CN114297717A - Data leakage prevention method and device, electronic equipment and storage medium - Google Patents
Data leakage prevention method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN114297717A CN114297717A CN202111664911.0A CN202111664911A CN114297717A CN 114297717 A CN114297717 A CN 114297717A CN 202111664911 A CN202111664911 A CN 202111664911A CN 114297717 A CN114297717 A CN 114297717A
- Authority
- CN
- China
- Prior art keywords
- data
- submission
- leakage
- blocking
- event
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The embodiment of the application provides a data leakage prevention method and device, electronic equipment and a storage medium, and relates to the technical field of data security. The method comprises the steps of detecting inspection data by using a preset detection rule; if the submission data is sensitive data, leakage behavior blocking is carried out on the submission data, leakage behavior blocking is carried out on the sensitive data, active or accidental leakage of the sensitive data is effectively prevented, and the problem that the sensitive data cannot be effectively prevented from being leaked by the conventional method is solved.
Description
Technical Field
The present application relates to the field of data security technologies, and in particular, to a data leakage prevention method and apparatus, an electronic device, and a storage medium.
Background
Data Leakage Prevention (DLP) is a policy that prevents specified Data or information assets of an enterprise from flowing out of the enterprise in a form that violates security policy rules by certain technical means.
The existing data leakage prevention method comprises the steps of dividing data types and security levels, distributing corresponding security protection tools for encryption, identity authentication, access control, security audit and tracking and evidence obtaining of data according to data dividing results, carrying out security protection, collecting log information generated by the security protection tools, carrying out normalization processing, and establishing a security view of a life cycle of the data.
Disclosure of Invention
An object of the embodiments of the present application is to provide a data leakage prevention method, apparatus, electronic device, and storage medium, which block leakage behavior of sensitive data, effectively prevent active or accidental leakage of sensitive data, and solve the problem that the existing method cannot effectively prevent leakage of sensitive data.
The embodiment of the application provides a data leakage prevention method, which is applied to a DLP (digital light processing) network and comprises the following steps:
detecting the inspection data by using a preset detection rule;
and if the submission data is sensitive data, blocking the leakage behavior of the submission data.
In the implementation process, the inspection data is detected by using a preset detection rule, and if the inspection data is sensitive data, leakage prevention blocking is performed, so that active or accidental leakage of the sensitive data can be effectively prevented, and the problem that the sensitive data cannot be effectively prevented from being leaked by using the conventional method is solved.
Further, the detecting the inspection data by using the preset detection rule includes:
and judging whether the inspection data meets an identity recognition rule and/or a data recognition rule.
In the implementation process, the action is responded in real time according to a predefined strategy, so that the aim of protecting sensitive data is fulfilled, and active or accidental data leakage is prevented.
Further, the determining whether the inspection data meets the identification rule includes:
detecting the identity information of a sender and a receiver of the submission data;
and if the sender or the receiver of the submission data meets the preset identity information, the submission data is sensitive data, and the identity information comprises a mailbox, an IP address and a domain name.
In the implementation process, the identity recognition rule is a detection rule configured for a sender and a receiver of the data, and if the mailbox, the IP address or the domain name of the sender or the receiver of the submission data is one of the preset identity information, the submission data is sensitive data.
Further, the determining whether the inspection data meets a data identification rule includes:
performing depth recognition on the submission data;
and if the submission data meets the detection conditions, the submission data is sensitive data, and the detection conditions comprise keywords, regular matching, data identifiers, unstructured fingerprint libraries, structured fingerprint libraries, picture fingerprint libraries, weight dictionary libraries, attachment names, attachment sizes, attachment types, file encryption security levels, protocols, abnormal behaviors, interfaces and interface parameters.
In the implementation process, the depth recognition is performed on the submission data, and if the submission data contains preset detection conditions such as keywords, the submission data is sensitive data.
Further, if the submission data is sensitive data, blocking the leakage behavior of the submission data includes:
if the data is sensitive data, generating violation events corresponding to the submission data;
an event response is performed based on the violation event.
In the implementation process, the illegal event is responded, and sensitive data blocking is achieved.
Further, the event responding based on the violation event includes:
determining whether the violation event includes a response action;
if yes, judging whether response conditions are met, wherein the response conditions comprise event matching numbers, protocol or terminal monitoring, severity levels, classification identifiers and continuous leakage numbers;
and if so, executing the response action, wherein the response action comprises adding an annotation, retaining the data to be checked of the event, logging, e-mail notification, short message notification, nailing notification, WeChat notification, attribute setting, state setting, encryption, blocking SMTP (simple message transfer protocol) message, blocking FTP (file transfer protocol) request, blocking HTTP/HTTPS (hypertext transfer protocol/hypertext transfer protocol), setting a watermark and interface deduplication.
In the implementation process, the violation event is responded, the response rule comprises a response condition and a response action, the response condition is the premise of the response action, and the corresponding response action is executed only if the response condition is met.
The embodiment of this application still provides a device is prevented leaking by data, the device includes:
the detection module is used for detecting the inspection data by using a preset detection rule;
and the blocking module is used for blocking the leakage behavior of the submission data if the submission data is sensitive data.
In the implementation process, the inspection data is detected by using a preset detection rule, and if the inspection data is sensitive data, leakage prevention blocking is performed, so that active or accidental leakage of the sensitive data can be effectively prevented, and the problem that the sensitive data cannot be effectively prevented from being leaked by using the conventional method is solved.
Further, the detection module includes:
and the judging module is used for judging whether the inspection data meets the identity recognition rule and/or the data recognition rule.
In the implementation process, the action is responded in real time according to a predefined strategy, so that the aim of protecting sensitive data is fulfilled, and active or accidental data leakage is prevented.
An embodiment of the present application further provides an electronic device, which includes a memory for storing a computer program and a processor for executing the computer program to make the computer device execute the data leakage prevention method described in any one of the above.
Embodiments of the present application also provide a readable storage medium, in which computer program instructions are stored, and when the computer program instructions are read and executed by a processor, the method for preventing data leakage is performed according to any one of the above methods.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and that those skilled in the art can also obtain other related drawings based on the drawings without inventive efforts.
Fig. 1 is a flowchart of a data leakage prevention method according to an embodiment of the present application;
fig. 2 is a schematic view of a leak prevention provided by an embodiment of the present application;
FIG. 3 is a schematic diagram of sensitive data monitoring provided by an embodiment of the present application;
fig. 4 is a schematic view of monitoring a data flow of a cloud platform according to an embodiment of the present application;
fig. 5 is a flow chart of leak-proof blocking of sensitive data according to an embodiment of the present application;
fig. 6 is a flowchart of identification provided in an embodiment of the present application;
FIG. 7 is a schematic diagram of a policy configuration interface provided in an embodiment of the present application;
FIG. 8 is a flow chart of data identification provided by an embodiment of the present application;
FIG. 9 is a flow chart of event response provided by an embodiment of the present application;
FIG. 10 is a flowchart of event response to an violation event according to an embodiment of the present disclosure;
fig. 11 is a block diagram of a data leakage prevention apparatus according to an embodiment of the present application;
fig. 12 is a block diagram of another data leakage prevention apparatus according to an embodiment of the present application.
Icon:
100-a detection module; 110-a judgment module; 111-identity module; 112-a data identification module; a blocking module 200; 210-an event generation module; 220-a response module; 221-action judgment module; 222-condition judging module; 223 — an execution module.
Detailed Description
The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures. Meanwhile, in the description of the present application, the terms "first", "second", and the like are used only for distinguishing the description, and are not to be construed as indicating or implying relative importance.
Referring to fig. 1, fig. 1 is a flowchart of a data leakage prevention method according to an embodiment of the present application. The method specifically comprises the following steps:
step S100: detecting the inspection data by using a preset detection rule;
step S200: and if the submission data is sensitive data, blocking the leakage behavior of the submission data.
The method can be applied to the network DLP, as shown in fig. 2, which is a schematic view of leakage prevention, and to prevent sensitive data from leaking, the network DLP can be deployed in a network in which the network DLP is located in a serial connection manner. When data flow passes through the system, data filtering is carried out through a detection rule built in a network DLP, and sensitive data leakage behavior blocking is carried out according to a strategy matching result.
The flow of sensitive data may also be monitored, as shown in fig. 3, which is a schematic diagram of sensitive data monitoring, the flow of the sensitive data is monitored by deploying a network DLP in a network where the DLP is located in a bypass manner, and data traffic is mirrored or shunted to the network DLP by a switch, a firewall, and other devices for examination. The mode has small change to the original network and simple network switching.
In addition, the method can also be applied to cloud platform data flow monitoring, as shown in fig. 4, the method is a schematic diagram of cloud platform data flow monitoring, the cloud platform data flow monitoring is deployed through forward/reverse proxy, relevant proxy network configuration is configured at a pc end or a switch, network DLP proxy data is transmitted, sensitive data is monitored in a proxy process, and the method has the capability of blocking the outgoing of the sensitive data.
Therefore, the method can discover and monitor the sensitive information in the data storage, transmission and use processes, and ensure the compliant use of the sensitive information.
In step 100, the inspection data is detected by using a preset detection rule, and the inspection data is mainly detected by judging whether the inspection data meets an identity recognition rule and/or a data recognition rule.
As shown in fig. 5, for a sensitive data leakage prevention blocking flow chart, before detection, a submission function needs to be called to obtain enabled policy information. And circularly calling the strategy information (a preset detection rule), and entering a data submission process if the strategy circulation condition is met.
For the submission process, specifically, as shown in fig. 6, it is an identity recognition process diagram:
step S111: detecting the identity information of a sender and a receiver of the submission data;
step S112: and if the sender or the receiver of the submission data meets the preset identity information, the submission data is sensitive data, and the identity information comprises a mailbox, an IP address and a domain name.
The identification rule is a detection rule configured for a sender and a receiver of data, wherein the identification information includes, but is not limited to, detection conditions such as a mailbox of the sender, an IP address, a mailbox of the receiver, an IP address, a domain name and the like.
Com, for example, the sender matching pattern is configured, such as the mailbox address is test @ test, and the IP address is 192.168.7.15. Com, and if the sender mailbox for detecting the data is test @ test or the sender IP address is 192.168.7.15, the data is sensitive data, violation occurs, and corresponding violation event information can be generated, as shown in fig. 7, a policy configuration interface schematic diagram is shown, the identity recognition rule can be configured in policy configuration in advance, the policy configuration is used as a guided step policy configuration of a page configuration core, each step has a guide button for creating a new rule, so that the situation that a user finds a configuration entry in each menu of the whole system can be avoided, the user automatically jumps back to a policy configuration step box to perform next operation after configuration is completed, and the trouble of changing pages by the user is avoided.
As shown in fig. 8, a data identification flowchart specifically includes the following steps:
step S121: performing depth recognition on the submission data;
step S122: if the submission data meets the detection condition, the submission data is sensitive data, and the detection condition includes but is not limited to keywords, regular matching, data identifiers, unstructured fingerprint libraries, structured fingerprint libraries, picture fingerprint libraries, weight dictionary libraries, attachment names, attachment sizes, attachment types, file encryption security levels, protocols, abnormal behaviors, interfaces and interface parameters.
The data identification rule is to use different algorithms to deeply identify the inspection data, and the detection conditions include but are not limited to keywords, regular matching, data identifiers, unstructured fingerprint libraries, structured fingerprint libraries, picture fingerprint libraries, weight dictionary libraries, attachment names, attachment sizes, attachment types, file encryption security levels, protocols, abnormal behaviors, interfaces, interface parameters and the like.
Exemplarily, a detection rule with a keyword of "Christmas" and a detection rule with an attachment type of php are configured; when data identification detection is carried out on the inspection data, if the inspection data is found to contain Christmas typeface or data with php as an attachment, the inspection data is identified as sensitive data, namely the sensitive data is violated, and then corresponding violation event information can be generated. Likewise, data identification rules may be configured in the policy configuration in advance.
As shown in fig. 9, the event response flowchart specifically includes the following steps:
step S210: if the data is sensitive data, generating violation events corresponding to the submission data;
step S220: an event response is performed based on the violation event.
As shown in fig. 10, a flowchart for performing event response on an violation event specifically includes the following steps:
step S221: determining whether the violation event includes a response action;
step S222: if yes, judging whether response conditions are met, wherein the response conditions comprise event matching numbers, protocols, terminal monitoring, severity levels, classification marks and continuous leakage numbers;
step S223: if so, executing the response action, wherein the response action comprises but is not limited to adding a comment, keeping the data to be checked of the event, logging, e-mail notification, short message notification, nailing notification, WeChat notification, attribute setting, state setting, encryption, blocking SMTP message, blocking FTP request, blocking HTTP/HTTPS, setting watermark and interface deduplication.
Protocol or terminal monitoring is one option for event response conditions, two large categories of data sources. Such as protocols including HTTP/HTTPs, FTP, SMTP, etc., the terminal monitoring refers to user behavior acquired by the terminal device, such as cut, copy, delete, etc. These specific protocols or terminal monitoring activities together constitute the data source for the censorship data.
In fig. 4, during submission, it is first determined whether the submission data satisfies the identity recognition rule or the data recognition rule, if so, a corresponding violation event is generated, and the process proceeds to the next step; if not, the cycle detection is finished.
After the violation event is generated, judging whether a response action is contained, and if the response action is contained, entering the next step; if no responsive action is included, the loop ends.
Judging whether a response condition is included, and if the response condition is included, entering the next step; if no response condition is included, the present cycle ends.
Judging whether the contained response conditions are met, if so, executing the response action and then ending the cycle; and if the response condition is not met, directly ending the cycle.
And circularly calling the strategy information to carry out data submission, and ending the data detection when the strategy information does not meet the circular condition.
The method responds to the action in real time through a predefined strategy, so that the aim of protecting sensitive data is fulfilled, and active or accidental data leakage is prevented.
The method can be used for carrying out classification treatment on the data in advance; timely blocking, removing and alarming sensitive data in the process; event auditing and report analysis are performed afterwards, and a user can be helped to comprehensively master data leakage risks.
In addition, the method can be based on a deep content recognition technology and is internally provided with an OCR engine, and sensitive data and abnormal behaviors can be accurately recognized.
An embodiment of the present application further provides a data leakage preventing device, as shown in fig. 11, which is a block diagram of the data leakage preventing device, and the device includes, but is not limited to:
the detection module 100 is configured to detect the inspection data by using a preset detection rule;
and the blocking module 200 is configured to block the leakage behavior of the submission data if the submission data is sensitive data.
As shown in fig. 12, it is a block diagram of another data leakage prevention apparatus, wherein the detection module 100 includes:
the determining module 110 is configured to determine whether the inspection data meets an identity recognition rule and/or a data recognition rule.
The determining module 110 includes an identity recognizing module 111 and a data recognizing module 112, wherein the identity recognizing module 111 is configured to:
detecting the identity information of a sender and a receiver of the submission data;
and if the sender or the receiver of the submission data meets the preset identity information, the submission data is sensitive data, and the identity information comprises a mailbox, an IP address and a domain name.
The data identification module 112 is configured to:
performing depth recognition on the submission data;
and if the submission data meets the detection conditions, the submission data is sensitive data, and the detection conditions comprise keywords, regular matching, data identifiers, unstructured fingerprint libraries, structured fingerprint libraries, picture fingerprint libraries, weight dictionary libraries, attachment names, attachment sizes, attachment types, file encryption security levels, protocols, abnormal behaviors, interfaces and interface parameters.
The blocking module 200 includes:
an event generating module 210, configured to generate an illegal event corresponding to the submission data if the submission data is sensitive data;
a response module 220, configured to perform an event response based on the violation event.
Wherein, the response module 220 includes:
an action determining module 221, configured to determine whether the violation event includes a response action;
a condition determining module 222, configured to determine whether a response condition is met if the response action is included, where the response condition includes an event matching number, protocol or terminal monitoring, a severity level, a classification identifier, and a continuous leakage number;
and the executing module 223 is configured to execute the response action if the response condition is met, where the response action includes adding an annotation, retaining data to be checked for an event, logging, email notification, short message notification, nailing notification, WeChat notification, attribute setting, state setting, encrypting, blocking an SMTP message, blocking an FTP request, blocking HTTP/HTTPS, setting a watermark, and interface deduplication.
The method has the advantages that the inspection data are detected by using the preset detection rule, and if the inspection data are sensitive data, leakage prevention blocking is performed, active or accidental leakage of the sensitive data can be effectively prevented, and the problem that the sensitive data cannot be effectively prevented from being leaked by the conventional method is solved.
An embodiment of the present application further provides an electronic device, which includes a memory for storing a computer program and a processor for executing the computer program to make the computer device execute the data leakage prevention method described above.
Embodiments of the present application also provide a readable storage medium, in which computer program instructions are stored, and when the computer program instructions are read and executed by a processor, the data leakage prevention method is performed.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method can be implemented in other ways. The apparatus embodiments described above are merely illustrative, and for example, the flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above description is only an example of the present application and is not intended to limit the scope of the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application. It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
Claims (10)
1. A data leakage prevention method is applied to a DLP network, and comprises the following steps:
detecting the inspection data by using a preset detection rule;
and if the submission data is sensitive data, blocking the leakage behavior of the submission data.
2. A method for preventing leakage of data according to claim 1, wherein said detecting the inspection data using a preset detection rule comprises:
and judging whether the inspection data meets an identity recognition rule and/or a data recognition rule.
3. A method for preventing data leakage as defined in claim 2, wherein said determining whether said censorship data satisfies identification rules comprises:
detecting the identity information of a sender and a receiver of the submission data;
and if the sender or the receiver of the submission data meets the preset identity information, the submission data is sensitive data, and the identity information comprises a mailbox, an IP address and a domain name.
4. A method for preventing data leakage as defined in claim 2, wherein said determining whether said censorship data satisfies data identification rules comprises:
performing depth recognition on the submission data;
and if the submission data meets the detection conditions, the submission data is sensitive data, and the detection conditions comprise keywords, regular matching, data identifiers, unstructured fingerprint libraries, structured fingerprint libraries, picture fingerprint libraries, weight dictionary libraries, attachment names, attachment sizes, attachment types, file encryption security levels, protocols, abnormal behaviors, interfaces and interface parameters.
5. A method for preventing leakage of data according to claim 1, wherein said blocking leakage behavior of said inspection data if said inspection data is sensitive data comprises:
if the data is sensitive data, generating violation events corresponding to the submission data;
an event response is performed based on the violation event.
6. A data leakage prevention method according to claim 5, wherein said event responding based on the violation event comprises:
determining whether the violation event includes a response action;
if yes, judging whether response conditions are met, wherein the response conditions comprise event matching numbers, protocols, terminal monitoring, severity levels, classification marks and continuous leakage numbers;
and if so, executing the response action, wherein the response action comprises adding an annotation, retaining the data to be checked of the event, logging, e-mail notification, short message notification, nailing notification, WeChat notification, attribute setting, state setting, encryption, blocking SMTP (simple message transfer protocol) message, blocking FTP (file transfer protocol) request, blocking HTTP/HTTPS (hypertext transfer protocol/hypertext transfer protocol), setting a watermark and interface deduplication.
7. A data leakage prevention apparatus, said apparatus comprising:
the detection module is used for detecting the inspection data by using a preset detection rule;
and the blocking module is used for blocking the leakage behavior of the submission data if the submission data is sensitive data.
8. A data leakage prevention apparatus, as per claim 7, wherein said detection module comprises:
and the judging module is used for judging whether the inspection data meets the identity recognition rule and/or the data recognition rule.
9. An electronic device, characterized in that the electronic device comprises a memory for storing a computer program and a processor for executing the computer program to cause the computer device to perform the data leakage prevention method according to any one of claims 1 to 6.
10. A readable storage medium having stored therein computer program instructions, which when read and executed by a processor, perform a data leakage prevention method according to any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111664911.0A CN114297717A (en) | 2021-12-31 | 2021-12-31 | Data leakage prevention method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111664911.0A CN114297717A (en) | 2021-12-31 | 2021-12-31 | Data leakage prevention method and device, electronic equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114297717A true CN114297717A (en) | 2022-04-08 |
Family
ID=80973324
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111664911.0A Pending CN114297717A (en) | 2021-12-31 | 2021-12-31 | Data leakage prevention method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114297717A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114598673A (en) * | 2022-05-09 | 2022-06-07 | 太平金融科技服务(上海)有限公司深圳分公司 | Electronic mailbox system, mailbox processing method, device and computer equipment |
| CN117688540A (en) * | 2024-02-01 | 2024-03-12 | 杭州美创科技股份有限公司 | Interface sensitive data leakage detection defense method and device and computer equipment |
-
2021
- 2021-12-31 CN CN202111664911.0A patent/CN114297717A/en active Pending
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114598673A (en) * | 2022-05-09 | 2022-06-07 | 太平金融科技服务(上海)有限公司深圳分公司 | Electronic mailbox system, mailbox processing method, device and computer equipment |
| CN117688540A (en) * | 2024-02-01 | 2024-03-12 | 杭州美创科技股份有限公司 | Interface sensitive data leakage detection defense method and device and computer equipment |
| CN117688540B (en) * | 2024-02-01 | 2024-04-19 | 杭州美创科技股份有限公司 | Interface sensitive data leakage detection defense method and device and computer equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107577939B (en) | Data leakage prevention method based on keyword technology | |
| US11582242B2 (en) | System, computer program product and method for risk evaluation of API login and use | |
| KR100836439B1 (en) | Storage medium comprising invalidity monitoring program, invalidity monitoring method, and invalidity monitoring system | |
| CN114297717A (en) | Data leakage prevention method and device, electronic equipment and storage medium | |
| CN109344611B (en) | Application access control method, terminal equipment and medium | |
| WO2015184752A1 (en) | Abnormal process detection method and apparatus | |
| KR101548138B1 (en) | System and Method for Tracing Signature Security Information | |
| US10574658B2 (en) | Information security apparatus and methods for credential dump authenticity verification | |
| US10482240B2 (en) | Anti-malware device, anti-malware system, anti-malware method, and recording medium in which anti-malware program is stored | |
| US10496842B1 (en) | Multi-pronged file anomaly detection based on violation counts | |
| JP2007172221A (en) | Quarantine system, quarantine device, quarantine method, and computer program | |
| CN109829304B (en) | Virus detection method and device | |
| CN112800397A (en) | Data asset protection method, system, electronic equipment and storage medium | |
| CN108650225A (en) | A kind of telesecurity monitoring device, system and telesecurity monitoring method | |
| US11321467B2 (en) | System and method for security analysis | |
| KR101692982B1 (en) | Automatic access control system of detecting threat using log analysis and automatic feature learning | |
| CN112163198B (en) | Host login security detection method, system, device and storage medium | |
| Shrivastava et al. | Android application behavioural analysis for data leakage | |
| GB2592132A (en) | Enterprise network threat detection | |
| CN115189937A (en) | Security protection method and device for client data | |
| CN115577369B (en) | Source code leakage behavior detection method and device, electronic equipment and storage medium | |
| CN111885088A (en) | Log monitoring method and device based on block chain | |
| CN115499240A (en) | Data processing method, device, equipment and medium | |
| Sykosch et al. | Hunting observable objects for indication of compromise | |
| CN117596041B (en) | Method and device for detecting validity of security rule |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |