CN115062339A - Data security guarantee method, electronic equipment and storage medium - Google Patents

Data security guarantee method, electronic equipment and storage medium Download PDF

Info

Publication number
CN115062339A
CN115062339A CN202210734768.6A CN202210734768A CN115062339A CN 115062339 A CN115062339 A CN 115062339A CN 202210734768 A CN202210734768 A CN 202210734768A CN 115062339 A CN115062339 A CN 115062339A
Authority
CN
China
Prior art keywords
data
company
intranet
information
client equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210734768.6A
Other languages
Chinese (zh)
Inventor
易旺
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Bank Co Ltd
Original Assignee
Ping An Bank Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Bank Co Ltd filed Critical Ping An Bank Co Ltd
Priority to CN202210734768.6A priority Critical patent/CN115062339A/en
Publication of CN115062339A publication Critical patent/CN115062339A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V30/00Character recognition; Recognising digital ink; Document-oriented image-based pattern recognition
    • G06V30/10Character recognition

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • General Engineering & Computer Science (AREA)
  • Bioethics (AREA)
  • Databases & Information Systems (AREA)
  • Medical Informatics (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Multimedia (AREA)
  • Computer And Data Communications (AREA)

Abstract

The application discloses a data security guarantee method, electronic equipment and a storage medium, wherein the method comprises the following steps: monitoring communication interaction between intranet client equipment and an extranet of a company by using a network probe; when the network probe monitors that the client equipment in the intranet of the company sends data to the extranet, the data sent by the client equipment in the intranet of the company is captured by using a sniffing technology, and the content of the data sent by the client equipment in the intranet of the company is analyzed; and carrying out corresponding processing according to the analysis result of the content of the transmitted data. The data sent by the intranet client of the company can be monitored, captured and analyzed, the data can be managed, and the data can be correspondingly processed according to the analysis result, so that the data safety of the company is guaranteed, and the possibility of company data leakage is reduced.

Description

Data security guarantee method, electronic equipment and storage medium
Technical Field
The present application relates to the field of data processing, and in particular, to a data security guaranteeing method, an electronic device, and a storage medium.
Background
With the rapid development of networks, the progress of information technology, the difficulty of security work is increased, and the challenges are more encountered.
At present, the security means of a company is mainly embodied in that security knowledge training is performed on employees, special equipment for work is equipped, and the like, but sometimes, due to negligence, the employees still upload sensitive information or key information of the company to a public network, so that a serious information security crisis is caused, and disastrous influence is caused on the company.
Disclosure of Invention
In order to solve the above problems, the present application provides at least a data security method, an electronic device, and a storage medium, which can reduce the possibility of company data leakage.
A first aspect of the present application provides a data security ensuring method, including: monitoring communication interaction between intranet client equipment and an extranet of a company by using a network probe; when the network probe monitors that the client equipment in the intranet of the company sends data to the extranet, the data sent by the client equipment in the intranet of the company is captured by using a sniffing technology, and the content of the data sent by the client equipment in the intranet of the company is analyzed; and carrying out corresponding processing according to the analysis result of the content of the transmitted data.
According to the scheme, the data sent by the intranet client of the company can be monitored, captured and analyzed, the data can be managed, and the data can be correspondingly processed according to the analysis result, so that the safety of the company data is guaranteed, and the possibility of company data leakage is reduced.
In some embodiments, the capturing data sent by the corporate intranet client device includes: obtaining a label of the client equipment of the internal network of the company from the data; the performing corresponding processing according to the result of analyzing the content of the transmitted data includes: and determining the authority corresponding to the intranet client equipment according to the label, and monitoring the intranet client equipment if the authority corresponding to the intranet client equipment is lower than a preset level, wherein the label is used for representing the operation authority of the intranet client equipment, and different labels are marked on the intranet client equipment at different MAC addresses.
Through the label of the intranet client equipment, the operation authority of the intranet client equipment can be determined, the intranet client equipment with the monitoring operation authority lower than the preset level is monitored, the data monitoring efficiency is improved, and different processing methods can be formulated according to different operation authorities.
In some embodiments, the monitoring the intranet client device includes: and monitoring the process opened by the intranet client equipment of the company.
By monitoring the process of opening the intranet client equipment, the current corresponding operation of the intranet client equipment on the data can be determined.
In some embodiments, the content of the transmitted data includes: packet data and/or file data, the analyzing of the content of the data, comprising: and analyzing whether the data packet data and/or the file data comprise company sensitive words or key information.
By processing the data packet data and/or the file data, whether various types of data comprise company sensitive words or key information or not can be analyzed accurately and comprehensively, and the accuracy of analysis is improved.
In some embodiments, said analyzing whether said package data and/or file data includes company sensitive words and key information comprises: and analyzing whether the information in the data packet data comprises company sensitive words and key information or not through an AI technology, and/or analyzing whether the information in the file data comprises company sensitive words and key information or not through an optical recognition technology.
By selecting different processing modes for different data types, the accuracy and efficiency of analyzing whether the information in the sent data comprises company sensitive words and key information are improved.
The analyzing whether the information in the packet data includes company sensitive words and key information by using an AI technique includes: utilizing a natural language processing technology to perform lexical analysis, syntactic analysis and semantic analysis on information in data packet data, identifying keywords in the data packet data, screening out company sensitive words and key information through the keywords, and analyzing whether information in the file data comprises the company sensitive words and the key information through an optical identification technology, wherein the method comprises the following steps: and identifying keywords in the file data by utilizing a character identification and character detection technology, and screening out company sensitive words and key information through the keywords.
The accuracy and efficiency of analyzing the data of the data packet are improved by a natural language processing technology and an optical recognition technology, and the accuracy and efficiency of analyzing the data of the file are improved by a character recognition technology and a character detection technology.
In some embodiments, the company sensitive words and key information include: at least one of company name, company logo, code word sample and key name.
By setting the range and the type of the company sensitive words and the key information, the accuracy and the efficiency of analyzing the information in the transmitted data are improved.
In some embodiments, the performing corresponding processing on the transmitted data includes: in response to the data not containing sensitive information, allowing transmission of the transmitted data; in response to the data containing sensitive information, preventing the sent data from being sent, and warning by using a popup window; and/or responsive to the data containing sensitive information, preventing transmission of the transmitted data, and performing a disruptive replacement of the transmitted data with a plunging force.
According to different conditions, different processing modes are set, and the protection of data is enhanced.
A second aspect of the present application provides an electronic device, which includes a memory and a processor coupled to each other, where the processor is configured to execute program instructions stored in the memory to implement the data security method in the first aspect.
A third aspect of the present application provides a non-transitory computer-readable storage medium, on which program instructions are stored, and the program instructions, when executed by a processor, implement the data security method in the first aspect.
According to the scheme, the data sent by the intranet client of the company can be monitored, captured and analyzed, the data can be managed, and the data can be correspondingly processed according to the analysis result, so that the safety of the company data is guaranteed, and the possibility of company data leakage is reduced.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present application and, together with the description, serve to explain the principles of the application.
Fig. 1 is a schematic flowchart of an embodiment of a data security assurance method according to the present application.
Fig. 2 is a schematic diagram of a framework of an embodiment of an electronic device of the present application.
FIG. 3 is a block diagram of one embodiment of a non-volatile computer-readable storage medium of the present application.
Detailed Description
The following describes in detail the embodiments of the present application with reference to the drawings attached hereto.
In the following description, for purposes of explanation and not limitation, specific details are set forth such as particular system structures, interfaces, techniques, etc. in order to provide a thorough understanding of the present application.
The term "and/or" herein is merely an association describing an associated object, meaning that three relationships may exist, e.g., a and/or B, may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" herein generally indicates that the former and latter related objects are in an "or" relationship. Further, the term "plurality" herein means two or more than two. In addition, the term "at least one" herein means any one of a plurality or any combination of at least two of a plurality, for example, including at least one of A, B, C, and may mean including any one or more elements selected from the group consisting of A, B and C.
If the technical scheme of the present application relates to personal information, a product applying the technical scheme of the present application clearly informs personal information processing rules and obtains personal self-approval before processing the personal information. If the technical scheme of the application relates to sensitive personal information, a product applying the technical scheme of the application obtains individual consent before processing the personal information, and simultaneously meets the requirement of 'express consent'. For example, at a personal information collection device such as a camera, a clear and significant flag is set to inform that the personal information collection range is entered, the personal information is collected, and if the person voluntarily enters the collection range, the person is considered as agreeing to collect the personal information; or on the device for processing the personal information, under the condition of informing the personal information processing rule by using obvious identification/information, obtaining personal authorization by modes of popping window information or asking a person to upload personal information of the person by himself, and the like; the personal information processing rule may include information such as a personal information processor, a personal information processing purpose, a processing method, and a type of personal information to be processed.
Referring to fig. 1, fig. 1 is a schematic flow chart of an embodiment of a data security method according to the present application. The main body of the data security method may be a data security apparatus, for example, the data security method may be executed by a terminal device or a server or other processing device, where the terminal device may be a User Equipment (UE), a mobile device, a User terminal, a cellular phone, a cordless phone, a Personal Digital Assistant (PDA), a handheld device, a computing device, a vehicle-mounted device, a wearable device, or the like. In some possible implementations, the data securing method may be implemented by a processor calling computer readable instructions stored in a memory.
Specifically, as shown in fig. 1, the method may include the steps of:
step S11: and monitoring the communication interaction between the intranet client equipment and the extranet of the company by using the network probe.
The network probe is a component for capturing, filtering, and analyzing data in the internet and a company intranet client device, and may be set in a company network management system, a company intranet client device, or both the company intranet client device and the company network management system according to actual conditions, where the company intranet client device is a client device connected to a company private network, or other client devices within a specified range, for example, a client device not connected to the company private network but provided with the company network probe.
The extranet refers to a network outside a private network of a company, such as a public network, an external website, and the like, and monitors communication interaction between the intranet client device and the extranet through a network probe, for example: and monitoring data sent by the intranet client equipment to the extranet and data sent by the extranet to the intranet client equipment through the network probe.
Step S12: when the network probe monitors that the intranet client equipment of the company sends data to the extranet, the sniffing technology is utilized to capture the data sent by the intranet client equipment of the company, and the content of the data sent by the intranet client equipment of the company is analyzed.
Sniffing technology is used for capturing data sent by a client device in an intranet of a company, and generally an ARP spoofing method is used, namely a data packet sending address is changed by changing a MAC address and the like.
Optionally, a sniffing technique may be used to obtain data packets flowing through the network, and after the sent data is captured, the data packets are analyzed to check whether the sent data contains company sensitive information, for example: analyzing by equipment in the network management system to check whether the sent data contains company sensitive information; for another example: the analysis program built in the intranet client analyzes the transmitted data to check whether the transmitted data contains company sensitive information, and it should be noted that, for the intranet client device of the company with a network probe inside, the transmitted data can also be acquired through the network probe.
Step S13: and performing corresponding processing according to the analysis result of the content of the transmitted data.
Analyzing the content of the data sent by the intranet client equipment of the company, and performing corresponding processing according to the analysis result, for example: and if the content of the data sent by the client equipment in the company intranet comprises company sensitive information, the sent data is prevented from being sent, further processing is carried out according to the type and the quantity of the included sensitive information, and if the data sent by the client equipment in the company intranet does not comprise the sensitive information, the sent data is allowed to be sent.
In the embodiment, the data sent by the intranet client of the company is monitored, captured and analyzed, so that the data is managed, and the data is correspondingly processed according to the analysis result, so that the data safety of the company is guaranteed, and the possibility of company data leakage is reduced.
As described above, according to the result of analyzing the content of the transmitted data, the corresponding processing is performed, and in some embodiments, the capturing of the data transmitted by the intranet client device includes: obtaining a label of the client equipment of the internal network of the company from the data; according to the result of analyzing the content of the transmitted data, the corresponding processing comprises the following steps: and determining the authority corresponding to the intranet client equipment according to the label, and monitoring the intranet client equipment if the authority corresponding to the intranet client equipment is lower than a preset level, wherein the label is used for representing the operation authority of the intranet client equipment, and different labels are marked on the intranet client equipment at different MAC addresses.
The label is used for representing the operation authority of different company intranet clients, and the preset level is used for determining whether to monitor the company intranet clients, and can be preset, for example: the number of times of monitoring company sensitive information and keywords in the data sent by the company intranet client device a is within the preset frequency range, and it can be considered that the possibility that the company intranet client device a reveals the company key information is low, the operation authority of the data can be properly improved, that is, the supervision degree on the company intranet client device a is reduced, otherwise, if the number of times of monitoring the company sensitive information and the keywords in the data sent by the company intranet client device a is outside the preset frequency range, the operation authority of the company intranet client device a is properly reduced, that is, the preset level of the company intranet client device a is reduced, so that the supervision degree on the company intranet client device a is increased.
For another example: the method comprises the steps of setting a company network management system device as a high-level operation authority, setting other company intranet devices as low-level operation authorities, namely monitoring other company intranet devices under a preset level, wherein monitoring is used for detecting various operations of the company intranet client devices on data.
Alternatively, the company-specific device is set to a high-level authority. In general, the setting of the authority and the label is set according to the actual situation and the company policy, and is not limited herein.
In the embodiment, the operation authority of the intranet client equipment can be determined through the label of the intranet client equipment, the monitoring operation authority is lower than that of the intranet client equipment at the preset level, the data monitoring efficiency is improved, and different processing methods can be formulated according to different operation authorities.
As described above, monitoring corporate intranet client devices below a preset level, in some embodiments, monitoring corporate intranet client devices includes: and monitoring the process opened by the intranet client equipment of the company.
A Process (Process) is a running activity of a program in a client in an intranet of a company about a certain data set, is a basic unit for resource allocation and scheduling of a client system, and is an entity of the program. Monitoring a process opened by a client device in an intranet of a company, for example: monitoring a file process opened by the intranet client equipment of the company, for example: monitoring a judging process opened by the intranet client equipment of the company.
In other embodiments, a process opened by a client in an intranet of a company and an operation performed on data by the process are monitored, and an operation state of the process on a data packet is determined, where the operation state of the process on the data packet is, for example: the process receives data from the outside, transfers data between processes, and transmits data to the outside. When the process is monitored to send data to the outside, the process sending the data is recorded, and the data sent by the process can be captured subsequently through a sniffing technology.
In this embodiment, by monitoring the process of opening the intranet client device, the current corresponding operation performed on the data by the intranet client device can be determined.
As described above, the content of the transmitted data is analyzed, and in some embodiments, the content of the transmitted data includes: data packet data and/or file data, the content of which is analyzed, comprising: analyzing whether the data packet and/or the data file include company sensitive words or key information.
A Data packet (also called a packet) is a formatted Data unit, when an intranet client device interacts with an extranet, the Data packet needs to be sent to the extranet first, and after receiving the Data packet, the extranet returns the Data packet of the extranet according to the address of the sent Data packet. The file data can be picture format data uploaded by a company intranet client and can be obtained by uploading the picture format data by the company intranet client.
Further, when capturing data sent by a client in a company intranet, judging the format of the sent data, analyzing the content of the sent data by selecting different processing modes, for example, selecting different analysis methods for data packet data and file data, and analyzing and extracting company sensitive words or key information.
In the embodiment, by processing the data packet data and/or the file data, whether the various types of data include company sensitive words or key information can be accurately and comprehensively analyzed, and the accuracy of analysis is improved.
As described above, analyzing whether the data includes the company sensitive words or the key information, and in some embodiments, analyzing whether the data package and/or the file data includes the company sensitive words and the key information includes: and analyzing whether the information in the data packet comprises company sensitive words and key information or not through an AI technology, and/or analyzing whether the information in the file data comprises company sensitive words and key information or not through an optical recognition technology.
The AI technology is used for analyzing whether the information in the packet data includes company sensitive words and key information, for example, whether the text information in the packet includes company sensitive words and key information, and the AI technology is used for extracting key words from the text in the packet data and extracting company sensitive words and key information from the packet data, wherein the key words may be information set by any company, such as names of people, places, codes, and the like.
Further, Optical Character Recognition (OCR) refers to a technique of determining a Character shape by detecting dark and light patterns in an image, then translating the shape into a computer Character by a Character Recognition method, converting a Character included in picture format information in document data into a recognizable computer Character by an Optical Recognition technique, and analyzing whether the Character includes a company sensitive word and key information.
In the embodiment, different processing modes are selected for different data types, so that the accuracy and efficiency of analyzing whether the information in the sent data comprises company sensitive words and key information are improved.
As described above, analyzing whether the data includes the company sensitive words or the key information by the AI technology and the optical recognition technology, and in some embodiments, analyzing whether the information in the packet data includes the company sensitive words and the key information by the AI technology includes: utilize natural language processing technology, carry out lexical analysis, syntactic analysis and semantic analysis to the information in the data packet data, discern the keyword in the data packet data, screen out company's sensitive word and key information through the keyword, through optical recognition technology, whether the information in the analysis file data includes company's sensitive word and key information includes: and identifying keywords in the file data by using a character identification and character detection technology, and screening out company sensitive words and key information through the keywords.
Natural Language Processing (NLP), whose goal is to let computers/machines understand the meaning of natural language text.
The lexical analysis scans a source program from left to right one by one to generate word symbols, modifies a text serving as a character string into a text composed of word symbol strings, and judges the type of a character according to the next character of the character. Syntactic analysis refers to the analysis of the grammatical functions of words in a sentence, and semantic analysis examines the text for context-related properties and classifies the content with the same properties for understanding the text information. Through the natural language processing technology, lexical analysis, syntactic analysis and semantic analysis are carried out on text information in the sent data, the syntactic structure of sentences in the sent data or the dependency relationship among words in the sentences is extracted, and through the lexical analysis, the syntactic analysis, the semantic analysis and other operations on the sent data, different weights can be given to different components or words in the sentences, so that keywords in the data packet data are extracted, and company sensitive words and key information are screened out through the keywords.
The text detection is used for identifying and detecting the text in the contract image, for example: the method comprises the steps of firstly finding character parts of pictures in file data, finding out an upper limit and a lower limit of each line, cutting the lines, finding out left and right boundaries of each character for each line, cutting the single character to obtain a single character image in a picture text, further obtaining characters corresponding to each character image through a character recognition technology, namely converting the character image into computer characters, setting different rules of character detection and character recognition according to actual conditions to obtain keywords in the file data, and screening out company sensitive words and keyword information through the keywords.
In some embodiments, a training set and a test set may be obtained in advance from data sent by a client on an intranet of a company, and a deep learning model is trained to further process the data packet after being processed by lexical analysis, syntactic analysis, and semantic analysis, or the file data after being processed by text detection and text recognition, so as to obtain the data packet or the company sensitive words and key information in the file data according to the extracted keywords. The deep learning model may be of the type: the model type may be selected according to actual conditions, and is not limited herein.
In another embodiment, a keyword library and a code library may be preset, where the keyword library and the code library are databases for storing company sensitive words and key information, and sentence components extracted from the data packet data after lexical analysis, syntactic analysis, and semantic analysis are compared with data in the keyword library and the code library, for example: and if the certain component is determined to be a code after extracting the keywords through lexical analysis, syntactic analysis and semantic analysis, comparing the certain component with data in a code library, and if the certain component is determined to be a name after extracting the keywords through lexical analysis, syntactic analysis and semantic analysis, comparing the certain component with data in the key library, thereby extracting fragments with similarity higher than a threshold value with the data in the word library and the code library in the data packet data.
Further, the keywords of the file data obtained after the character detection and the character recognition are compared with the data in the keyword library and the code library, so that the segments with the similarity higher than the threshold value with the data in the word library and the code library in the file data are extracted.
In this embodiment, the accuracy and efficiency of analyzing the data of the data packets are improved by the natural language processing technology and the optical recognition technology, and the accuracy and efficiency of analyzing the data of the document are improved by the character recognition and character detection technology.
As described above, analyzing whether the sent data includes the company sensitive words or the key information, in some embodiments, the company sensitive words and the key information include: at least one of company name, company logo, code word sample and key name.
Sensitive words and key information of the company include: at least one of company name, company logo, code word sample and key name, and different company sensitive words and key information ranges can be set according to actual conditions, and are not described in detail herein.
In the embodiment, the accuracy and the efficiency of analyzing the information in the transmitted data are improved by setting the range and the type of the company sensitive words and the key information.
As described above, the corresponding processing is performed on the transmitted data, and in some embodiments, the corresponding processing is performed on the transmitted data, and includes: in response to the data not containing sensitive information, allowing the transmitted data to be transmitted; in response to the data containing sensitive information, preventing the sent data from being sent, and warning by using a popup window; and/or performing a disruptive replacement of the transmitted data with a plunging replacement in response to the data containing sensitive information, preventing transmission of the transmitted data.
After analyzing the transmitted data, if the transmitted data does not find the sensitive information, the transmitted data is allowed to be transmitted, and if the transmitted data finds the sensitive information after being analyzed, the transmitted data is firstly prevented from being transmitted and then is further processed.
In some embodiments, after the data sent is blocked from being sent to the extranet, a pop-up window is used to warn, for example, by a graphical interface pop-up window and to remind the company staff to check the data sent.
In other embodiments, after the sent data is prevented from being sent to the external network, the sent data is subjected to a disruptive replacement process, i.e., the sent data is modified, destroyed or replaced, so that the integrity of the sent data is destroyed, and the sent data cannot be sent and is lost.
In still other embodiments, after the sent data is prevented from being sent to the external network, the sent data is sent to a company network management system and a network manager is reminded to review the data.
The different processing modes can be selected according to the type and quantity of the discovered sensitive information or company strategies.
In this embodiment, different processing modes are set according to different situations, so that protection of data is enhanced.
It will be understood by those skilled in the art that in the method of the present invention, the order of writing the steps does not imply a strict order of execution and any limitations on the implementation, and the specific order of execution of the steps should be determined by their function and possible inherent logic.
According to the scheme, the data sent by the intranet client of the company can be monitored, captured and analyzed, the data can be managed, and the data can be correspondingly processed according to the analysis result, so that the safety of the company data is guaranteed, and the possibility of company data leakage is reduced.
In some embodiments, the monitoring the client device of the intranet of the company includes: and monitoring the process opened by the intranet client equipment of the company.
In some embodiments, the content of the transmitted data includes: packet data and/or file data, the analyzing of the content of the data, comprising: and analyzing whether the data packet data and/or the file data comprise company sensitive words or key information.
In some embodiments, said analyzing whether said package data and/or file data includes company sensitive words and key information comprises: and analyzing whether the information in the data packet data comprises company sensitive words and key information or not through an AI technology, and/or analyzing whether the information in the file data comprises company sensitive words and key information or not through an optical recognition technology.
In some embodiments, the analyzing whether the information in the packet data includes company sensitive words and key information by the AI technique includes: utilizing a natural language processing technology to perform lexical analysis, syntactic analysis and semantic analysis on information in data packet data, identifying keywords in the data packet data, screening out company sensitive words and key information through the keywords, and analyzing whether information in the file data comprises the company sensitive words and the key information through an optical identification technology, wherein the method comprises the following steps: and identifying keywords in the file data by using a character identification and character detection technology, and screening out company sensitive words and key information by the keywords.
In some embodiments, the company sensitive words and key information include: at least one of company name, company logo, code word sample and key name.
In some embodiments, the performing corresponding processing on the transmitted data includes: in response to the data not containing sensitive information, allowing transmission of the transmitted data; in response to the data containing sensitive information, preventing the sent data from being sent, and warning by using a popup window; and/or responsive to the data containing sensitive information, preventing transmission of the transmitted data, and performing a disruptive replacement of the transmitted data with a plunging force.
Referring to fig. 2, fig. 2 is a schematic diagram of a frame of an embodiment of an electronic device according to the present application. The electronic device 20 comprises a memory 21 and a processor 22 coupled to each other, and the processor 22 is configured to execute program instructions stored in the memory 21 to implement the steps of any of the above-described embodiments of the data security method. In one particular implementation scenario, electronic device 20 may include, but is not limited to: a microcomputer, a server, and the electronic device 20 may also include a mobile device such as a notebook computer, a tablet computer, and the like, which is not limited herein.
In particular, the processor 22 is configured to control itself and the memory 21 to implement the steps of any of the above-described embodiments of the data securing method. The processor 22 may also be referred to as a CPU (Central Processing Unit). The processor 22 may be an integrated circuit chip having signal processing capabilities. The Processor 22 may also be a general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic, discrete hardware components. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. In addition, the processor 22 may be commonly implemented by an integrated circuit chip.
Referring to fig. 3, fig. 3 is a block diagram illustrating an embodiment of a non-volatile computer readable storage medium 30 according to the present application. The non-transitory computer readable storage medium 30 stores program instructions 301 capable of being executed by a processor, and the program instructions 301 are used for implementing the steps of any of the embodiments of the data security method described above.
In some embodiments, functions of or modules included in the apparatus provided in the embodiments of the present disclosure may be used to execute the method described in the above method embodiments, and specific implementation thereof may refer to the description of the above method embodiments, and for brevity, will not be described again here.
The foregoing description of the various embodiments is intended to highlight various differences between the embodiments, and the same or similar parts may be referred to each other, and for brevity, will not be described again herein.
In the several embodiments provided in the present application, it should be understood that the disclosed method and apparatus may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, a division of a module or a unit is merely one type of logical division, and an actual implementation may have another division, for example, a unit or a component may be combined or integrated with another system, or some features may be omitted, or not implemented. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection of devices or units through some interfaces, and may be in an electrical, mechanical or other form.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be substantially implemented or contributed to by the prior art, or all or part of the technical solution may be embodied in a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, a network device, or the like) or a processor (processor) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.

Claims (10)

1. A data security guarantee method is characterized by comprising the following steps:
monitoring communication interaction between intranet client equipment and an extranet of a company by using a network probe;
when the network probe monitors that the client equipment in the intranet of the company sends data to the extranet, the data sent by the client equipment in the intranet of the company is captured by using a sniffing technology, and the content of the data sent by the client equipment in the intranet of the company is analyzed;
and carrying out corresponding processing according to the analysis result of the content of the transmitted data.
2. The data security assurance method of claim 1,
the capturing of the data sent by the client device in the company intranet comprises:
obtaining a label of the client equipment of the internal network of the company from the data;
the performing corresponding processing according to the result of analyzing the content of the transmitted data includes:
and determining the authority corresponding to the intranet client equipment according to the label, and monitoring the intranet client equipment if the authority corresponding to the intranet client equipment is lower than a preset level, wherein the label is used for representing the operation authority of the intranet client equipment, and different labels are marked on the intranet client equipment at different MAC addresses.
3. The data security guarantee method according to claim 2, wherein the monitoring the intranet client device comprises:
and monitoring the process opened by the intranet client equipment of the company.
4. The data security method of claim 1, wherein the content of the transmitted data comprises:
the packet data and/or the file data,
the analyzing the content of the data comprises: and analyzing whether the data packet data and/or the file data comprise company sensitive words or key information.
5. The data security assurance method of claim 4,
the analyzing whether the data packet data and/or the file data comprise company sensitive words and key information includes:
analyzing whether the information in the data packet data comprises the company sensitive words and key information and/or by an AI technology
And analyzing whether the information in the file data comprises the company sensitive words and key information or not by an optical recognition technology.
6. The data security assurance method of claim 5,
analyzing whether the information in the packet data includes the company sensitive words and key information by using an AI technique, including:
utilizing natural language processing technology to make lexical analysis, syntactic analysis and semantic analysis of information in the data packet data, identifying key words in the data packet data, screening out the company sensitive words and key information by the key words in the data packet data,
analyzing whether the information in the document data comprises the company sensitive words and key information by an optical recognition technology, wherein the analysis comprises the following steps:
and identifying keywords in the file data by using a character identification and character detection technology, and screening out the company sensitive words and the key information by using the keywords in the file data.
7. The data security guarantee method of claim 4, wherein the company sensitive words and the key information comprise:
at least one of company name, company logo, code word sample and key name.
8. The data security assurance method of claim 1, wherein the performing corresponding processing on the transmitted data comprises:
in response to the data not containing sensitive information, allowing transmission of the transmitted data;
in response to the data containing sensitive information, preventing the sent data from being sent, and warning by using a popup window; and/or
Responsive to the data containing sensitive information, preventing transmission of the transmitted data, and performing a disruptive replacement of the transmitted data with a dump.
9. An electronic device comprising a memory and a processor coupled to each other, the processor being configured to execute program instructions stored in the memory to implement the data security method of any one of claims 1 to 8.
10. A non-transitory computer readable storage medium having stored thereon program instructions, wherein the program instructions, when executed by a processor, implement the data security method of any one of claims 1 to 8.
CN202210734768.6A 2022-06-25 2022-06-25 Data security guarantee method, electronic equipment and storage medium Pending CN115062339A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210734768.6A CN115062339A (en) 2022-06-25 2022-06-25 Data security guarantee method, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210734768.6A CN115062339A (en) 2022-06-25 2022-06-25 Data security guarantee method, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
CN115062339A true CN115062339A (en) 2022-09-16

Family

ID=83202674

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210734768.6A Pending CN115062339A (en) 2022-06-25 2022-06-25 Data security guarantee method, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN115062339A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116996329A (en) * 2023-09-26 2023-11-03 云账户技术(天津)有限公司 Enterprise information management method, device, equipment and storage medium based on cloud intranet

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116996329A (en) * 2023-09-26 2023-11-03 云账户技术(天津)有限公司 Enterprise information management method, device, equipment and storage medium based on cloud intranet
CN116996329B (en) * 2023-09-26 2024-01-30 云账户技术(天津)有限公司 Enterprise information management method, device, equipment and storage medium based on cloud intranet

Similar Documents

Publication Publication Date Title
CN107547555B (en) Website security monitoring method and device
US9628507B2 (en) Advanced persistent threat (APT) detection center
US9215197B2 (en) System, method, and computer program product for preventing image-related data loss
CN106713067B (en) Sensitive file circulation monitoring method based on DPI
CN102571767A (en) File type recognition method and file type recognition device
CN107948199B (en) Method and device for rapidly detecting terminal shared access
EP2290579B1 (en) Non-sensitive-passage database for cut-and-paste attack detection systems
CN114553523A (en) Attack detection method and device based on attack detection model, medium and equipment
CN113949526A (en) Access control method and device, storage medium and electronic equipment
CN110602030A (en) Network intrusion blocking method, server and computer readable medium
CN108446543B (en) Mail processing method, system and mail proxy gateway
CN115062339A (en) Data security guarantee method, electronic equipment and storage medium
CN114422271B (en) Data processing method, device, equipment and readable storage medium
CN113378161A (en) Security detection method, device, equipment and storage medium
US11651080B2 (en) Sentiment analysis for securing computer code
CN116738369A (en) Traffic data classification method, device, equipment and storage medium
CN115865486B (en) Network intrusion detection method and system based on multi-layer perception convolutional neural network
CN110287722B (en) Sensitive permission extraction method for privacy regulation check in iOS application
CN114143074B (en) webshell attack recognition device and method
US20230315848A1 (en) Forensic analysis on consistent system footprints
CN115563288A (en) Text detection method and device, electronic equipment and storage medium
CN114266906A (en) Method, device, medium, and program product for identifying violation data at user side
CN113949528A (en) Access control method and device based on flow data, storage medium and equipment
KR101893029B1 (en) Method and Apparatus for Classifying Vulnerability Information Based on Machine Learning
US20220237238A1 (en) Training device, determination device, training method, determination method, training method, and determination program

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination