CN114866532A - Method, device, equipment and medium for uploading security check result information of endpoint file - Google Patents

Method, device, equipment and medium for uploading security check result information of endpoint file Download PDF

Info

Publication number
CN114866532A
CN114866532A CN202210439979.7A CN202210439979A CN114866532A CN 114866532 A CN114866532 A CN 114866532A CN 202210439979 A CN202210439979 A CN 202210439979A CN 114866532 A CN114866532 A CN 114866532A
Authority
CN
China
Prior art keywords
file
information
uploaded
uploading
suspicious
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210439979.7A
Other languages
Chinese (zh)
Other versions
CN114866532B (en
Inventor
肖新光
徐菲
孙洪伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Antiy Technology Group Co Ltd
Original Assignee
Antiy Technology Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Antiy Technology Group Co Ltd filed Critical Antiy Technology Group Co Ltd
Priority to CN202210439979.7A priority Critical patent/CN114866532B/en
Publication of CN114866532A publication Critical patent/CN114866532A/en
Application granted granted Critical
Publication of CN114866532B publication Critical patent/CN114866532B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • G06F21/6254Protecting personal data, e.g. for financial or medical purposes by anonymising data, e.g. decorrelating personal data from the owner's identification
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/2866Architectures; Arrangements
    • H04L67/30Profiles

Abstract

The invention provides a method, a device, equipment and a medium for uploading security check result information of an endpoint file, wherein the method comprises the following steps: acquiring information to be uploaded, which is obtained after the endpoint security software carries out security check on the endpoint; the information to be uploaded comprises suspicious files and file paths of the suspicious files; acquiring an uploading strategy determined by a user based on the scene condition of the endpoint; desensitizing the information to be uploaded based on the uploading strategy to obtain desensitized information; desensitization information is uploaded to a management center. According to the scheme, the information to be uploaded is desensitized by the uploading strategy, so that the desensitized information contains sensitive information as little as possible, the desensitized information is uploaded to the management center, the sensitive information can be reduced from being uploaded to the management center, and leakage of the sensitive information is reduced.

Description

Method, device, equipment and medium for uploading security check result information of endpoint file
Technical Field
The embodiment of the invention relates to the technical field of security, in particular to a method, a device, equipment and a medium for uploading security check result information of an endpoint file.
Background
Endpoint security protection software is generally installed on endpoint devices and used for achieving functions of virus killing, real-time monitoring, medium management and control and the like of the endpoints, and the endpoint security protection software comprises antivirus software, EDR, EPP and the like so as to prevent attack threats, and eliminate and dispose infected malicious codes.
Currently, endpoint security software needs to collect malicious code files and suspected malicious files on endpoint devices based on scanning and monitoring triggers, upload the files to a management center for storage, and support analysis and identification through manual, sandbox, and other security mechanisms. In addition, in order to realize tasks such as endpoint software scene environment identification, threat traceability based on intelligence and the like, the endpoint security software also carries out memory object enumeration, object recursive scanning of key sectors, file systems and the like on the endpoint, extracts information such as file path names, HASH values, signature information and the like, and transmits the results to the management center. And uploading the information to the management center has the problem of sensitive information leakage.
Disclosure of Invention
Based on the problem of sensitive information leakage in the prior art, embodiments of the present invention provide a method, an apparatus, a device, and a medium for uploading end point file security check result information, which can reduce the leakage of sensitive information.
In a first aspect, an embodiment of the present invention provides an endpoint file security check result information uploading method, including:
acquiring information to be uploaded, which is obtained after the endpoint security software carries out security check on the endpoint; the information to be uploaded comprises suspicious files and file paths of the suspicious files;
acquiring an uploading strategy determined by a user based on the scene condition of the endpoint;
desensitizing the information to be uploaded based on the uploading strategy to obtain desensitized information;
and uploading the desensitization information to a management center.
Preferably, the obtaining of the uploading policy determined by the user based on the context condition of the endpoint includes:
in response to a user-initiated policy configuration request, presenting a configurable plurality of policies to a user;
based on the multiple presented strategies, determining an uploading strategy formed by at least one strategy selected from the multiple strategies by a user; the uploading policy is obtained after the user selects the at least one policy and configures each selected policy based on the scene condition of the endpoint.
Preferably, the upload policy includes at least one of the following policies:
allowing the file in the first file format to be uploaded;
forbidding uploading of the file in the second file format;
forbidding uploading of a file path containing the first sensitive character string;
the file uploading of the second sensitive character string in the file content is prohibited;
forbidding uploading of files in the first file directory;
file uploading meeting the first condition under the second file directory is forbidden;
allowing the files meeting the second condition under the third file directory to be uploaded;
the files meeting the third condition are subjected to structure separation to obtain a plurality of file segments, and suspicious file segments are allowed to be uploaded;
converting the file path meeting the fourth condition into a hash value, and allowing the hash value to be uploaded; and the combination of (a) and (b),
and converting the file name meeting the fifth condition into a hash value, and allowing the hash value to be uploaded.
Preferably, the desensitizing processing is performed on the information to be uploaded based on the uploading policy to obtain desensitizing information, including:
strategy matching is carried out on each suspicious file included in the information to be uploaded and the file path of the suspicious file respectively with each strategy in the uploading strategies;
when the information to be uploaded is matched with one strategy, when the fact that the suspicious files or the file paths which are forbidden to be uploaded by the strategy exist in the information to be uploaded is determined, the suspicious files or the file paths which are forbidden to be uploaded are deleted from the information to be uploaded; when the fact that the information to be uploaded has the suspicious file or file path which meets the processing condition according to the policy requirement is determined, the suspicious file or file path which meets the processing condition is processed according to the processing rule of the policy, and the information obtained after processing is added to the information to be uploaded;
and determining the information to be uploaded obtained after the strategy matching of each strategy in the uploading strategies is carried out as desensitization information.
Preferably, the uploading policy includes: the files meeting the third condition are subjected to structure separation to obtain a plurality of file segments, and suspicious file segments are allowed to be uploaded;
when it is determined that the information to be uploaded has the target suspicious file which the uploading policy requires to meet the third condition, processing the target suspicious file which meets the third condition, and adding the information obtained after processing to the information to be uploaded, including:
carrying out structure separation on the target suspicious file to obtain a plurality of file segments corresponding to the target suspicious file;
determining suspicious and non-suspicious file segments of the plurality of file segments;
and adding suspicious file segments in the plurality of file segments into the information to be uploaded.
Preferably, the uploading policy includes: converting the file path meeting the fourth condition into a hash value, and allowing the hash value to be uploaded;
when it is determined that a target file path meeting the fourth condition is existed in the information to be uploaded according to the uploading policy requirement, processing the target file path meeting the fourth condition, and adding the processed information to the information to be uploaded, including:
calculating a hash value of the target file path;
and adding the hash value to the information to be uploaded.
Preferably, the method further comprises the following steps:
receiving threat information fed back by the management center aiming at the desensitization information;
and tracing the threat file based on the hash value in the threat information.
In a second aspect, an embodiment of the present invention further provides an apparatus for uploading endpoint file security check result information, where the apparatus includes:
the acquisition unit is used for acquiring information to be uploaded, which is obtained after the endpoint security software carries out security check on the endpoint; the information to be uploaded comprises suspicious files and file paths of the suspicious files;
the acquisition unit is further used for acquiring an uploading strategy determined by a user based on the scene condition of the endpoint;
the desensitization processing unit is used for performing desensitization processing on the information to be uploaded based on the uploading strategy to obtain desensitization information;
and the sending unit is used for uploading the desensitization information to a management center.
In a third aspect, an embodiment of the present invention further provides an electronic device, which includes a memory and a processor, where the memory stores a computer program, and the processor executes the computer program to implement the method according to any embodiment of this specification.
In a fourth aspect, the present invention further provides a computer-readable storage medium, on which a computer program is stored, and when the computer program is executed in a computer, the computer program causes the computer to execute the method described in any embodiment of the present specification.
The embodiment of the invention provides a method, a device, equipment and a medium for uploading information of an endpoint file security check result, wherein an uploading strategy is determined by a user based on the scene condition of an endpoint, so that after endpoint security software carries out security check on the endpoint to obtain information to be uploaded, desensitization processing can be carried out on the information to be uploaded by using the uploading strategy, desensitization information contains sensitive information as little as possible, and then the desensitization information is uploaded to a management center, so that the uploading of the sensitive information to the management center can be reduced, and the leakage of the sensitive information is reduced.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 is a flowchart of a method for uploading security check result information of an endpoint file according to an embodiment of the present invention;
fig. 2 is a hardware architecture diagram of an electronic device according to an embodiment of the present invention;
fig. 3 is a structural diagram of an apparatus for uploading security check result information of an endpoint file according to an embodiment of the present invention;
fig. 4 is a structural diagram of another endpoint file security check result information uploading apparatus according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer and more complete, the technical solutions in the embodiments of the present invention will be described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention, and based on the embodiments of the present invention, all other embodiments obtained by a person of ordinary skill in the art without creative efforts belong to the scope of the present invention.
As described above, after security check is performed on an endpoint, a check result, a checked suspicious file, and the like are generally uploaded to a management center together, but sensitive information may exist in the suspicious file, and the suspicious file is directly uploaded to the management center, which may cause leakage of the sensitive information, thereby causing an information security problem. Based on the method, a corresponding strategy can be set by considering the scene condition based on the end point, and when information needs to be uploaded to the management center, desensitization processing is carried out on the uploaded information by using the set strategy, so that the sensitive information is not uploaded, and leakage of the sensitive information is reduced.
Specific implementations of the above concepts are described below.
Referring to fig. 1, an embodiment of the present invention provides a method for uploading end point file security check result information, where the method includes:
step 100, obtaining information to be uploaded obtained after the endpoint security software carries out security check on the endpoint; the information to be uploaded comprises suspicious files and file paths of the suspicious files;
102, acquiring an uploading strategy determined by a user based on the scene condition of the endpoint;
104, desensitizing the information to be uploaded based on the uploading strategy to obtain desensitized information;
and 106, uploading the desensitization information to a management center.
In the embodiment of the invention, the uploading strategy is determined by the user based on the scene condition of the endpoint, so that after the endpoint security software carries out security check on the endpoint to obtain the information to be uploaded, desensitization processing can be carried out on the information to be uploaded by using the uploading strategy, the desensitization information contains sensitive information as little as possible, and then the desensitization information is uploaded to the management center, so that the sensitive information is uploaded to the management center, and the leakage of the sensitive information is reduced.
The manner in which the various steps shown in fig. 1 are performed is described below.
Firstly, aiming at step 100, obtaining information to be uploaded obtained after the endpoint security software performs security check on an endpoint; the information to be uploaded comprises the suspicious files and file paths of the suspicious files.
The endpoint security software is software installed on an endpoint and used for providing functions of virus killing, real-time monitoring, media management and control and the like to realize security protection on the endpoint, such as antivirus software, EDR, EPP and the like, so as to prevent attack threats, and eliminate and dispose infected malicious code. After the endpoint security software performs security checks on the endpoint, the suspect file and the file path of the suspect file are uploaded to a management center (e.g., a server) to support analysis, authentication through manual, sandbox and other security mechanisms.
The suspicious file refers to a file which is preliminarily judged to be a suspected malicious code file in the security check process.
Then, for step 102, an upload policy determined by the user based on the context condition of the endpoint is obtained.
In the embodiment of the invention, when the uploading strategy is determined and the scene conditions of the endpoints are different, the configuration of the uploading strategy is different. Wherein the scene condition may include at least one of: the type of the sensitive information, the storage mode of the sensitive information, the storage position of the sensitive information and the like.
For example, the main work content of a user at a certain endpoint is text editing, so that the type of sensitive information is an office file under the scene condition; the main work content of the other end point user is UI interface design, and under the scene condition, the type of the sensitive information is psd files; the types of different sensitive information can be seen, and the configuration content is different when the uploading strategy is configured.
For example, when the sensitive information is stored, for example, the file formats for storing the sensitive information are word files, and the security levels of the sensitive information are different, different security levels, such as secret, general and the like, are configured for the storage mode, and the secret files are encrypted for storage. The storage modes of different sensitive information can be seen, and the configuration contents are different when the uploading strategy is configured.
For example, when the sensitive information is stored, the storage locations of different sensitive information may be different, for example, some sensitive information is stored in the first folder, and other sensitive information is stored in the second folder, so that the storage locations of different sensitive information are visible, and the configuration contents are different when the uploading policy is configured.
Based on the above description of the scene conditions, in an embodiment of the present invention, the upload policy may be obtained in one of the following manners:
in response to a user-initiated policy configuration request, presenting a configurable plurality of policies to a user;
based on the multiple presented strategies, determining an uploading strategy formed by at least one strategy selected from the multiple strategies by a user; the uploading policy is obtained after the user selects the at least one policy and configures each selected policy based on the scene condition of the endpoint.
The method can improve the policy configuration efficiency and enable the user to select the policies according to the actual scene conditions.
In an embodiment of the present invention, based on the description of the scenario condition, the uploading policy may include at least one of the following policies:
the method comprises the steps that firstly, a file in a first file format is allowed to be uploaded;
strategy two, forbidding the uploading of the file in the second file format;
strategy three, forbidding uploading of a file path containing the first sensitive character string;
strategy four, prohibiting the file content from containing the file uploading of the second sensitive character string;
strategy five, forbidding file uploading under the first file directory;
strategy six, forbidding the uploading of the files meeting the first condition under the second file directory;
a strategy seven, allowing the files meeting the second condition to be uploaded under the third file directory;
strategy eight, performing structure separation on the files meeting the third condition to obtain a plurality of file segments, and allowing the suspicious file segments to be uploaded;
the strategy nine is to convert the file path meeting the fourth condition into a hash value and allow the hash value to be uploaded; and the combination of (a) and (b),
and the strategy ten is to convert the file name meeting the fifth condition into a hash value and allow the hash value to be uploaded.
Ten strategies in the above example can be classified into three categories, the first category is: enabling/disabling uploading of files/file paths under certain conditions; the second type is: uploading suspicious file fragments after the structure is detached; the third type is conversion into hash value for uploading. The three types of strategies are described below.
First, a first type of policy is explained, which includes the above-mentioned policies one to seven.
For the policy one and the policy two, when the uploading policy is configured, the file format allowing to be uploaded or the file format forbidding to be uploaded can be configured. When the first file format allowing uploading is configured, only the file in the first file format can be uploaded, and the files in other file formats need to be deleted from the information to be uploaded; similarly, after configuring the second file format which prohibits uploading, the file in the second file format needs to be deleted from the information to be uploaded. For example, uploading binary executable files such as PE files, ELF files, and script files is allowed, the first file format being exe, dll, bat, cmd, JS, Py, etc.; or the format of the second file which is prohibited from uploading is doc, ppt, pdf and xls. The identification of the file format can directly identify the file format of the suspicious file or identify the suspicious file from a file path.
For the policy three and the policy four, since the file path or the file content may contain the sensitive character string, the sensitive character string may be configured when the uploading policy is configured. The method comprises the steps that uploading of a file path containing a first sensitive character string is forbidden, uploading of a file containing a second sensitive character string in file content is forbidden, the first sensitive character string and the second sensitive character string can be the same or different, for example, the first sensitive character string and the second sensitive character string are both 'absolute secret', 'commercial secret', 'internal', and the like.
For the policy five, the policy six and the policy seven, if all the files stored in a certain file directory in the endpoint belong to sensitive files, the file directory can be configured, and the uploading of the files in the file directory is prohibited. If part of files in a certain file directory belong to sensitive files, and the other part of files do not belong to sensitive files, configuration can be performed in a policy six or policy seven mode. For example, the policy six is that a file meeting the first condition (the file format is psd) in the second file directory is prohibited from being uploaded, and the file with the file format of psd in the information to be uploaded needs to be deleted. The first condition and/or the second condition can be set according to the commonality of the files, so that the set first condition or second condition can cover all the files which are forbidden or allowed to be uploaded.
It will be appreciated that the file directory may be obtained from the file path.
Next, a second type of policy is explained, which includes the policy eight described above.
In the embodiment of the present invention, a third condition may be set, so that when a file meeting the third condition exists in the information to be uploaded, the file meeting the third condition needs to be deleted from the information to be uploaded, the file meeting the third condition is structurally detached, a suspicious file segment is determined from a plurality of file segments obtained by the detachment, and the suspicious file segment is added to the information to be uploaded.
Since sensitive information is easily present in the document file, the file satisfying the third condition may be a document file.
For example, the third condition is that any type of file needs to be uploaded after being structurally detached; or if the third condition is the office type, the uploading of the office type file is prohibited, and the office type file needs to be uploaded after being structurally detached. The structure detaching method and the suspicious file segment determining method are described below.
Finally, a third type of policy is described, which includes the above-mentioned policies nine and ten.
Setting a fourth condition and a fifth condition aiming at the ninth policy and the tenth policy, converting the file path or the file name meeting the conditions into a corresponding hash value, deleting the file path meeting the fourth condition or the suspicious file meeting the fifth condition from the information to be uploaded, and adding the hash value of the file path into the information to be uploaded, or taking the hash value after file name conversion as the file name of the suspicious file and adding the suspicious file replacing the file name into the information to be uploaded.
The configuration of each uploading strategy is completed, and the user can select at least one strategy to configure according to the scene condition of the endpoint, so that the configured uploading strategy can be obtained.
It should be noted that, in addition to the above-mentioned manner to obtain the upload policy, other manners may also be used to implement the upload policy, for example, a user forms a configuration file for the upload policy, imports the configuration file into an endpoint, and the endpoint reads and parses the configuration file to obtain the upload policy.
Finally, a description is given to the step 104 of desensitizing the information to be uploaded based on the uploading strategy to obtain desensitized information and the step 106 of uploading the desensitized information to a management center.
In an embodiment of the present invention, in step 104, when desensitizing the information to be uploaded by using the uploading policy, each policy needs to be used to match the information to be uploaded, specifically: this step 104 may include:
strategy matching is carried out on each suspicious file included in the information to be uploaded and the file path of the suspicious file respectively with each strategy in the uploading strategies;
when the information to be uploaded is matched with one of the strategies in a strategy manner, when the fact that the information to be uploaded has the suspicious file or file path which is forbidden to be uploaded by the strategy is determined, deleting the suspicious file or file path which is forbidden to be uploaded from the information to be uploaded; when the fact that the information to be uploaded has the suspicious file or file path which meets the processing condition according to the policy requirement is determined, the suspicious file or file path which meets the processing condition is processed according to the processing rule of the policy, and the information obtained after processing is added to the information to be uploaded;
and determining the information to be uploaded obtained after the strategy matching of each strategy in the uploading strategies is carried out as desensitization information. Wherein, the desensitization information does not contain sensitive information concerned by the user.
In one embodiment of the present invention, when the uploading policy includes: the method includes the steps of obtaining a plurality of file segments after structural separation of files meeting a third condition, allowing suspicious file segments to be uploaded, processing a target suspicious file meeting the third condition when it is determined that the target suspicious file meeting the third condition exists in the information to be uploaded according to the uploading policy requirement, and adding information obtained after processing to the information to be uploaded, wherein the steps include:
carrying out structure separation on the target suspicious file to obtain a plurality of file segments corresponding to the target suspicious file;
determining suspicious and non-suspicious file segments of the plurality of file segments;
and adding suspicious file segments in the plurality of file segments into the information to be uploaded.
Since the target suspicious file contains the sensitive information, in order to reduce the leakage of the sensitive information, the whole target suspicious file is not uploaded, but a part of file segments in the target suspicious file are uploaded, so that the leakage risk of the sensitive information can be reduced.
When the structure of the target suspicious file is detached, specifically: judging whether the target suspicious file consists of a plurality of structures, if so, respectively taking each structure forming the target suspicious file as a split file fragment; otherwise, the target suspicious file is segmented according to the number of bytes to obtain a plurality of file segments.
For example, for an office file composed of macro codes and data blocks, when a target suspicious file is the office file, the target suspicious file can be split into the macro codes and the data blocks to judge whether the infected file is the macro codes or a certain data block, if the suspicious file is determined to be infected, the office file is deleted from the information to be uploaded, and the suspicious infected file is added to the information to be uploaded and is uploaded to a management center.
When determining which file segments are suspicious file segments, a blacklist can be constructed, malicious code character strings are stored in the blacklist, whether the file segments are suspicious file segments or not is judged by judging whether the file segments carry one or more malicious code character strings in the blacklist, if so, the file segments are judged to be suspicious file segments, and if not, the file segments are judged to be non-suspicious file segments.
It should be noted that, for a suspicious file segment, the file name of the suspicious file segment may use the file name of the target suspicious file, and the file path of the suspicious file segment may also use the file path of the target suspicious file.
Further, if after determining suspicious file segments and non-suspicious file segments in the plurality of file segments, before adding the suspicious file segments in the plurality of file segments to the information to be uploaded, the method may further include: when each file segment in the plurality of file segments is determined to be a suspicious file segment, randomly selecting a specified number of suspicious file segments from the plurality of file segments, and adding the randomly selected specified number of suspicious file segments to the information to be uploaded. The method has the advantages that sensitive information is leaked as little as possible, the management center can comprehensively analyze and identify the suspicious files by using the uploaded part of the suspicious file segments, and when the suspicious files are determined to be threat files, the end points can trace the target suspicious files by using the suspicious file segments.
In one embodiment of the present invention, when the uploading policy includes: converting a file path meeting a fourth condition into a hash value, allowing the hash value to be uploaded, processing a target file path meeting the fourth condition when determining that the target file path meeting the fourth condition is existed in the information to be uploaded according to the uploading policy requirement, and adding information obtained after processing to the information to be uploaded, wherein the processing comprises: calculating a hash value of the target file path; and adding the hash value to the information to be uploaded.
When the hash value is calculated, a preset hash function can be used for calculation, and a random hash function can also be used for calculation to improve the randomness of the hash value, but after the hash function used for calculating the hash value is determined, the hash function needs to be stored to ensure that the threat file can be traced.
For example, a file path exists in the information to be uploaded as follows: and E:/confidential file/A-type contract doc, the fourth condition is that a sensitive character string 'confidential' exists in a file path, so that the file path needs to be deleted from the information to be uploaded, and then a hash value is calculated according to the file path and added into the information to be uploaded.
In this embodiment, the file path including the sensitive character string is deleted from the information to be uploaded, and the information is uploaded in a hash value manner, so that the risk of sensitive information leakage can be reduced, and file tracing can be performed by using the hash value.
Specifically, after the desensitization information is uploaded to the management center, the method may further include: receiving threat information fed back by the management center aiming at the desensitization information; and tracing the threat file based on the hash value in the threat information.
For example, the threat information fed back by the management center is: the file on the file path corresponding to the hash value A is a threat file. Then, in order to trace back the threat file, a hash function is used to determine which file path has a hash value equal to a, and after determining the file path, a further hash calculation may be performed on the file name to locate the threat file.
The desensitization processing method in this embodiment is described below with an exemplary upload policy.
The uploading strategy comprises the second strategy, the fifth strategy and the eighth strategy, and specifically comprises the following steps:
file uploading in the psd format is prohibited; forbidding the uploading of files of/secret; the office file needs to be structured and disassembled to allow the suspicious file segments to be uploaded.
The desensitization treatment process may include the steps of:
s1: determining suspicious files in information to be uploaded and file paths of the suspicious files;
s2: determining a corresponding file format based on the suspicious file, determining whether a file in the psd format exists, and if so, deleting the file in the psd format from the information to be uploaded;
s3: for the information to be uploaded obtained after S2, determining whether a directory of 'E:/absolute password/' exists or not based on the file path of the suspicious file, and if so, deleting the file path from the information to be uploaded;
s4: and for the information to be uploaded obtained after the step S3, determining whether an office file exists or not based on the suspicious file, if so, detaching the structure of the office file, determining suspicious file segments in the office file, deleting the office file from the information to be uploaded, and adding the suspicious file segments in the office file into the information to be uploaded.
The information to be uploaded obtained after the step S4 is desensitization information, the desensitization information does not include sensitive information concerned by the user, and the desensitization information is uploaded to the management center, so that the risk of leakage of the sensitive file can be greatly reduced.
As shown in fig. 2 and fig. 3, an embodiment of the present invention provides an apparatus for uploading endpoint file security check result information. The device embodiments may be implemented by software, or by hardware, or by a combination of hardware and software. In terms of hardware, as shown in fig. 2, a hardware architecture diagram of an electronic device in which an endpoint file security check result information uploading apparatus provided in an embodiment of the present invention is located is shown, where the electronic device in which the apparatus is located in the embodiment may generally include other hardware, such as a forwarding chip responsible for processing a packet, in addition to the processor, the memory, the network interface, and the nonvolatile memory shown in fig. 2. Taking a software implementation as an example, as shown in fig. 3, as a logical device, a CPU of the electronic device reads a corresponding computer program in the non-volatile memory into the memory for running. An apparatus for uploading security check result information of an endpoint file provided by this embodiment includes:
an obtaining unit 301, configured to obtain information to be uploaded, where the information is obtained after endpoint security software performs security check on an endpoint; the information to be uploaded comprises suspicious files and file paths of the suspicious files;
the obtaining unit 301 is further configured to obtain an uploading policy determined by a user based on the scene condition of the endpoint;
a desensitization processing unit 302, configured to perform desensitization processing on the information to be uploaded based on the uploading policy to obtain desensitization information;
a sending unit 303, configured to upload the desensitization information to a management center.
In an embodiment of the present invention, when executing the upload policy determined by the obtaining user based on the context condition of the endpoint, the obtaining unit 301 specifically includes:
in response to a user-initiated policy configuration request, presenting a configurable plurality of policies to a user;
based on the multiple presented strategies, determining an uploading strategy formed by at least one strategy selected from the multiple strategies by a user; the uploading policy is obtained after the user selects the at least one policy and configures each selected policy based on the scene condition of the endpoint.
In one embodiment of the present invention, the uploading policy includes at least one of the following policies:
allowing the file in the first file format to be uploaded;
forbidding uploading of the file in the second file format;
forbidding uploading of a file path containing the first sensitive character string;
the file uploading of the second sensitive character string in the file content is prohibited;
forbidding uploading of files in the first file directory;
file uploading meeting the first condition under the second file directory is forbidden;
allowing the files meeting the second condition under the third file directory to be uploaded;
the files meeting the third condition are subjected to structure separation to obtain a plurality of file segments, and suspicious file segments are allowed to be uploaded;
converting the file path meeting the fourth condition into a hash value, and allowing the hash value to be uploaded; and the combination of (a) and (b),
and converting the file name meeting the fifth condition into a hash value, and allowing the hash value to be uploaded.
In an embodiment of the present invention, the desensitization processing unit 302 is specifically configured to:
strategy matching is carried out on each suspicious file included in the information to be uploaded and the file path of the suspicious file respectively with each strategy in the uploading strategies;
when the information to be uploaded is matched with one of the strategies in a strategy manner, when the fact that the information to be uploaded has the suspicious file or file path which is forbidden to be uploaded by the strategy is determined, deleting the suspicious file or file path which is forbidden to be uploaded from the information to be uploaded; when the fact that the information to be uploaded has the suspicious file or file path which meets the processing condition according to the policy requirement is determined, the suspicious file or file path which meets the processing condition is processed according to the processing rule of the policy, and the information obtained after processing is added to the information to be uploaded;
and determining the information to be uploaded obtained after the strategy matching of each strategy in the uploading strategies is carried out as desensitization information.
In one embodiment of the present invention, the uploading policy includes: the files meeting the third condition are subjected to structure separation to obtain a plurality of file segments, and suspicious file segments are allowed to be uploaded;
when it is determined that a target suspicious file which meets the third condition and is required by the uploading policy exists in the information to be uploaded, processing the target suspicious file which meets the third condition, and adding information obtained after processing to the information to be uploaded, specifically including:
carrying out structure separation on the target suspicious file to obtain a plurality of file segments corresponding to the target suspicious file;
determining suspicious and non-suspicious file segments of the plurality of file segments;
and adding suspicious file segments in the plurality of file segments into the information to be uploaded.
In one embodiment of the present invention, the uploading policy includes: converting the file path meeting the fourth condition into a hash value, and allowing the hash value to be uploaded;
when it is determined that a target file path meeting the fourth condition is present in the information to be uploaded according to the uploading policy requirement, processing the target file path meeting the fourth condition, and adding information obtained after processing to the information to be uploaded, specifically including:
calculating a hash value of the target file path;
and adding the hash value to the information to be uploaded.
In an embodiment of the present invention, referring to fig. 4, the apparatus for uploading the endpoint file security check result information may further include:
a receiving unit 304, configured to receive threat information fed back by the management center for the desensitization information;
a threat tracing unit 305, configured to trace the threat file based on the hash value in the threat information.
It is to be understood that the structure shown in the embodiment of the present invention does not specifically limit an endpoint file security check result information uploading apparatus. In other embodiments of the present invention, an endpoint file security check result information uploading apparatus may include more or fewer components than those shown, or combine some components, or split some components, or a different arrangement of components. The illustrated components may be implemented in hardware, software, or a combination of software and hardware.
Because the content of information interaction, execution process, and the like among the modules in the device is based on the same concept as the method embodiment of the present invention, specific content can be referred to the description in the method embodiment of the present invention, and is not described herein again.
The embodiment of the invention also provides electronic equipment which comprises a memory and a processor, wherein the memory is stored with a computer program, and when the processor executes the computer program, the method for uploading the security check result information of the endpoint file in any embodiment of the invention is realized.
An embodiment of the present invention further provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the computer program causes the processor to execute a method for uploading endpoint file security check result information in any embodiment of the present invention.
Specifically, a system or an apparatus equipped with a storage medium on which software program codes that realize the functions of any of the above-described embodiments are stored may be provided, and a computer (or a CPU or MPU) of the system or the apparatus is caused to read out and execute the program codes stored in the storage medium.
In this case, the program code itself read from the storage medium can realize the functions of any of the above-described embodiments, and thus the program code and the storage medium storing the program code constitute a part of the present invention.
Examples of the storage medium for supplying the program code include a floppy disk, a hard disk, a magneto-optical disk, an optical disk (e.g., CD-ROM, CD-R, CD-RW, DVD-ROM, DVD-RAM, DVD-RW, DVD + RW), a magnetic tape, a nonvolatile memory card, and a ROM. Alternatively, the program code may be downloaded from a server computer via a communications network.
Further, it should be clear that the functions of any one of the above-described embodiments may be implemented not only by executing the program code read out by the computer, but also by causing an operating system or the like operating on the computer to perform a part or all of the actual operations based on instructions of the program code.
Further, it is to be understood that the program code read out from the storage medium is written to a memory provided in an expansion board inserted into the computer or to a memory provided in an expansion module connected to the computer, and then causes a CPU or the like mounted on the expansion board or the expansion module to perform part or all of the actual operations based on instructions of the program code, thereby realizing the functions of any of the above-described embodiments.
The embodiments of the invention have at least the following beneficial effects:
1. in one embodiment of the invention, the uploading strategy is determined by the user based on the scene condition of the endpoint, so that after the endpoint security software carries out security check on the endpoint to obtain the information to be uploaded, desensitization processing can be carried out on the information to be uploaded by using the uploading strategy, desensitization information contains sensitive information as little as possible, and then the desensitization information is uploaded to the management center, so that the sensitive information is uploaded to the management center, and the leakage of the sensitive information is reduced.
2. In an embodiment of the present invention, a plurality of policies are pre-formed in an endpoint, and after a policy configuration request is initiated by a user, the plurality of policies can be displayed to the user, so that the user selects at least one policy from the plurality of policies based on actual scene conditions to implement configuration of an upload policy.
3. In an embodiment of the present invention, if a target suspicious file is matched, the target suspicious file may contain sensitive information, and in order to reduce leakage of the sensitive information, the entire target suspicious file may not be uploaded, but a part of file segments in the target suspicious file may be uploaded, so that a risk of leakage of the sensitive information may be reduced.
4. In an embodiment of the invention, when the suspicious file is structurally detached to obtain suspicious file segments of a plurality of file segments, an appointed number of suspicious file segments are randomly selected and uploaded to the management center, so that sensitive information can be leaked as little as possible, the management center can comprehensively analyze and identify the suspicious file by using part of the uploaded suspicious file segments, and when the suspicious file is determined to be a threat file, an end point can trace a target suspicious file by using the suspicious file segments.
5. In an embodiment of the invention, the file path containing the sensitive character string is deleted from the information to be uploaded, and the information is uploaded in a hash value mode, so that the risk of sensitive information leakage can be reduced, and file tracing can be performed by using the hash value.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an …" does not exclude the presence of other similar elements in a process, method, article, or apparatus that comprises the element.
Those of ordinary skill in the art will understand that: all or part of the steps for realizing the method embodiments can be completed by hardware related to program instructions, the program can be stored in a computer readable storage medium, and the program executes the steps comprising the method embodiments when executed; and the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (10)

1. An endpoint file security check result information uploading method is characterized by comprising the following steps:
acquiring information to be uploaded, which is obtained after the endpoint security software carries out security check on the endpoint; the information to be uploaded comprises suspicious files and file paths of the suspicious files;
acquiring an uploading strategy determined by a user based on the scene condition of the endpoint;
desensitizing the information to be uploaded based on the uploading strategy to obtain desensitized information;
and uploading the desensitization information to a management center.
2. The method of claim 1, wherein obtaining the upload policy determined by the user based on the context condition of the endpoint comprises:
in response to a user-initiated policy configuration request, presenting a configurable plurality of policies to a user;
based on the multiple presented strategies, determining an uploading strategy formed by at least one strategy selected from the multiple strategies by a user; the uploading policy is obtained after the user selects the at least one policy and configures each selected policy based on the scene condition of the endpoint.
3. The method of claim 1 or 2, wherein the upload policy comprises at least one of the following policies:
allowing the file in the first file format to be uploaded;
forbidding uploading of the file in the second file format;
forbidding uploading of a file path containing the first sensitive character string;
prohibiting the file contents containing the second sensitive character strings from uploading;
forbidding uploading of files in the first file directory;
file uploading meeting the first condition under the second file directory is forbidden;
allowing the files meeting the second condition under the third file directory to be uploaded;
the files meeting the third condition are subjected to structure separation to obtain a plurality of file segments, and suspicious file segments are allowed to be uploaded;
converting the file path meeting the fourth condition into a hash value, and allowing the hash value to be uploaded; and the combination of (a) and (b),
and converting the file name meeting the fifth condition into a hash value, and allowing the hash value to be uploaded.
4. The method according to claim 1, wherein the desensitizing processing of the information to be uploaded based on the uploading policy to obtain desensitized information comprises:
strategy matching is carried out on each suspicious file included in the information to be uploaded and the file path of the suspicious file respectively with each strategy in the uploading strategies;
when the information to be uploaded is matched with one of the strategies in a strategy manner, when the fact that the information to be uploaded has the suspicious file or file path which is forbidden to be uploaded by the strategy is determined, deleting the suspicious file or file path which is forbidden to be uploaded from the information to be uploaded; when the fact that the information to be uploaded has the suspicious file or file path which meets the processing condition according to the policy requirement is determined, the suspicious file or file path which meets the processing condition is processed according to the processing rule of the policy, and the information obtained after processing is added to the information to be uploaded;
and determining the information to be uploaded obtained after the strategy matching of each strategy in the uploading strategies is carried out as desensitization information.
5. The method of claim 4, wherein the upload policy comprises: the files meeting the third condition are subjected to structure separation to obtain a plurality of file segments, and suspicious file segments are allowed to be uploaded;
when it is determined that the information to be uploaded has the target suspicious file which the uploading policy requires to meet the third condition, processing the target suspicious file which meets the third condition, and adding the information obtained after processing to the information to be uploaded, including:
carrying out structure separation on the target suspicious file to obtain a plurality of file segments corresponding to the target suspicious file;
determining suspicious and non-suspicious file segments of the plurality of file segments;
and adding suspicious file segments in the plurality of file segments into the information to be uploaded.
6. The method of claim 4, wherein the upload policy comprises: converting the file path meeting the fourth condition into a hash value, and allowing the hash value to be uploaded;
when it is determined that a target file path meeting the fourth condition is existed in the information to be uploaded according to the uploading policy requirement, processing the target file path meeting the fourth condition, and adding the processed information to the information to be uploaded, including:
calculating a hash value of the target file path;
and adding the hash value to the information to be uploaded.
7. The method of claim 6, further comprising:
receiving threat information fed back by the management center aiming at the desensitization information;
and tracing the threat file based on the hash value in the threat information.
8. An apparatus for uploading security check result information of an endpoint file, comprising:
the acquisition unit is used for acquiring information to be uploaded, which is obtained after the endpoint security software carries out security check on the endpoint; the information to be uploaded comprises suspicious files and file paths of the suspicious files;
the acquisition unit is further used for acquiring an uploading strategy determined by a user based on the scene condition of the endpoint;
the desensitization processing unit is used for performing desensitization processing on the information to be uploaded based on the uploading strategy to obtain desensitization information;
and the sending unit is used for uploading the desensitization information to a management center.
9. An electronic device comprising a memory having stored therein a computer program and a processor that, when executing the computer program, implements the method of any of claims 1-7.
10. A computer-readable storage medium, on which a computer program is stored which, when executed in a computer, causes the computer to carry out the method of any one of claims 1-7.
CN202210439979.7A 2022-04-25 2022-04-25 Method, device, equipment and medium for uploading security check result information of endpoint file Active CN114866532B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210439979.7A CN114866532B (en) 2022-04-25 2022-04-25 Method, device, equipment and medium for uploading security check result information of endpoint file

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210439979.7A CN114866532B (en) 2022-04-25 2022-04-25 Method, device, equipment and medium for uploading security check result information of endpoint file

Publications (2)

Publication Number Publication Date
CN114866532A true CN114866532A (en) 2022-08-05
CN114866532B CN114866532B (en) 2023-11-10

Family

ID=82632999

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210439979.7A Active CN114866532B (en) 2022-04-25 2022-04-25 Method, device, equipment and medium for uploading security check result information of endpoint file

Country Status (1)

Country Link
CN (1) CN114866532B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116561795A (en) * 2023-04-26 2023-08-08 合芯科技(苏州)有限公司 Data parallel desensitization processing method

Citations (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103281325A (en) * 2013-06-04 2013-09-04 北京奇虎科技有限公司 Method and device for processing file based on cloud security
WO2017036336A1 (en) * 2015-09-01 2017-03-09 阿里巴巴集团控股有限公司 Cloud platform-based service data processing method and device
CN107180200A (en) * 2017-04-20 2017-09-19 北京同余科技有限公司 Data file customizable desensitization method and system
WO2017175157A1 (en) * 2016-04-06 2017-10-12 Karamba Security Secure controller operation and malware prevention
CN109450644A (en) * 2018-11-16 2019-03-08 华北电力大学 Home energy source management system protecting information safety scheme Internet-based
CN109740363A (en) * 2019-01-04 2019-05-10 贵州大学 Rating documents desensitization encryption method
CN109977690A (en) * 2017-12-28 2019-07-05 中国移动通信集团陕西有限公司 A kind of data processing method, device and medium
CN110071924A (en) * 2019-04-24 2019-07-30 广州知弘科技有限公司 Big data analysis method and system based on terminal
CN110688653A (en) * 2019-09-29 2020-01-14 北京可信华泰信息技术有限公司 Client security protection method and device and terminal equipment
CN111914300A (en) * 2020-09-21 2020-11-10 安徽长泰信息安全服务有限公司 Document encryption device and method for preventing file leakage
CN111967024A (en) * 2020-07-10 2020-11-20 苏州浪潮智能科技有限公司 File sensitive data protection method and device
CN112000992A (en) * 2020-10-29 2020-11-27 腾讯科技(深圳)有限公司 Data leakage prevention protection method and device, computer readable medium and electronic equipment
CN112241543A (en) * 2020-10-27 2021-01-19 国网福建省电力有限公司信息通信分公司 Sensitive data combing method based on data middling stage
CN113114647A (en) * 2021-04-01 2021-07-13 海尔数字科技(青岛)有限公司 Network security risk detection method and device, electronic equipment and storage medium
CN113868698A (en) * 2021-08-26 2021-12-31 上海上讯信息技术股份有限公司 File desensitization method and equipment
US20220014543A1 (en) * 2016-11-30 2022-01-13 Agari Data, Inc. Using a measure of influence of sender in determining a security risk associated with an electronic message

Patent Citations (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103281325A (en) * 2013-06-04 2013-09-04 北京奇虎科技有限公司 Method and device for processing file based on cloud security
WO2017036336A1 (en) * 2015-09-01 2017-03-09 阿里巴巴集团控股有限公司 Cloud platform-based service data processing method and device
WO2017175157A1 (en) * 2016-04-06 2017-10-12 Karamba Security Secure controller operation and malware prevention
US20220014543A1 (en) * 2016-11-30 2022-01-13 Agari Data, Inc. Using a measure of influence of sender in determining a security risk associated with an electronic message
CN107180200A (en) * 2017-04-20 2017-09-19 北京同余科技有限公司 Data file customizable desensitization method and system
CN109977690A (en) * 2017-12-28 2019-07-05 中国移动通信集团陕西有限公司 A kind of data processing method, device and medium
CN109450644A (en) * 2018-11-16 2019-03-08 华北电力大学 Home energy source management system protecting information safety scheme Internet-based
CN109740363A (en) * 2019-01-04 2019-05-10 贵州大学 Rating documents desensitization encryption method
CN110071924A (en) * 2019-04-24 2019-07-30 广州知弘科技有限公司 Big data analysis method and system based on terminal
CN110688653A (en) * 2019-09-29 2020-01-14 北京可信华泰信息技术有限公司 Client security protection method and device and terminal equipment
CN111967024A (en) * 2020-07-10 2020-11-20 苏州浪潮智能科技有限公司 File sensitive data protection method and device
CN111914300A (en) * 2020-09-21 2020-11-10 安徽长泰信息安全服务有限公司 Document encryption device and method for preventing file leakage
CN112241543A (en) * 2020-10-27 2021-01-19 国网福建省电力有限公司信息通信分公司 Sensitive data combing method based on data middling stage
CN112000992A (en) * 2020-10-29 2020-11-27 腾讯科技(深圳)有限公司 Data leakage prevention protection method and device, computer readable medium and electronic equipment
CN113114647A (en) * 2021-04-01 2021-07-13 海尔数字科技(青岛)有限公司 Network security risk detection method and device, electronic equipment and storage medium
CN113868698A (en) * 2021-08-26 2021-12-31 上海上讯信息技术股份有限公司 File desensitization method and equipment

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
X. ZHANG, Y. ZHANG, G. LUO AND W. CHEN: ""Identity-based Format Preserving Encryption of Data Desensitization Program"", 《2020 INTERNATIONAL CONFERENCE ON COMPUTER ENGINEERING AND APPLICATION (ICCEA)》 *
李伟明;贺玄;王永剑;: "基于动态污点跟踪的敏感文件泄露检测方法", 华中科技大学学报(自然科学版), no. 11 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116561795A (en) * 2023-04-26 2023-08-08 合芯科技(苏州)有限公司 Data parallel desensitization processing method
CN116561795B (en) * 2023-04-26 2024-04-16 合芯科技(苏州)有限公司 Data parallel desensitization processing method

Also Published As

Publication number Publication date
CN114866532B (en) 2023-11-10

Similar Documents

Publication Publication Date Title
RU2680736C1 (en) Malware files in network traffic detection server and method
US8479296B2 (en) System and method for detecting unknown malware
EP2774076B1 (en) Fuzzy whitelisting anti-malware systems and methods
US8056136B1 (en) System and method for detection of malware and management of malware-related information
EP3335145B1 (en) Using multiple layers of policy management to manage risk
US8819835B2 (en) Silent-mode signature testing in anti-malware processing
US20140201843A1 (en) Systems and methods for identifying and reporting application and file vulnerabilities
EP2784715B1 (en) System and method for adaptive modification of antivirus databases
CN109344611B (en) Application access control method, terminal equipment and medium
KR20130129184A (en) System and method for server-coupled malware prevention
US10176317B2 (en) Method and apparatus for managing super user password on smart mobile terminal
JP2016513324A (en) System and method for risk-based rules for application control
CN110880983A (en) Penetration testing method and device based on scene, storage medium and electronic device
US11288368B1 (en) Signature generation
CN114866532A (en) Method, device, equipment and medium for uploading security check result information of endpoint file
Wu et al. Detection of fake IoT app based on multidimensional similarity
Bhuiyan et al. API vulnerabilities: Current status and dependencies
Hovmark et al. Towards Extending Probabilistic Attack Graphs with Forensic Evidence: An investigation of property list files in macOS
Rizvi et al. A Hybrid Framework for Detecting Repackaged Applications on the Android Market
CN117763546A (en) Virus checking and killing method and system and electronic equipment
CN115730274A (en) Document leakage early warning method and device
CN116961993A (en) Service configuration method, system, equipment and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant