shows a flow diagram of a file identification method of an embodiment of the present disclosure;
fig. 2 shows an architecture diagram of a file identification device according to an embodiment of the present disclosure.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present disclosure more clear, the technical solutions of the embodiments of the present disclosure will be described below clearly and completely with reference to the accompanying drawings of the embodiments of the present disclosure. It is to be understood that the described embodiments are only a few embodiments of the present disclosure, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the described embodiments of the disclosure without any inventive step, are within the scope of protection of the disclosure.
Unless otherwise defined, technical or scientific terms used herein shall have the ordinary meaning as understood by one of ordinary skill in the art to which this disclosure belongs. The word "comprising" or "comprises", and the like, means that the element or item listed before the word covers the element or item listed after the word and its equivalents, but does not exclude other elements or items.
To maintain the following description of the embodiments of the present disclosure clear and concise, a detailed description of known functions and known components have been omitted from the present disclosure.
The technical scheme of the embodiment of the disclosure relates to a detection scheme of mirror image flow and sensitive files. The mirror image flow is to forward the data flow of one or more source ports to a certain designated port on a switch or a router to realize the monitoring of the network, the designated port is called as a mirror image port or a destination port, and the monitoring and analysis of the network flow can be carried out through the mirror image port under the condition that the normal throughput flow of the source ports is not seriously influenced. The sensitive file can be regarded as a private file containing sensitive information of an enterprise, and comprises the following steps: financial statements, employee payroll, employee name and phone number bank card information, server login information, and the like.
As one solution, as shown in fig. 1, an embodiment of the present disclosure provides a file identification method, including:
s101: extracting a target file based on the mirror image network flow;
s102: matching the extracted target file according to the file characteristics;
s103: and outputting corresponding prompt information according to the matching result.
The device copies the message flowing from the mirror port and transmits the message to the designated observation port for analysis and monitoring. The port mirror images are divided into local port mirror images and remote port mirror images according to different positions of the monitoring equipment in the network. The local port mirror means that the view port is directly connected to the monitoring device, and the view port is called a local view port. The remote port mirroring means that the view port and the monitoring device transmit a mirror message through an intermediate network, and at this time, the view port is called a remote view port. Configuring a certain rule on the equipment to perform flow mirroring, and copying the specific service flow which meets the rule to an observation port for analysis and monitoring. The method comprises the following steps: VLAN mirroring, wherein messages of all active interfaces in a designated VLAN are mirrored to an observation port, and a user can monitor messages in a certain VLAN or certain VLANs. Similar to port mirroring, VLAN mirroring can also be divided into local VLAN mirroring and remote VLAN mirroring depending on the location of the monitoring device in the network. In remote VLAN mirroring, a VLAN where a host is located and a VLAN of a middle two-layer network for forwarding a mirrored message cannot be the same; and MAC mirroring, namely mirroring the message matched with the appointed source or destination MAC address in the VLAN to the observation port. MAC address mirroring provides a more accurate mirroring method, and a user can monitor messages of specific equipment in a network.
In the embodiments of the present disclosure, an implementation manner that may be adopted to extract the target file may be to analyze the monitored network data packet, and allocate the network data packet to a specific network data stream according to the quintuple information of the network data packet, where the network data stream may be a set of network data packets having a consistent quintuple within a certain time. Outputting the network data stream, generating an AC automatic machine (Aho-Corasick automatic machine) by taking the initial characteristic and the end characteristic of the file to be matched as state nodes, inputting the network data stream to be matched into the AC automatic machine, and judging whether the characteristics are matched or not through state conversion; if the initial characteristics and the ending characteristics of the built-in files of the AC automaton are matched at the same time, the fact that the network data stream comprises the files to be matched is proved, the initial positions and the ending positions of the files are determined, and the matched network data stream is output. And extracting the target file in the matched network data stream according to the determined file position. And when the monitored network data packet is captured, searching whether a corresponding network data stream exists in the network data stream management system according to the quintuple information. If the corresponding network data stream exists, acquiring the corresponding network data stream from the network data stream management system, and filling the data information in the network data packet into the corresponding network data stream; and if the corresponding network data stream does not exist, newly establishing the network data stream in the network data stream management system, and recording the creation time of the network data stream.
In some embodiments, the mirror network traffic-based target file extraction method of the present disclosure may be: the extraction of the target file based on the mirror image network flow comprises the following steps:
analyzing the monitored network data packet;
and extracting the corresponding target file by using the file characteristics and/or the keywords.
For some file types, in some embodiments of the present disclosure, may further be:
the extracting of the corresponding target file by the file characteristics and/or the keywords comprises at least one of the following modes:
extracting a first type target file according to the first type file characteristics and/or the first type keywords;
extracting a second type target file according to the second type file characteristics and/or the second type keywords;
and extracting the third type target file according to the third type file characteristics and/or the third type keywords.
Specifically, the file types and keywords related to the embodiments of the present disclosure may include, but are not limited to, the following:
1. the compression class is used as a file type, and the keywords contained in the file type can be:
ZIP START:PK\003\004 Zip archive data
ZIP FOOTER:PK\x05\x06 End of Zip archive
RAR START:\x52\x61\x72\x21\x1A\x07
RPM START:0xedabeedb
JAR START:JARCS
TAR START:GNU\x20tar-
2. taking the document class as a file type, the keywords contained in the document class can be:
PDF START:%PDF-
3. taking an executable class as a file type, the keywords contained in the executable class can be:
ELF START:\177ELF
PE START:MZ
in some embodiments, the matching the extracted target document according to document features of the present disclosure may include:
the extracted target document is matched according to the general document features and/or the predefined document features.
Specifically, in this embodiment, the file extracted in step S101 may be input into a module configured as a sensitive file identification module, and feature matching of the sensitive file is performed. The sensitive features include general features and user-defined features according to the network environment of the user. Wherein:
general features include, but are not limited to, the following list:
i. identity features, such as document features, numbering features, etc., taking identity card features as an example: b (1[1-5] |2[1-3] |3[1-7] |4[1-6] |5[0-4] |6[1-5] |71|81|82) [0-9] {4} (19|20) [1-9] {2} ((0[1-9]) | (1[0-2])) ([0-2] [1-9]) |10|20|30|31) \\ d {3} [0-9Xx ] \ b
Network node characteristics, such as file source address, file destination address, file path, etc., taking mailbox characteristics as an example:
(?i)\b[A-Z0-9+_.-]+@[A-Z0-9.-]+((\.com)|(\.com\.cn)|(.net)|(\.net\.cn)|(\.org)|(\.gov\.cn)|(\.cn)|(\.org\.cn))\b
financial features, such as relating to property, pipelining, etc., taking bank card features as an example:
\b60113\d{9}\b
\b621056801\d{10}\b
it should be understood that the present embodiment may also relate to other general keywords, such as financial statements, payroll, etc. that may relate to sensitive information.
In some embodiments, the predefined file characteristics of the present disclosure may be defined in a manner including:
defining the predefined file characteristics in terms of the importance of user information and/or device information; and/or
Defining the predefined file characteristics with operational information.
In particular, in some embodiments, the user-defined features include: important employee names, for example, if the important employee of the company is Zhang Sanli four, the employee name is set as a self-defined keyword; an important customer name; a special server login username, etc. And defining corresponding file characteristics through the importance degree and the grade marking of the user information and the equipment information. The operation information for dynamic sensitive information, such as the operation process of logging in the server, the input login information, the link operation for sensitive information related to identity, property, trade secret, etc., may also be used as the content for defining the document characteristics in the embodiment of the present disclosure.
In some embodiments, the outputting the corresponding prompt information according to the matching result of the present disclosure may include:
and under the condition that the extracted target file and the file characteristics can be matched, outputting alarm information.
Specifically, for the detection of the sensitive file, the extracted file is subjected to feature matching according to the features, and once the extracted file is matched, an alarm is given, so that a good interaction function with a user is realized, and the occurrence of a file transmission behavior containing confidential information in a network is accurately detected and informed to the user.
As one solution, as shown in fig. 2, an embodiment of the present disclosure provides an apparatus for identifying a file, including:
an extraction module configured to extract a target file based on the mirrored network traffic;
a matching module configured to match the extracted target file according to file features;
and the prompt module is configured to output corresponding prompt information according to the matching result.
As a specific implementation, the extracting module of this embodiment may be further configured to analyze the monitored network data packet;
and extracting the corresponding target file by using the file characteristics and/or the keywords.
As a specific implementation, the extracting module of this embodiment may be further configured to extract the first type target file by using the first type file feature and/or the first type keyword;
extracting a second type target file according to the second type file characteristics and/or the second type keywords;
and extracting the third type target file according to the third type file characteristics and/or the third type keywords.
As a specific implementation, the matching module of this embodiment may be further configured to match the extracted target document according to a general document feature and/or a predefined document feature, where:
the generic file features include: identity, network node, financial;
the predefined file characteristics include: the predefined file characteristics are defined in the importance of user information and/or device information, and the predefined file characteristics are defined in the operation information.
As a specific implementation, the matching module of this embodiment may be further configured to:
matching the extracted target file according to the identity characteristics;
matching the extracted target file according to the network node characteristics;
matching the extracted target file according to the financial characteristics;
and matching the extracted target file according to the financial characteristics.
As a specific implementation, the prompt module of this embodiment may be specifically configured to: and under the condition that the extracted target file and the file characteristics can be matched, outputting alarm information.
In particular, one of the inventive concepts of the present disclosure is intended to enable at least: extracting a target file based on at least the mirrored network traffic; matching the extracted target file according to the file characteristics; and outputting corresponding prompt information according to the matching result, extracting the file from the network flow mirror image, and performing sensitive file feature matching on the extracted file, so that whether the sensitive file is leaked or not can be identified through monitoring of the mirror image network flow.
The present disclosure also provides a computer-readable storage medium having stored thereon computer-executable instructions, which when executed by a processor, mainly implement the file identification method according to the above, including at least:
extracting a target file based on the mirror image network flow;
matching the extracted target file according to the file characteristics;
and outputting corresponding prompt information according to the matching result.
As a specific implementation, the computer-readable storage medium of this embodiment has stored thereon computer-executable instructions, which when executed by a processor, mainly implement the file identification method according to the foregoing, and further includes:
the extraction of the target file based on the mirror image network flow comprises the following steps:
analyzing the monitored network data packet;
and extracting the corresponding target file by using the file characteristics and/or the keywords.
As a specific implementation, the computer-readable storage medium of this embodiment has stored thereon computer-executable instructions, which when executed by a processor, mainly implement the file identification method according to the foregoing, and further includes:
the extracting of the corresponding target file by the file characteristics and/or the keywords comprises at least one of the following modes:
extracting a first type target file according to the first type file characteristics and/or the first type keywords;
extracting a second type target file according to the second type file characteristics and/or the second type keywords;
and extracting the third type target file according to the third type file characteristics and/or the third type keywords.
As a specific implementation, the computer-readable storage medium of this embodiment has stored thereon computer-executable instructions, which when executed by a processor, mainly implement the file identification method according to the foregoing, and further includes:
the matching of the extracted target file according to the file features comprises the following steps:
the extracted target document is matched according to the general document features and/or the predefined document features.
As a specific implementation, the computer-readable storage medium of this embodiment has stored thereon computer-executable instructions, which when executed by a processor, mainly implement the file identification method according to the foregoing, and further includes:
matching the extracted target file according to the general file features, wherein the method comprises at least one of the following modes:
matching the extracted target file according to the identity characteristics;
matching the extracted target file according to the network node characteristics;
matching the extracted target file according to the financial characteristics;
and matching the extracted target file according to the financial characteristics.
As a specific implementation, the computer-readable storage medium of this embodiment has stored thereon computer-executable instructions, which when executed by a processor, mainly implement the file identification method according to the foregoing, and further includes:
the definition mode of the predefined file characteristics comprises the following steps:
defining the predefined file characteristics in terms of the importance of user information and/or device information; and/or
Defining the predefined file characteristics with operational information.
As a specific implementation, the computer-readable storage medium of this embodiment has stored thereon computer-executable instructions, which when executed by a processor, mainly implement the file identification method according to the foregoing, and further includes:
the outputting of the corresponding prompt information according to the matching result includes:
and under the condition that the extracted target file and the file characteristics can be matched, outputting alarm information.
In some embodiments, a processor executing computer-executable instructions may be a processing device including more than one general-purpose processing device, such as a microprocessor, Central Processing Unit (CPU), Graphics Processing Unit (GPU), or the like. More specifically, the processor may be a Complex Instruction Set Computing (CISC) microprocessor, Reduced Instruction Set Computing (RISC) microprocessor, Very Long Instruction Word (VLIW) microprocessor, processor running other instruction sets, or processors running a combination of instruction sets. The processor may also be one or more special-purpose processing devices such as an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA), a Digital Signal Processor (DSP), a system on a chip (SoC), or the like.
In some embodiments, the computer-readable storage medium may be a memory, such as a read-only memory (ROM), a random-access memory (RAM), a phase-change random-access memory (PRAM), a static random-access memory (SRAM), a dynamic random-access memory (DRAM), an electrically erasable programmable read-only memory (EEPROM), other types of random-access memory (RAM), a flash disk or other form of flash memory, a cache, a register, a static memory, a compact disc read-only memory (CD-ROM), a Digital Versatile Disc (DVD) or other optical storage, a tape cartridge or other magnetic storage device, or any other potentially non-transitory medium that may be used to store information or instructions that may be accessed by a computer device, and so forth.
In some embodiments, the computer-executable instructions may be implemented as a plurality of program modules that collectively implement the method for displaying medical images according to any one of the present disclosure.
The present disclosure describes various operations or functions that may be implemented as or defined as software code or instructions. The display unit may be implemented as software code or modules of instructions stored on a memory, which when executed by a processor may implement the respective steps and methods.
Such content may be source code or differential code ("delta" or "patch" code) that may be executed directly ("object" or "executable" form). A software implementation of the embodiments described herein may be provided through an article of manufacture having code or instructions stored thereon, or through a method of operating a communication interface to transmit data through the communication interface. A machine or computer-readable storage medium may cause a machine to perform the functions or operations described, and includes any mechanism for storing information in a form accessible by a machine (e.g., a computing display device, an electronic system, etc.), such as recordable/non-recordable media (e.g., Read Only Memory (ROM), Random Access Memory (RAM), magnetic disk storage media, optical storage media, flash memory display devices, etc.). The communication interface includes any mechanism for interfacing with any of a hardwired, wireless, optical, etc. medium to communicate with other display devices, such as a memory bus interface, a processor bus interface, an internet connection, a disk controller, etc. The communication interface may be configured by providing configuration parameters and/or transmitting signals to prepare the communication interface to provide data signals describing the software content. The communication interface may be accessed by sending one or more commands or signals to the communication interface.
The computer-executable instructions of embodiments of the present disclosure may be organized into one or more computer-executable components or modules. Aspects of the disclosure may be implemented with any number and combination of such components or modules. For example, aspects of the disclosure are not limited to the specific computer-executable instructions or the specific components or modules illustrated in the figures and described herein. Other embodiments may include different computer-executable instructions or components having more or less functionality than illustrated and described herein.
The above description is intended to be illustrative and not restrictive. For example, the above-described examples (or one or more versions thereof) may be used in combination with each other. For example, other embodiments may be used by those of ordinary skill in the art upon reading the above description. In addition, in the foregoing detailed description, various features may be grouped together to streamline the disclosure. This should not be interpreted as an intention that a disclosed feature not claimed is essential to any claim. Rather, the subject matter of the present disclosure may lie in less than all features of a particular disclosed embodiment. Thus, the following claims are hereby incorporated into the detailed description as examples or embodiments, with each claim standing on its own as a separate embodiment, and it is contemplated that these embodiments may be combined with each other in various combinations or permutations. The scope of the disclosure should be determined with reference to the appended claims, along with the full scope of equivalents to which such claims are entitled.
The above embodiments are merely exemplary embodiments of the present disclosure, which is not intended to limit the present disclosure, and the scope of the present disclosure is defined by the claims. Various modifications and equivalents of the disclosure may occur to those skilled in the art within the spirit and scope of the disclosure, and such modifications and equivalents are considered to be within the scope of the disclosure.
Claims (10)
1. The file identification method comprises the following steps:
extracting a target file based on the mirror image network flow;
matching the extracted target file according to the file characteristics;
and outputting corresponding prompt information according to the matching result.
2. The method of claim 1, wherein the extracting a target file based on mirrored network traffic comprises:
analyzing the monitored network data packet;
and extracting the corresponding target file by using the file characteristics and/or the keywords.
3. The method of claim 2, wherein the extracting the corresponding target document by document features and/or keywords comprises at least one of the following ways:
extracting a first type target file according to the first type file characteristics and/or the first type keywords;
extracting a second type target file according to the second type file characteristics and/or the second type keywords;
and extracting the third type target file according to the third type file characteristics and/or the third type keywords.
4. The method of claim 1, wherein said matching the extracted target document according to document features comprises:
the extracted target document is matched according to the general document features and/or the predefined document features.
5. The method of claim 4, wherein matching the extracted target document according to the common document features comprises at least one of:
matching the extracted target file according to the identity characteristics;
matching the extracted target file according to the network node characteristics;
matching the extracted target file according to the financial characteristics;
and matching the extracted target file according to the financial characteristics.
6. The method of claim 4, wherein the predefined file characteristics are defined in a manner comprising:
defining the predefined file characteristics in terms of the importance of user information and/or device information; and/or
Defining the predefined file characteristics with operational information.
7. The method according to any one of claims 1 to 6, wherein the outputting of the corresponding prompt information according to the matching result comprises:
and under the condition that the extracted target file and the file characteristics can be matched, outputting alarm information.
8. Device for identifying documents, comprising:
an extraction module configured to extract a target file based on the mirrored network traffic;
a matching module configured to match the extracted target file according to file features;
and the prompt module is configured to output corresponding prompt information according to the matching result.
9. The apparatus of claim 8, wherein,
the matching module is further configured to match the extracted target document according to the general document features and/or the predefined document features, wherein:
the generic file features include: identity, network node, financial;
the predefined file characteristics include: the predefined file characteristics are defined in the importance of user information and/or device information, and the predefined file characteristics are defined in the operation information.
10. A computer-readable storage medium having stored thereon computer-executable instructions that, when executed by a processor, implement:
the identification method of a document according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011221921.2A CN112328764A (en) | 2020-11-05 | 2020-11-05 | File identification method and device and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011221921.2A CN112328764A (en) | 2020-11-05 | 2020-11-05 | File identification method and device and computer readable storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112328764A true CN112328764A (en) | 2021-02-05 |
Family
ID=74316030
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011221921.2A Pending CN112328764A (en) | 2020-11-05 | 2020-11-05 | File identification method and device and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112328764A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107592303A (en) * | 2017-08-28 | 2018-01-16 | 北京明朝万达科技股份有限公司 | A kind of high speed mirror is as the extracting method and device of outgoing document in network traffics |
| US20180124017A1 (en) * | 2014-04-30 | 2018-05-03 | Fortinet, Inc. | Filtering hidden data embedded in media files |
| CN110311914A (en) * | 2019-07-02 | 2019-10-08 | 北京微步在线科技有限公司 | Pass through the method and device of image network flow extraction document |
| CN111314164A (en) * | 2019-12-13 | 2020-06-19 | 北京明朝万达科技股份有限公司 | Network flow restoration method and device and computer readable storage medium |
| CN111581371A (en) * | 2020-05-07 | 2020-08-25 | 中国信息安全测评中心 | Network security analysis method and device based on outbound data network flow |
-
2020
- 2020-11-05 CN CN202011221921.2A patent/CN112328764A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20180124017A1 (en) * | 2014-04-30 | 2018-05-03 | Fortinet, Inc. | Filtering hidden data embedded in media files |
| CN107592303A (en) * | 2017-08-28 | 2018-01-16 | 北京明朝万达科技股份有限公司 | A kind of high speed mirror is as the extracting method and device of outgoing document in network traffics |
| CN110311914A (en) * | 2019-07-02 | 2019-10-08 | 北京微步在线科技有限公司 | Pass through the method and device of image network flow extraction document |
| CN111314164A (en) * | 2019-12-13 | 2020-06-19 | 北京明朝万达科技股份有限公司 | Network flow restoration method and device and computer readable storage medium |
| CN111581371A (en) * | 2020-05-07 | 2020-08-25 | 中国信息安全测评中心 | Network security analysis method and device based on outbound data network flow |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10795992B2 (en) | Self-adaptive application programming interface level security monitoring | |
| CN111901327B (en) | Cloud network vulnerability mining method and device, electronic equipment and medium | |
| US11218510B2 (en) | Advanced cybersecurity threat mitigation using software supply chain analysis | |
| ES2808954T3 (en) | Procedure and device for use in risk management of application information | |
| US20130298254A1 (en) | Methods and systems for detecting suspected data leakage using traffic samples | |
| US11336617B2 (en) | Graphical representation of security threats in a network | |
| CN113987074A (en) | Distributed service full-link monitoring method and device, electronic equipment and storage medium | |
| US20170337386A1 (en) | Method, apparatus, and computer-readable medium for automated construction of data masks | |
| WO2019144548A1 (en) | Security test method, apparatus, computer device and storage medium | |
| CN113507461B (en) | Network monitoring system and network monitoring method based on big data | |
| CN113259197A (en) | Asset detection method and device and electronic equipment | |
| US8601594B2 (en) | Automatically classifying an input from field with respect to sensitivity of information it is designed to hold | |
| CN113472580B (en) | Alarm system and alarm method based on dynamic loading mechanism | |
| US11670411B2 (en) | Systems and methods for analyzing network packets | |
| CN112073418B (en) | Encrypted flow detection method and device and computer readable storage medium | |
| CN112328764A (en) | File identification method and device and computer readable storage medium | |
| US11232202B2 (en) | System and method for identifying activity in a computer system | |
| WO2022057425A1 (en) | Identifying siem event types | |
| US10902027B2 (en) | Generation of category information for measurement value | |
| KR20210043925A (en) | Data collection device including hardware collector | |
| US11601399B2 (en) | System and method for detecting forbidden network accesses based on zone connectivity mapping | |
| CN113596051B (en) | Detection method, detection apparatus, electronic device, medium, and computer program | |
| CN115296895B (en) | Request response method and device, storage medium and electronic equipment | |
| CN113672464B (en) | Method, device and system for monitoring service availability | |
| US20230336580A1 (en) | System and method for detecting cybersecurity vulnerabilities via device attribute resolution |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210205 |
|
| RJ01 | Rejection of invention patent application after publication |