CN114866532B - Method, device, equipment and medium for uploading security check result information of endpoint file - Google Patents
Method, device, equipment and medium for uploading security check result information of endpoint file Download PDFInfo
- Publication number
- CN114866532B CN114866532B CN202210439979.7A CN202210439979A CN114866532B CN 114866532 B CN114866532 B CN 114866532B CN 202210439979 A CN202210439979 A CN 202210439979A CN 114866532 B CN114866532 B CN 114866532B
- Authority
- CN
- China
- Prior art keywords
- file
- information
- uploaded
- uploading
- suspicious
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 45
- 238000000586 desensitisation Methods 0.000 claims abstract description 33
- 239000012634 fragment Substances 0.000 claims description 58
- 238000012545 processing Methods 0.000 claims description 51
- 238000004590 computer program Methods 0.000 claims description 12
- 230000006870 function Effects 0.000 description 10
- 238000007689 inspection Methods 0.000 description 6
- 230000008569 process Effects 0.000 description 6
- 238000010586 diagram Methods 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 3
- 238000012544 monitoring process Methods 0.000 description 3
- 244000035744 Hura crepitans Species 0.000 description 2
- 241000700605 Viruses Species 0.000 description 2
- 230000002155 anti-virotic effect Effects 0.000 description 2
- 238000001514 detection method Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 230000008676 import Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
- G06F21/6254—Protecting personal data, e.g. for financial or medical purposes by anonymising data, e.g. decorrelating personal data from the owner's identification
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/2866—Architectures; Arrangements
- H04L67/30—Profiles
Abstract
The invention provides a method, a device, equipment and a medium for uploading security check result information of an endpoint file, wherein the method comprises the following steps: acquiring information to be uploaded, which is obtained after the endpoint security software performs security check on the endpoint; the information to be uploaded comprises suspicious files and file paths of the suspicious files; acquiring an uploading strategy determined by a user based on the scene condition of the endpoint; desensitizing the information to be uploaded based on the uploading strategy to obtain desensitized information; and uploading the desensitization information to a management center. According to the scheme, the information to be uploaded is desensitized by using the uploading strategy, so that the desensitized information contains sensitive information as little as possible, and the desensitized information is uploaded to the management center, so that the uploading of the sensitive information to the management center can be reduced, and the leakage of the sensitive information is reduced.
Description
Technical Field
The embodiment of the invention relates to the technical field of security, in particular to a method, a device, equipment and a medium for uploading security inspection result information of an endpoint file.
Background
Endpoint security protection software is generally installed on endpoint devices and is used for achieving functions of virus detection, real-time monitoring, medium management and control and the like of endpoints, and the endpoint security protection software comprises antivirus software, EDR, EPP and the like so as to protect against attack threat, and clear and treat infected malicious codes.
Currently, endpoint security software needs to collect malicious code files and suspected malicious files on endpoint devices based on scan and monitoring triggers, and upload these files to a management center for storage to support analysis and authentication by manual, sandboxes and other security mechanisms. In addition, in order to realize the works of scene environment identification of the endpoint software, threat tracing based on information and the like, the endpoint security software also carries out object recursion scanning such as memory object enumeration, key sectors, file systems and the like on the endpoint, extracts information such as file path names, HASH values, signature information and the like, and transmits the results to a management center. And uploading these information to the management center may have a problem of sensitive information leakage.
Disclosure of Invention
Based on the problem of sensitive information leakage in the prior art, the embodiment of the invention provides a method, a device, equipment and a medium for uploading endpoint file security check result information, which can reduce the leakage of sensitive information.
In a first aspect, an embodiment of the present invention provides a method for uploading security check result information of an endpoint file, including:
acquiring information to be uploaded, which is obtained after the endpoint security software performs security check on the endpoint; the information to be uploaded comprises suspicious files and file paths of the suspicious files;
acquiring an uploading strategy determined by a user based on the scene condition of the endpoint;
desensitizing the information to be uploaded based on the uploading strategy to obtain desensitized information;
uploading the desensitization information to a management center.
Preferably, the obtaining the uploading policy determined by the user based on the scene condition of the endpoint includes:
responding to a policy configuration request initiated by a user, and displaying a plurality of configurable policies to the user;
determining an uploading strategy composed of at least one strategy selected by a user from the plurality of strategies based on the displayed plurality of strategies; the uploading policy is obtained by configuring each selected policy based on scene conditions of the endpoint after the user selects the at least one policy.
Preferably, the uploading policy includes at least one of the following policies:
allowing file uploading of the first file format;
Prohibiting uploading of the file in the second file format;
disabling file path upload including the first sensitive character string;
prohibiting file uploading of the file content containing the second sensitive character string;
the file uploading under the first file directory is forbidden;
the file uploading meeting the first condition under the second file directory is forbidden;
allowing the file meeting the second condition to be uploaded under the third file directory;
a plurality of file fragments obtained after the files meeting the third condition are structurally detached, and the suspicious file fragments are allowed to be uploaded;
converting the file path meeting the fourth condition into a hash value, and allowing the hash value to be uploaded; and, a step of, in the first embodiment,
converting the file name satisfying the fifth condition into a hash value, allowing uploading of the hash value.
Preferably, the desensitizing processing is performed on the information to be uploaded based on the uploading policy to obtain desensitized information, including:
aiming at each suspicious file and the file path of the suspicious file contained in the information to be uploaded, respectively carrying out strategy matching with each strategy in the uploading strategies;
when the strategy matching is carried out with one of the strategies, deleting the suspicious file or file path which is forbidden to be uploaded from the information to be uploaded when the suspicious file or file path which is forbidden to be uploaded by the strategy exists in the information to be uploaded; when the suspicious file or file path meeting the processing conditions required by the policy exists in the information to be uploaded, processing the suspicious file or file path meeting the processing conditions according to the processing rules of the policy, and adding the processed information into the information to be uploaded;
And determining the information to be uploaded obtained after the strategy matching of each strategy in the uploading strategies as desensitization information.
Preferably, the uploading policy includes: a plurality of file fragments obtained after the files meeting the third condition are structurally detached, and the suspicious file fragments are allowed to be uploaded;
when determining that the target suspicious file meeting the third condition is existed in the information to be uploaded, processing the target suspicious file meeting the third condition, and adding the processed information into the information to be uploaded, wherein the method comprises the following steps:
performing structure detachment on the target suspicious file to obtain a plurality of file fragments corresponding to the target suspicious file;
determining suspicious and non-suspicious file segments of the plurality of file segments;
and adding suspicious file fragments in the file fragments to the information to be uploaded.
Preferably, the uploading policy includes: converting the file path meeting the fourth condition into a hash value, and allowing the hash value to be uploaded;
when it is determined that the target file path meeting the fourth condition is present in the information to be uploaded, processing the target file path meeting the fourth condition, and adding the information obtained after processing to the information to be uploaded, where the processing includes:
Calculating a hash value of the target file path;
and adding the hash value to the information to be uploaded.
Preferably, the method further comprises:
threat information fed back by the management center aiming at the desensitization information is received;
and tracing the threat file based on the hash value in the threat information.
In a second aspect, an embodiment of the present invention further provides an endpoint file security check result information uploading device, including:
the acquisition unit is used for acquiring information to be uploaded, which is obtained after the endpoint security software performs security check on the endpoint; the information to be uploaded comprises suspicious files and file paths of the suspicious files;
the acquisition unit is further used for acquiring an uploading strategy determined by a user based on the scene condition of the endpoint;
the desensitization processing unit is used for carrying out desensitization processing on the information to be uploaded based on the uploading strategy to obtain desensitized information;
and the sending unit is used for uploading the desensitization information to a management center.
In a third aspect, an embodiment of the present invention further provides an electronic device, including a memory and a processor, where the memory stores a computer program, and when the processor executes the computer program, the method described in any embodiment of the present specification is implemented.
In a fourth aspect, embodiments of the present invention also provide a computer-readable storage medium having stored thereon a computer program which, when executed in a computer, causes the computer to perform a method according to any of the embodiments of the present specification.
The embodiment of the invention provides a method, a device, equipment and a medium for uploading endpoint file security check result information, wherein a user determines an uploading strategy based on scene conditions of endpoints, so that after endpoint security software performs security check on the endpoints to obtain information to be uploaded, the information to be uploaded can be subjected to desensitization processing by using the uploading strategy, the desensitization information contains sensitive information as little as possible, and the desensitization information is uploaded to a management center, so that the uploading of the sensitive information to the management center can be reduced, and the leakage of the sensitive information is reduced.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flowchart of a method for uploading security check result information of an endpoint file according to an embodiment of the present invention;
FIG. 2 is a hardware architecture diagram of an electronic device according to an embodiment of the present invention;
FIG. 3 is a block diagram of an endpoint file security check result information uploading device according to an embodiment of the present invention;
fig. 4 is a block diagram of another device for uploading security check result information of an endpoint file according to an embodiment of the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments, and all other embodiments obtained by those skilled in the art without making any inventive effort based on the embodiments of the present invention are within the scope of protection of the present invention.
As described above, after the security inspection is performed on the endpoint, the inspection result, the inspected suspicious file, etc. are generally uploaded to the management center together, but sensitive information may exist in the suspicious file, and the suspicious file is directly uploaded to the management center, which may cause leakage of the sensitive information, thereby causing an information security problem. Based on the method, the corresponding strategy can be set in consideration of scene conditions based on the endpoints, and when the information needs to be uploaded to the management center, the set strategy is utilized to desensitize the uploaded information, so that the sensitive information is not uploaded, and leakage of the sensitive information is reduced.
Specific implementations of the above concepts are described below.
Referring to fig. 1, an embodiment of the present invention provides a method for uploading endpoint file security check result information, including:
step 100, obtaining information to be uploaded, which is obtained after security inspection of the endpoint by the endpoint security software; the information to be uploaded comprises suspicious files and file paths of the suspicious files;
102, acquiring an uploading strategy determined by a user based on scene conditions of the endpoint;
step 104, desensitizing the information to be uploaded based on the uploading strategy to obtain desensitized information;
and step 106, uploading the desensitization information to a management center.
In the embodiment of the invention, the uploading strategy is determined by the user based on the scene condition of the endpoint, so that after the endpoint security software performs security check on the endpoint to obtain the information to be uploaded, the information to be uploaded can be desensitized by using the uploading strategy, so that the desensitized information contains as little sensitive information as possible, and the desensitized information is uploaded to the management center, thereby reducing the uploading of the sensitive information to the management center and reducing the leakage of the sensitive information.
The manner in which the individual steps shown in fig. 1 are performed is described below.
Firstly, aiming at step 100, obtaining information to be uploaded, which is obtained after endpoint security software performs security check on an endpoint; the information to be uploaded comprises suspicious files and file paths of the suspicious files.
Endpoint security software is software installed on endpoints to provide security protection for the endpoints with virus detection, real-time monitoring, media management and control, etc., such as antivirus software, EDR, EPP, etc., to protect against attack threats, clear and dispose of malicious code that has been infected. After the endpoint security software performs security checks on the endpoint, the suspicious file and the file path of the suspicious file are uploaded to a management center (e.g., server) to support analysis, authentication by personnel, sandboxes, and other security mechanisms.
The suspicious file refers to a file which is preliminarily judged to be a suspicious malicious code file in the security inspection process.
Then, for step 102, an upload policy determined by the user based on the scene conditions of the endpoint is obtained.
In the embodiment of the invention, when the uploading strategy is determined, the configuration of the uploading strategy is different when the scene conditions of the endpoints are different. Wherein the scene condition may include at least one of: the type of the sensitive information, the storage mode of the sensitive information, the storage position of the sensitive information and the like.
For example, the main working content of a user of a certain endpoint is text editing, so that under the scene condition, the type of the sensitive information is an office file; the main working content of the other end point user is UI interface design, and then under the scene condition, the type of the sensitive information is a psd file; different types of sensitive information can be seen, and configuration contents are different when an uploading strategy is configured.
When the sensitive information is stored, for example, the file format for storing the sensitive information is word files, and the confidential levels of the sensitive information are different, different confidential levels, for example, confidential levels such as confidential, secret, general and the like, are configured for the storage mode, and the confidential files are stored in an encrypted mode. The storage modes of different sensitive information can be seen, and the configuration content is different when the uploading strategy is configured.
Further, by way of example, when storing sensitive information, different sensitive information may have different storage locations, for example, some sensitive information is stored in a first folder, other sensitive information is stored in a second folder, and the storage locations of different sensitive information may be visible, and the configuration content may be different when configuring the uploading policy.
Based on the above description of the scene condition, in one embodiment of the present invention, the uploading policy may be obtained in the following manner:
responding to a policy configuration request initiated by a user, and displaying a plurality of configurable policies to the user;
determining an uploading strategy composed of at least one strategy selected by a user from the plurality of strategies based on the displayed plurality of strategies; the uploading policy is obtained by configuring each selected policy based on scene conditions of the endpoint after the user selects the at least one policy.
After a user initiates a policy configuration request, the plurality of policies may be displayed to the user, so that the user selects at least one policy from the plurality of policies based on actual scene conditions, and configuration of uploading policies is achieved.
In one embodiment of the present invention, based on the description of the scenario conditions, the uploading policy may include at least one of the following policies:
policy one, allowing file uploading of a first file format;
strategy II, forbid the file uploading of the second file format;
Strategy III, forbid the file route comprising the first sensitive character string from uploading;
a fourth strategy forbids file uploading of the file content containing the second sensitive character string;
fifthly, prohibiting file uploading under the first file directory;
a sixth strategy forbids file uploading meeting the first condition under the second file directory;
a seventh strategy allows uploading of files meeting the second condition under the third file directory;
a policy eight, a plurality of file fragments obtained after the files meeting the third condition are structurally detached, and uploading of suspicious file fragments is allowed;
a strategy nine, converting the file paths meeting the fourth condition into hash values, and allowing the hash values to be uploaded; and, a step of, in the first embodiment,
policy ten, converting the file name meeting the fifth condition into hash value, allowing uploading hash value.
The ten strategies in the above examples can be classified into three types, the first type being: allowing/prohibiting uploading of files/file paths under certain conditions; the second category is: uploading suspicious file fragments after the structure is detached; the third class is to convert to hash value upload. The three types of strategies are described below.
First, a first type of policy is described, and the first type of policy includes the above policies one to seven.
For the first strategy and the second strategy, when the uploading strategy is configured, the file format which is allowed to be uploaded or the file format which is forbidden to be uploaded can be configured. After the first file format allowing uploading is configured, only the files in the first file format can be uploaded, and the files in other file formats are required to be deleted from the information to be uploaded; similarly, when the second file format for prohibiting uploading is configured, the file in the second file format needs to be deleted from the information to be uploaded. For example, binary executable files such as PE files, ELF files, and script files are allowed to be uploaded, the first file format being exe, dll, bat, cmd, JS, py, etc.; alternatively, the second file format for which uploading is prohibited is doc, ppt, pdf, xls. The identification of the file format can be directly carried out on the suspicious file, and can also be identified from a file path.
For the third and fourth policies, since the file path or the file content may contain the sensitive character string, the sensitive character string may be configured when the uploading policy is configured. The file path containing the first sensitive character string is forbidden to upload, the file containing the second sensitive character string in the file content is forbidden to upload, the first sensitive character string and the second sensitive character string can be the same or different, for example, the first sensitive character string and the second sensitive character string are all 'secret', 'business secret', 'inside', and the like, when the configured first sensitive character string is identified in the file path, the file path needs to be deleted from the information to be uploaded, and when the second sensitive character string is identified in the file content of the suspicious file, the suspicious file needs to be deleted from the information to be uploaded, so that the sensitive file required by the specific category is protected.
For the policies five, six and seven, if all files stored in a certain file directory in the endpoint belong to sensitive files, the file directory can be configured, and file uploading under the file directory is forbidden. If part of the files under a certain file catalog belong to the sensitive files and the other part of the files do not belong to the sensitive files, the configuration can be carried out in a mode of a strategy six or a strategy seven. And (3) taking an example of the strategy six, and prohibiting uploading of the file meeting the first condition (the file format is psd) under the second file directory, so that the file with the file format of psd in the information to be uploaded needs to be deleted. The first condition and/or the second condition may be set according to the commonality of the files, so that the set first condition or second condition can cover all files that are prohibited or allowed to be uploaded.
It will be appreciated that the file directory may be obtained from a file path.
Next, a second type of policy is described, which includes the above-described policy eight.
In the embodiment of the invention, the third condition can be set so that when the file meeting the third condition exists in the information to be uploaded, the file meeting the third condition needs to be deleted from the information to be uploaded, the file meeting the third condition is detached in structure, the suspicious file fragments are determined from a plurality of file fragments obtained by detachment, and the suspicious file fragments are added into the information to be uploaded.
Since sensitive information easily exists in the document file, the file satisfying the third condition may be a document file.
For example, the third condition is that any type of file needs to be uploaded after being detached from the structure; or if the third condition is of the office type, the uploading of the office type file is prohibited, and if the office type file is required to be uploaded after the structure is detached. The structure detachment manner and the determination manner of the suspicious file segments are described below.
Finally, a third type of strategy is described, wherein the third type of strategy comprises a strategy nine and a strategy ten.
And setting a fourth condition and a fifth condition aiming at the strategy nine and the strategy ten, converting a file path or a file name meeting the conditions into corresponding hash values, deleting the file path or the suspicious file meeting the fifth condition from the information to be uploaded, adding the hash value of the file path into the information to be uploaded, or taking the hash value after the file name conversion as the file name of the suspicious file, and adding the suspicious file replacing the file name into the information to be uploaded.
The configuration of each uploading strategy is completed, and the user can select at least one strategy to configure according to the scene condition of the endpoint, so that the configured uploading strategy can be obtained.
It should be noted that, in addition to the above method for obtaining the uploading policy, other methods may be used to achieve the foregoing method, for example, a user forms a configuration file for the uploading policy, and imports the configuration file into an endpoint, and the endpoint reads and parses the configuration file to obtain the uploading policy.
Finally, the step 104 of carrying out desensitization processing on the information to be uploaded based on the uploading strategy to obtain desensitization information and the step 106 of uploading the desensitization information to a management center are simultaneously described.
In one embodiment of the present invention, in step 104, when the information to be uploaded is desensitized by using the uploading policies, each policy needs to be used to match the information to be uploaded, specifically: this step 104 may include:
aiming at each suspicious file and the file path of the suspicious file contained in the information to be uploaded, respectively carrying out strategy matching with each strategy in the uploading strategies;
when the strategy matching is carried out with one of the strategies, deleting the suspicious file or file path which is forbidden to be uploaded from the information to be uploaded when the suspicious file or file path which is forbidden to be uploaded by the strategy exists in the information to be uploaded; when the suspicious file or file path meeting the processing conditions required by the policy exists in the information to be uploaded, processing the suspicious file or file path meeting the processing conditions according to the processing rules of the policy, and adding the processed information into the information to be uploaded;
And determining the information to be uploaded obtained after the strategy matching of each strategy in the uploading strategies as desensitization information. Wherein, the desensitization information does not contain sensitive information focused by the user.
In one embodiment of the present invention, when the uploading policy includes: and when determining that the target suspicious file meeting the third condition is existed in the information to be uploaded, processing the target suspicious file meeting the third condition, and adding the processed information into the information to be uploaded, wherein the method comprises the following steps:
performing structure detachment on the target suspicious file to obtain a plurality of file fragments corresponding to the target suspicious file;
determining suspicious and non-suspicious file segments of the plurality of file segments;
and adding suspicious file fragments in the file fragments to the information to be uploaded.
Because the target suspicious file contains the sensitive information, in order to reduce the leakage of the sensitive information, the whole target suspicious file can be not uploaded, but part of file fragments in the target suspicious file are uploaded, so that the leakage risk of the sensitive information can be reduced.
When the target suspicious file is structurally detached, specifically: judging whether the target suspicious file consists of a plurality of structures, if so, taking each structure forming the target suspicious file as a split file segment respectively; otherwise, the target suspicious file is fragmented according to the byte number, and a plurality of file fragments are obtained.
For example, for an office file composed of a macro code and a data block, when the target suspicious file is an office file, the target suspicious file may be split into the macro code and the data block to determine whether the target suspicious file is the macro code or a certain data block, if it is determined that the macro code is suspected to be infected, the office file is deleted from the information to be uploaded, and the suspected infected macro code is added to the information to be uploaded to the management center.
When determining which file fragments are suspicious file fragments, a blacklist can be constructed, malicious code character strings are stored in the blacklist, whether the file fragments are suspicious file fragments is determined by judging whether the file fragments carry one or more malicious code character strings in the blacklist, if yes, the file fragments are suspicious file fragments, and if not, the file fragments are non-suspicious file fragments.
It should be noted that, for the suspicious file segment, the file name of the suspicious file segment may use the file name of the target suspicious file, and the file path of the suspicious file segment may also use the file path of the target suspicious file.
Further, if after determining the suspicious file segment and the non-suspicious file segment in the plurality of file segments, before adding the suspicious file segment in the plurality of file segments to the information to be uploaded, the method further includes: when each file segment in the plurality of file segments is determined to be a suspicious file segment, randomly selecting a specified number of suspicious file segments in the plurality of file segments, and adding the randomly selected specified number of suspicious file segments to the information to be uploaded. The management center can comprehensively analyze and identify the suspicious file by using the uploaded part of suspicious file fragments while the sensitive information is leaked as little as possible, and when the suspicious file is determined to be a threat file, the endpoint can trace the target suspicious file by using the suspicious file fragments.
In one embodiment of the present invention, when the uploading policy includes: converting the file path meeting the fourth condition into a hash value, allowing the hash value to be uploaded, and when determining that the target file path meeting the fourth condition is existed in the information to be uploaded, processing the target file path meeting the fourth condition, and adding the processed information into the information to be uploaded, wherein the method comprises the following steps: calculating a hash value of the target file path; and adding the hash value to the information to be uploaded.
When the hash value is calculated, a preset hash function can be adopted for calculation, or a random hash function can be adopted for calculation so as to improve the randomness of the hash value, but after the hash function for calculating the hash value is determined, the hash function needs to be stored so as to ensure that the threat file can be traced.
For example, there is one file path in the information to be uploaded: doc, a fourth condition is that a sensitive character string exists in a file path, so that the file path needs to be deleted from information to be uploaded, then a hash value is calculated for the file path, and the hash value is added to the information to be uploaded.
In this embodiment, the file path including the sensitive character string is deleted from the information to be uploaded, and the information is uploaded in a hash value manner, so that the risk of leakage of the sensitive information can be reduced, and the hash value can be used for tracing the file.
Specifically, after the desensitization information is uploaded to the management center, it may further include: threat information fed back by the management center aiming at the desensitization information is received; and tracing the threat file based on the hash value in the threat information.
For example, threat information fed back by the management center is: the file on the file path corresponding to the hash value a is a threat file. Then to trace back the threat file, a hash function is used to determine which file path has a hash value equal to a, and after determining the file path, further hash calculations may be performed on the file name to locate the threat file.
The desensitization processing manner in this embodiment will be described below with an exemplary uploading policy.
The uploading strategy comprises the second strategy, the fifth strategy and the eighth strategy, and specifically comprises the following steps:
forbidding uploading of the file in the psd format; inhibit the file uploading of catalog E:/secret/lower; the office file needs to be detached from the structure to allow the uploading of suspicious file fragments.
The desensitization process may include the steps of:
s1: determining a suspicious file and a file path of the suspicious file in the information to be uploaded;
s2: determining a corresponding file format based on the suspicious file, determining whether a file in a psd format exists, and deleting the file in the psd format from the information to be uploaded if the file in the psd format exists;
s3: determining whether an E:/absolute/'directory exists or not according to the file path of the suspicious file, and deleting the file path from the information to be uploaded if the E:/absolute/' directory exists according to the information to be uploaded obtained after the S2;
S4: and (3) determining whether an office file exists based on the suspicious file, if so, performing structure detachment on the office file, determining suspicious file fragments in the office file, deleting the office file from the information to be uploaded, and adding the suspicious file fragments in the office file to the information to be uploaded.
The information to be uploaded obtained after the step S4 is desensitized information, the desensitized information does not comprise sensitive information focused by a user, and the desensitized information is uploaded to a management center, so that the leakage risk of sensitive files can be greatly reduced.
As shown in fig. 2 and fig. 3, the embodiment of the invention provides an endpoint file security check result information uploading device. The apparatus embodiments may be implemented by software, or may be implemented by hardware or a combination of hardware and software. In terms of hardware, as shown in fig. 2, a hardware architecture diagram of an electronic device where an endpoint file security check result information uploading device provided in an embodiment of the present invention is located is shown, where the electronic device where the embodiment is located may include other hardware, such as a forwarding chip responsible for processing a message, besides a processor, a memory, a network interface, and a nonvolatile memory shown in fig. 2. Taking a software implementation as an example, as shown in fig. 3, the device in a logic sense is formed by reading a corresponding computer program in a nonvolatile memory into a memory by a CPU of an electronic device where the device is located and running the computer program. The device for uploading endpoint file security check result information provided in this embodiment includes:
An acquiring unit 301, configured to acquire information to be uploaded, which is obtained after the endpoint security software performs security inspection on the endpoint; the information to be uploaded comprises suspicious files and file paths of the suspicious files;
the obtaining unit 301 is further configured to obtain an upload policy determined by a user based on a scene condition of the endpoint;
the desensitization processing unit 302 is configured to desensitize the information to be uploaded based on the uploading policy, so as to obtain desensitized information;
and a sending unit 303, configured to upload the desensitization information to a management center.
In one embodiment of the present invention, the obtaining unit 301, when executing the uploading policy determined by the obtaining user based on the scene condition of the endpoint, specifically includes:
responding to a policy configuration request initiated by a user, and displaying a plurality of configurable policies to the user;
determining an uploading strategy composed of at least one strategy selected by a user from the plurality of strategies based on the displayed plurality of strategies; the uploading policy is obtained by configuring each selected policy based on scene conditions of the endpoint after the user selects the at least one policy.
In one embodiment of the present invention, the uploading policy includes at least one of the following policies:
Allowing file uploading of the first file format;
prohibiting uploading of the file in the second file format;
disabling file path upload including the first sensitive character string;
prohibiting file uploading of the file content containing the second sensitive character string;
the file uploading under the first file directory is forbidden;
the file uploading meeting the first condition under the second file directory is forbidden;
allowing the file meeting the second condition to be uploaded under the third file directory;
a plurality of file fragments obtained after the files meeting the third condition are structurally detached, and the suspicious file fragments are allowed to be uploaded;
converting the file path meeting the fourth condition into a hash value, and allowing the hash value to be uploaded; and, a step of, in the first embodiment,
converting the file name satisfying the fifth condition into a hash value, allowing uploading of the hash value.
In one embodiment of the present invention, the desensitizing unit 302 is specifically configured to:
aiming at each suspicious file and the file path of the suspicious file contained in the information to be uploaded, respectively carrying out strategy matching with each strategy in the uploading strategies;
when the strategy matching is carried out with one of the strategies, deleting the suspicious file or file path which is forbidden to be uploaded from the information to be uploaded when the suspicious file or file path which is forbidden to be uploaded by the strategy exists in the information to be uploaded; when the suspicious file or file path meeting the processing conditions required by the policy exists in the information to be uploaded, processing the suspicious file or file path meeting the processing conditions according to the processing rules of the policy, and adding the processed information into the information to be uploaded;
And determining the information to be uploaded obtained after the strategy matching of each strategy in the uploading strategies as desensitization information.
In one embodiment of the present invention, the uploading policy includes: a plurality of file fragments obtained after the files meeting the third condition are structurally detached, and the suspicious file fragments are allowed to be uploaded;
when it is determined that the target suspicious file meeting the third condition is present in the information to be uploaded, processing the target suspicious file meeting the third condition, and adding the information obtained after processing to the information to be uploaded, where the method specifically includes:
performing structure detachment on the target suspicious file to obtain a plurality of file fragments corresponding to the target suspicious file;
determining suspicious and non-suspicious file segments of the plurality of file segments;
and adding suspicious file fragments in the file fragments to the information to be uploaded.
In one embodiment of the present invention, the uploading policy includes: converting the file path meeting the fourth condition into a hash value, and allowing the hash value to be uploaded;
when it is determined that the target file path meeting the fourth condition is present in the information to be uploaded, processing the target file path meeting the fourth condition, and adding the information obtained after processing to the information to be uploaded, where the method specifically includes:
Calculating a hash value of the target file path;
and adding the hash value to the information to be uploaded.
In one embodiment of the present invention, referring to fig. 4, the device for uploading security check result information of an endpoint file may further include:
a receiving unit 304, configured to receive threat information fed back by the management center for the desensitization information;
and the threat tracing unit 305 is configured to trace the threat file based on the hash value in the threat information.
It will be understood that the structure illustrated in the embodiment of the present invention does not constitute a specific limitation on an endpoint file security check result information uploading device. In other embodiments of the invention, an endpoint file security check result information uploading device may include more or fewer components than shown, or may combine certain components, or may split certain components, or may have a different arrangement of components. The illustrated components may be implemented in hardware, software, or a combination of software and hardware.
The content of information interaction and execution process between the modules in the device is based on the same conception as the embodiment of the method of the present invention, and specific content can be referred to the description in the embodiment of the method of the present invention, which is not repeated here.
The embodiment of the invention also provides electronic equipment, which comprises a memory and a processor, wherein the memory stores a computer program, and when the processor executes the computer program, the method for uploading the security check result information of the endpoint file in any embodiment of the invention is realized.
The embodiment of the invention also provides a computer readable storage medium, wherein the computer readable storage medium is stored with a computer program, and when the computer program is executed by a processor, the processor is caused to execute the method for uploading the endpoint file security check result information in any embodiment of the invention.
Specifically, a system or apparatus provided with a storage medium on which a software program code realizing the functions of any of the above embodiments is stored, and a computer (or CPU or MPU) of the system or apparatus may be caused to read out and execute the program code stored in the storage medium.
In this case, the program code itself read from the storage medium may realize the functions of any of the above-described embodiments, and thus the program code and the storage medium storing the program code form part of the present invention.
Examples of the storage medium for providing the program code include a floppy disk, a hard disk, a magneto-optical disk, an optical disk (e.g., CD-ROM, CD-R, CD-RW, DVD-ROM, DVD-RAM, DVD-RW, DVD+RW), a magnetic tape, a nonvolatile memory card, and a ROM. Alternatively, the program code may be downloaded from a server computer by a communication network.
Further, it should be apparent that the functions of any of the above-described embodiments may be implemented not only by executing the program code read out by the computer, but also by causing an operating system or the like operating on the computer to perform part or all of the actual operations based on the instructions of the program code.
Further, it is understood that the program code read out by the storage medium is written into a memory provided in an expansion board inserted into a computer or into a memory provided in an expansion module connected to the computer, and then a CPU or the like mounted on the expansion board or the expansion module is caused to perform part and all of actual operations based on instructions of the program code, thereby realizing the functions of any of the above embodiments.
The embodiments of the invention have at least the following beneficial effects:
1. in one embodiment of the invention, the uploading strategy is determined by the user based on the scene condition of the endpoint, so that after the endpoint security software performs security check on the endpoint to obtain the information to be uploaded, the information to be uploaded can be subjected to desensitization processing by using the uploading strategy, so that the desensitization information contains as little sensitive information as possible, and the desensitization information is uploaded to the management center, thereby reducing the uploading of the sensitive information to the management center and reducing the leakage of the sensitive information.
2. In one embodiment of the invention, a plurality of strategies are preformed in the endpoint, and after a user initiates a strategy configuration request, the strategies can be displayed to the user, so that the user selects at least one strategy from the strategies based on actual scene conditions, and the configuration of the uploading strategy is realized.
3. In one embodiment of the invention, if the target suspicious file is matched, the target suspicious file may contain sensitive information, and in order to reduce the leakage of the sensitive information, the whole target suspicious file may not be uploaded, but part of file fragments in the target suspicious file are uploaded, so that the leakage risk of the sensitive information can be reduced.
4. In one embodiment of the invention, when the suspicious file is structurally detached to obtain a plurality of file fragments, a specified number of suspicious file fragments are randomly selected and uploaded to the management center, so that the management center can ensure that the suspicious file can be comprehensively analyzed and identified by using the uploaded part of suspicious file fragments while the sensitive information is leaked as little as possible, and when the suspicious file is determined to be a threat file, the endpoint can trace the target suspicious file by using the suspicious file fragments.
5. In one embodiment of the invention, the file path containing the sensitive character string is deleted from the information to be uploaded, and the information is uploaded in a hash value mode, so that the risk of leakage of the sensitive information can be reduced, and the hash value can be utilized for file tracing.
It is noted that relational terms such as first and second, and the like, are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one …" does not exclude the presence of additional identical elements in a process, method, article or apparatus that comprises the element.
Those of ordinary skill in the art will appreciate that: all or part of the steps for implementing the above method embodiments may be implemented by hardware related to program instructions, and the foregoing program may be stored in a computer readable storage medium, where the program, when executed, performs steps including the above method embodiments; and the aforementioned storage medium includes: various media in which program code may be stored, such as ROM, RAM, magnetic or optical disks.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.
Claims (5)
1. An endpoint file security check result information uploading method, comprising:
acquiring information to be uploaded, which is obtained after the endpoint security software performs security check on the endpoint; the information to be uploaded comprises suspicious files and file paths of the suspicious files;
Acquiring an uploading strategy determined by a user based on the scene condition of the endpoint;
desensitizing the information to be uploaded based on the uploading strategy to obtain desensitized information;
uploading the desensitization information to a management center;
the obtaining the uploading strategy determined by the user based on the scene condition of the endpoint comprises the following steps:
responding to a policy configuration request initiated by a user, and displaying a plurality of configurable policies to the user;
determining an uploading strategy composed of at least one strategy selected by a user from the plurality of strategies based on the displayed plurality of strategies; the uploading policy is obtained by configuring each selected policy based on scene conditions of the endpoint after the user selects the at least one policy;
the uploading policy includes at least one of the following policies:
allowing file uploading of the first file format;
prohibiting uploading of the file in the second file format;
disabling file path upload including the first sensitive character string;
prohibiting file uploading of the file content containing the second sensitive character string;
the file uploading under the first file directory is forbidden;
the file uploading meeting the first condition under the second file directory is forbidden;
Allowing the file meeting the second condition to be uploaded under the third file directory;
a plurality of file fragments obtained after the files meeting the third condition are structurally detached, and the suspicious file fragments are allowed to be uploaded;
converting the file path meeting the fourth condition into a hash value, and allowing the hash value to be uploaded; and, a step of, in the first embodiment,
converting the file names meeting the fifth condition into hash values, and allowing the hash values to be uploaded;
the desensitizing processing is performed on the information to be uploaded based on the uploading policy to obtain desensitized information, including:
aiming at each suspicious file and the file path of the suspicious file contained in the information to be uploaded, respectively carrying out strategy matching with each strategy in the uploading strategies;
when the strategy matching is carried out with one of the strategies, deleting the suspicious file or file path which is forbidden to be uploaded from the information to be uploaded when the suspicious file or file path which is forbidden to be uploaded by the strategy exists in the information to be uploaded; when the suspicious file or file path meeting the processing conditions required by the policy exists in the information to be uploaded, processing the suspicious file or file path meeting the processing conditions according to the processing rules of the policy, and adding the processed information into the information to be uploaded;
Determining the information to be uploaded obtained after strategy matching of each strategy in the uploading strategies as desensitized information;
the uploading strategy comprises the following steps: a plurality of file fragments obtained after the files meeting the third condition are structurally detached, and the suspicious file fragments are allowed to be uploaded;
when determining that the target suspicious file meeting the third condition is existed in the information to be uploaded, processing the target suspicious file meeting the third condition, and adding the processed information into the information to be uploaded, wherein the method comprises the following steps:
performing structure detachment on the target suspicious file to obtain a plurality of file fragments corresponding to the target suspicious file;
determining suspicious and non-suspicious file segments of the plurality of file segments;
adding suspicious file fragments in the file fragments to the information to be uploaded;
the uploading strategy comprises the following steps: converting the file path meeting the fourth condition into a hash value, and allowing the hash value to be uploaded;
when it is determined that the target file path meeting the fourth condition is present in the information to be uploaded, processing the target file path meeting the fourth condition, and adding the information obtained after processing to the information to be uploaded, where the processing includes:
Calculating a hash value of the target file path;
and adding the hash value to the information to be uploaded.
2. The method as recited in claim 1, further comprising:
threat information fed back by the management center aiming at the desensitization information is received;
and tracing the threat file based on the hash value in the threat information.
3. An endpoint file security check result information uploading apparatus, comprising:
the acquisition unit is used for acquiring information to be uploaded, which is obtained after the endpoint security software performs security check on the endpoint; the information to be uploaded comprises suspicious files and file paths of the suspicious files;
the acquisition unit is further used for acquiring an uploading strategy determined by a user based on the scene condition of the endpoint;
the desensitization processing unit is used for carrying out desensitization processing on the information to be uploaded based on the uploading strategy to obtain desensitized information;
the sending unit is used for uploading the desensitization information to a management center;
the obtaining unit, when executing the uploading policy determined by the obtaining user based on the scene condition of the endpoint, specifically includes:
responding to a policy configuration request initiated by a user, and displaying a plurality of configurable policies to the user;
Determining an uploading strategy composed of at least one strategy selected by a user from the plurality of strategies based on the displayed plurality of strategies; the uploading policy is obtained by configuring each selected policy based on scene conditions of the endpoint after the user selects the at least one policy;
the uploading policy includes at least one of the following policies:
allowing file uploading of the first file format;
prohibiting uploading of the file in the second file format;
disabling file path upload including the first sensitive character string;
prohibiting file uploading of the file content containing the second sensitive character string;
the file uploading under the first file directory is forbidden;
the file uploading meeting the first condition under the second file directory is forbidden;
allowing the file meeting the second condition to be uploaded under the third file directory;
a plurality of file fragments obtained after the files meeting the third condition are structurally detached, and the suspicious file fragments are allowed to be uploaded;
converting the file path meeting the fourth condition into a hash value, and allowing the hash value to be uploaded; and, a step of, in the first embodiment,
converting the file names meeting the fifth condition into hash values, and allowing the hash values to be uploaded;
the desensitization processing unit is specifically used for:
Aiming at each suspicious file and the file path of the suspicious file contained in the information to be uploaded, respectively carrying out strategy matching with each strategy in the uploading strategies;
when the strategy matching is carried out with one of the strategies, deleting the suspicious file or file path which is forbidden to be uploaded from the information to be uploaded when the suspicious file or file path which is forbidden to be uploaded by the strategy exists in the information to be uploaded; when the suspicious file or file path meeting the processing conditions required by the policy exists in the information to be uploaded, processing the suspicious file or file path meeting the processing conditions according to the processing rules of the policy, and adding the processed information into the information to be uploaded;
determining the information to be uploaded obtained after strategy matching of each strategy in the uploading strategies as desensitized information;
the uploading strategy comprises the following steps: a plurality of file fragments obtained after the files meeting the third condition are structurally detached, and the suspicious file fragments are allowed to be uploaded;
when it is determined that the target suspicious file meeting the third condition is present in the information to be uploaded, processing the target suspicious file meeting the third condition, and adding the information obtained after processing to the information to be uploaded, where the method specifically includes:
Performing structure detachment on the target suspicious file to obtain a plurality of file fragments corresponding to the target suspicious file;
determining suspicious and non-suspicious file segments of the plurality of file segments;
adding suspicious file fragments in the file fragments to the information to be uploaded;
the uploading strategy comprises the following steps: converting the file path meeting the fourth condition into a hash value, and allowing the hash value to be uploaded;
when it is determined that the target file path meeting the fourth condition is present in the information to be uploaded, processing the target file path meeting the fourth condition, and adding the information obtained after processing to the information to be uploaded, where the method specifically includes:
calculating a hash value of the target file path;
and adding the hash value to the information to be uploaded.
4. An electronic device comprising a memory and a processor, the memory having stored therein a computer program, the processor implementing the method of any of claims 1-2 when the computer program is executed.
5. A computer readable storage medium having stored thereon a computer program which, when executed in a computer, causes the computer to perform the method of any of claims 1-2.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210439979.7A CN114866532B (en) | 2022-04-25 | 2022-04-25 | Method, device, equipment and medium for uploading security check result information of endpoint file |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210439979.7A CN114866532B (en) | 2022-04-25 | 2022-04-25 | Method, device, equipment and medium for uploading security check result information of endpoint file |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114866532A CN114866532A (en) | 2022-08-05 |
| CN114866532B true CN114866532B (en) | 2023-11-10 |
Family
ID=82632999
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210439979.7A Active CN114866532B (en) | 2022-04-25 | 2022-04-25 | Method, device, equipment and medium for uploading security check result information of endpoint file |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114866532B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116561795B (en) * | 2023-04-26 | 2024-04-16 | 合芯科技(苏州)有限公司 | Data parallel desensitization processing method |
Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103281325A (en) * | 2013-06-04 | 2013-09-04 | 北京奇虎科技有限公司 | Method and device for processing file based on cloud security |
| WO2017036336A1 (en) * | 2015-09-01 | 2017-03-09 | 阿里巴巴集团控股有限公司 | Cloud platform-based service data processing method and device |
| CN107180200A (en) * | 2017-04-20 | 2017-09-19 | 北京同余科技有限公司 | Data file customizable desensitization method and system |
| WO2017175157A1 (en) * | 2016-04-06 | 2017-10-12 | Karamba Security | Secure controller operation and malware prevention |
| CN109450644A (en) * | 2018-11-16 | 2019-03-08 | 华北电力大学 | Home energy source management system protecting information safety scheme Internet-based |
| CN109740363A (en) * | 2019-01-04 | 2019-05-10 | 贵州大学 | Rating documents desensitization encryption method |
| CN109977690A (en) * | 2017-12-28 | 2019-07-05 | 中国移动通信集团陕西有限公司 | A kind of data processing method, device and medium |
| CN110071924A (en) * | 2019-04-24 | 2019-07-30 | 广州知弘科技有限公司 | Big data analysis method and system based on terminal |
| CN110688653A (en) * | 2019-09-29 | 2020-01-14 | 北京可信华泰信息技术有限公司 | Client security protection method and device and terminal equipment |
| CN111914300A (en) * | 2020-09-21 | 2020-11-10 | 安徽长泰信息安全服务有限公司 | Document encryption device and method for preventing file leakage |
| CN111967024A (en) * | 2020-07-10 | 2020-11-20 | 苏州浪潮智能科技有限公司 | File sensitive data protection method and device |
| CN112000992A (en) * | 2020-10-29 | 2020-11-27 | 腾讯科技(深圳)有限公司 | Data leakage prevention protection method and device, computer readable medium and electronic equipment |
| CN112241543A (en) * | 2020-10-27 | 2021-01-19 | 国网福建省电力有限公司信息通信分公司 | Sensitive data combing method based on data middling stage |
| CN113114647A (en) * | 2021-04-01 | 2021-07-13 | 海尔数字科技(青岛)有限公司 | Network security risk detection method and device, electronic equipment and storage medium |
| CN113868698A (en) * | 2021-08-26 | 2021-12-31 | 上海上讯信息技术股份有限公司 | File desensitization method and equipment |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11722513B2 (en) * | 2016-11-30 | 2023-08-08 | Agari Data, Inc. | Using a measure of influence of sender in determining a security risk associated with an electronic message |
-
2022
- 2022-04-25 CN CN202210439979.7A patent/CN114866532B/en active Active
Patent Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103281325A (en) * | 2013-06-04 | 2013-09-04 | 北京奇虎科技有限公司 | Method and device for processing file based on cloud security |
| WO2017036336A1 (en) * | 2015-09-01 | 2017-03-09 | 阿里巴巴集团控股有限公司 | Cloud platform-based service data processing method and device |
| WO2017175157A1 (en) * | 2016-04-06 | 2017-10-12 | Karamba Security | Secure controller operation and malware prevention |
| CN107180200A (en) * | 2017-04-20 | 2017-09-19 | 北京同余科技有限公司 | Data file customizable desensitization method and system |
| CN109977690A (en) * | 2017-12-28 | 2019-07-05 | 中国移动通信集团陕西有限公司 | A kind of data processing method, device and medium |
| CN109450644A (en) * | 2018-11-16 | 2019-03-08 | 华北电力大学 | Home energy source management system protecting information safety scheme Internet-based |
| CN109740363A (en) * | 2019-01-04 | 2019-05-10 | 贵州大学 | Rating documents desensitization encryption method |
| CN110071924A (en) * | 2019-04-24 | 2019-07-30 | 广州知弘科技有限公司 | Big data analysis method and system based on terminal |
| CN110688653A (en) * | 2019-09-29 | 2020-01-14 | 北京可信华泰信息技术有限公司 | Client security protection method and device and terminal equipment |
| CN111967024A (en) * | 2020-07-10 | 2020-11-20 | 苏州浪潮智能科技有限公司 | File sensitive data protection method and device |
| CN111914300A (en) * | 2020-09-21 | 2020-11-10 | 安徽长泰信息安全服务有限公司 | Document encryption device and method for preventing file leakage |
| CN112241543A (en) * | 2020-10-27 | 2021-01-19 | 国网福建省电力有限公司信息通信分公司 | Sensitive data combing method based on data middling stage |
| CN112000992A (en) * | 2020-10-29 | 2020-11-27 | 腾讯科技(深圳)有限公司 | Data leakage prevention protection method and device, computer readable medium and electronic equipment |
| CN113114647A (en) * | 2021-04-01 | 2021-07-13 | 海尔数字科技(青岛)有限公司 | Network security risk detection method and device, electronic equipment and storage medium |
| CN113868698A (en) * | 2021-08-26 | 2021-12-31 | 上海上讯信息技术股份有限公司 | File desensitization method and equipment |
Non-Patent Citations (2)
| Title |
|---|
| "Identity-based Format Preserving Encryption of Data Desensitization Program";X. Zhang, Y. Zhang, G. Luo and W. Chen;《2020 International Conference on Computer Engineering and Application (ICCEA)》 * |
| 基于动态污点跟踪的敏感文件泄露检测方法;李伟明;贺玄;王永剑;;华中科技大学学报(自然科学版)(11);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114866532A (en) | 2022-08-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11924233B2 (en) | Server-supported malware detection and protection | |
| US9953162B2 (en) | Rapid malware inspection of mobile applications | |
| US8479296B2 (en) | System and method for detecting unknown malware | |
| US9692762B2 (en) | Systems and methods for efficient detection of fingerprinted data and information | |
| RU2468426C2 (en) | File conversion in restricted process | |
| EP3899770B1 (en) | System and method for detecting data anomalies by analysing morphologies of known and/or unknown cybersecurity threats | |
| US10348748B2 (en) | Using multiple layers of policy management to manage risk | |
| JP5265061B1 (en) | Malicious file inspection apparatus and method | |
| CN112003838B (en) | Network threat detection method, device, electronic device and storage medium | |
| US20090235357A1 (en) | Method and System for Generating a Malware Sequence File | |
| CN109344611B (en) | Application access control method, terminal equipment and medium | |
| CN104392176A (en) | Mobile terminal and method for intercepting device manager authority thereof | |
| US11288368B1 (en) | Signature generation | |
| CN114866532B (en) | Method, device, equipment and medium for uploading security check result information of endpoint file | |
| KR102180098B1 (en) | A malware detecting system performing monitoring of malware and controlling a device of user | |
| Bhuiyan et al. | API vulnerabilities: Current status and dependencies | |
| KR20140011518A (en) | Method and system to prevent malware code | |
| CN115499240A (en) | Data processing method, device, equipment and medium | |
| CN116663005B (en) | Method, device, equipment and storage medium for defending composite Lesu virus | |
| Rizvi et al. | A Hybrid Framework for Detecting Repackaged Applications on the Android Market | |
| CN114510713A (en) | Method and device for detecting malicious software, electronic equipment and storage medium | |
| CN117610047A (en) | Safety protection method and device for industrial control terminal | |
| CN115048647A (en) | Safety protection method and device | |
| CN113849246A (en) | Plug-in identification method, plug-in loading method, computing device and storage medium | |
| CN115221513A (en) | Malicious file detection method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |