CN115145941A - Information management method, system and computer readable storage medium - Google Patents

Information management method, system and computer readable storage medium Download PDF

Info

Publication number
CN115145941A
CN115145941A CN202211068358.9A CN202211068358A CN115145941A CN 115145941 A CN115145941 A CN 115145941A CN 202211068358 A CN202211068358 A CN 202211068358A CN 115145941 A CN115145941 A CN 115145941A
Authority
CN
China
Prior art keywords
intelligence
threat
output
threat intelligence
database
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202211068358.9A
Other languages
Chinese (zh)
Other versions
CN115145941B (en
Inventor
王云赫
徐彬
薛锋
任政
童兆丰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing ThreatBook Technology Co Ltd
Original Assignee
Beijing ThreatBook Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing ThreatBook Technology Co Ltd filed Critical Beijing ThreatBook Technology Co Ltd
Priority to CN202211068358.9A priority Critical patent/CN115145941B/en
Publication of CN115145941A publication Critical patent/CN115145941A/en
Application granted granted Critical
Publication of CN115145941B publication Critical patent/CN115145941B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/23Updating
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2457Query processing with adaptation to user needs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • Databases & Information Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computational Linguistics (AREA)
  • Computer Hardware Design (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses an intelligence management method, an intelligence management system and a computer readable storage medium. The method comprises the following steps: periodically acquiring threat intelligence updating data from a plurality of intelligence sources, storing the threat intelligence updating data into a local memory for a local security module to use, and filing the acquired threat intelligence updating data into a database for storage according to the corresponding data sources and the acquisition time in real time; based on an output strategy configured by a user, periodically screening corresponding threat intelligence updating data from the database and transmitting the threat intelligence updating data to other equipment serving as a client; and the other equipment performs security defense by using the acquired threat intelligence updating data. The information management scheme provided by the invention not only can be used for filing and managing third-party threat information, but also can be used for enabling information of other equipment in a safe and customized manner.

Description

Information management method, system and computer readable storage medium
Technical Field
The invention relates to the field of information security, in particular to an information management method, system and computer readable storage medium which can collect threat information update data of each information source in time and can endow information for other equipment (especially equipment in the same unit) in a customized mode.
Background
With the development of IT technology and communication technology, the network environment is becoming more and more complex. Particularly, due to the application of technologies such as cloud computing and virtualization, the host boundary, the network boundary and the communication boundary become more fuzzy, the concealment of network attacks is enhanced, and a plurality of new attack targets and new attack means are brought forward.
In order to deal with a variety of attack means on the network, protect sensitive information or valuable information, and prevent information assets from being stolen, tampered and illegally utilized, many network security companies gradually master and informationize a certain amount of ways and methods for identifying different network attacks based on information and experiences such as historical attacks, known bugs and attack methods. Such an information-based method and method for identifying a network attack is called security intelligence, and is also called threat intelligence update data. Some of the commercial security information, which has high accuracy, fast update, wide coverage and needs a certain cost, is called high-value security information. Since the security information owned by any security company cannot be complete, there must be some security information owned by others or companies but not owned by others. Therefore, for enterprises needing network security defense, the accuracy, the coverage and the timeliness of information updating of the information of each company are concerned. Only if the safety information of the selected safety company is updated quickly, accurately and widely, the self can be helped to resist the network attack to the maximum extent, and the information assets of the self can be prevented from being stolen or damaged. Therefore, it is desired that the defender can use information of more than one security company to form a defense system in which information of a plurality of security companies mutually make up for each other. In addition, most defense parties need to protect not only own information assets but also information assets of downstream organizations, and how to timely acquire threat intelligence update data of various intelligence sources and safely transmit safety intelligence to level equipment and downstream equipment in the defense parties becomes a technical problem to be solved.
Disclosure of Invention
In order to meet the requirement that a defender hopes to synthesize multiple intelligence sources and obtains threat intelligence updating data with wide coverage and high accuracy in time. The invention provides an intelligence management method, an intelligence management system and a computer readable storage medium.
The information management system can collect and manage threat information updating data of various information sources in time, and can safely and timely give the acquired information updating data to clients needing defense in a customized mode.
The first aspect of the present invention provides an information management system. The system comprises: a Threat Intelligence Platform (TIP) device and several clients. The threat intelligence platform apparatus includes: the system comprises an information acquisition module, an information output module and a database. The intelligence acquisition module periodically acquires threat intelligence update data from a plurality of intelligence sources, stores the threat intelligence update data into a local memory for use by the local security module, and files the acquired threat intelligence update data into a database in real time according to the corresponding data sources and the acquisition time for storage. And the intelligence output module outputs corresponding threat intelligence updating data to the plurality of clients based on an output strategy configured by a user. And the plurality of clients perform security defense by using the acquired threat intelligence update data. The period of threat intelligence update data acquired by the intelligence acquisition module from a specific intelligence source can be adjusted/set according to actual requirements.
Further, the configuration content of the output policy includes a target client terminal for receiving corresponding threat intelligence update data, and the intelligence output module supports a plurality of output policies simultaneously.
Further, the configuration content of the output policy further includes: output intelligence limit parameters, encryption configuration parameters and output frequency. And the intelligence output module periodically screens threat intelligence updating data which is defined by output intelligence limiting parameters in a specific output strategy from the database according to the output frequency in the specific output strategy, encrypts the threat intelligence updating data according to an encryption mode specified by encryption configuration parameters in the specific output strategy, generates a threat intelligence updating file to be transmitted, and stores the threat intelligence updating file to be transmitted to a corresponding storage path for a relevant client to obtain.
Further, the encryption configuration parameters include: encryption algorithm, encryption key, encrypted output file name and compression format. The information output module encrypts threat information updating data screened out from the database by adopting an encryption algorithm and an encryption key set by encryption configuration parameters in a specific output strategy to generate a threat information updating file to be transmitted, wherein the output file name and the compression format are specified by the encryption configuration parameters in the specific output strategy, and the threat information updating file to be transmitted is stored in a corresponding storage path for being acquired by a related client.
Further, the output intelligence defining parameters include: intelligence source, output field, acquisition time range and threat level. And the intelligence source in the output intelligence limiting parameter is used for limiting the acquisition intelligence source for outputting threat intelligence updating data. And the output field is used for limiting the field of each piece of threat intelligence in the output threat intelligence updating data. The parameter of the time range is used for limiting the time range of the output threat intelligence updating data before the current output moment. And the threat level is used for limiting the threat level of each piece of intelligence in the output threat intelligence updating data.
Furthermore, the intelligence output module also determines to acquire threat intelligence update data which is defined by the output intelligence limiting parameters from the database in a full amount mode or an increment mode based on whether the value of the parameter of the acquisition time range is set or not, and encrypts the threat intelligence update data to generate a threat data update file for outputting. The concrete implementation is as follows: if the acquisition time range parameter is not set, acquiring threat intelligence update data which is defined by other parameters in the output intelligence limiting parameters from the database in a full-scale mode according to the output frequency configured by a specific output strategy, encrypting the threat intelligence update data, generating a threat intelligence update file to be transmitted, and outputting the threat intelligence update file; and if not, acquiring threat intelligence update data which is within the parameter value of the acquisition time range from the current output moment and accords with the limit of other parameters in the output intelligence limit parameters from the database in an incremental mode according to the output frequency configured by the specific output strategy, encrypting the threat intelligence update data, generating a threat intelligence update file to be transmitted, and outputting the threat intelligence update file.
Further, before storing the threat intelligence update data in a local memory and a database, the intelligence acquisition module identifies the threat level of each piece of threat intelligence in the threat intelligence update data, and files each piece of threat intelligence in the database after adding corresponding threat level identification information to the threat intelligence for storage.
A second aspect of the invention provides a threat intelligence management method. The method comprises the following steps: periodically acquiring threat intelligence updating data from a plurality of intelligence sources by using computer equipment, storing the threat intelligence updating data into a local memory for a local security module to use, and filing the acquired threat intelligence updating data into a database for storage according to the corresponding data source and the acquisition time in real time; screening corresponding threat intelligence updating data from the database based on an output strategy configured by a user, and transmitting the threat intelligence updating data to other equipment serving as a client; and the other equipment utilizes the acquired threat intelligence update data to carry out security defense. The implementation details of the intelligence management method are the same as the processing of obtaining and outputting threat intelligence update data by the threat intelligence management system, and are not described herein again.
A third aspect of the invention provides a computer-readable storage medium. The computer-readable storage medium has stored thereon program code that, when executed by a computer, implements the above-described threat intelligence management method.
The information management scheme provided by the invention not only can timely collect and manage data update of various information sources, but also can quickly and accurately provide threat information update data for the interior of a defense enterprise and other clients of upstream and downstream organizations so as to timely and comprehensively enhance the defense capability of a defense party on threats such as network attack, information stealing and the like.
Drawings
FIG. 1 is a diagram of an intelligence management system framework provided by the present invention.
Fig. 2 is a schematic diagram illustrating the content of the output policy in the present invention.
Detailed Description
In order to make the technical problems, technical solutions and advantages solved by the present invention more apparent, the present invention is further described in detail below with reference to the accompanying drawings. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
As shown in fig. 1, the intelligence management system provided by the present invention includes: threat intelligence platform device (TIP device) and several clients (client 1, client 2 shown in fig. 1). The threat intelligence platform apparatus includes: the system comprises an information acquisition module, an information output module and a database. The intelligence acquisition module is used for periodically acquiring threat intelligence update data from a plurality of intelligence sources, storing the threat intelligence update data into a local memory for use by the local security module, and filing the threat intelligence update data into the database for persistent storage according to the acquisition data source and the acquisition time corresponding to the specific threat intelligence update data. In addition, in order to facilitate the user to manage the database, the intelligence acquisition module is also provided with an interface for configuring/operating the database. The intelligence acquisition module acquires the period of threat intelligence update data from a specific intelligence source, and can be adjusted/set according to actual requirements. For example, the intelligence acquisition module may be configured to acquire threat intelligence update data from a corresponding intelligence source at a frequency of every 30 minutes.
The intelligence output module outputs corresponding threat intelligence update data to the plurality of clients based on a plurality of output strategies (an output strategy 1 and an output strategy 2 shown in fig. 1) configured by a user, namely the intelligence output module simultaneously supports a plurality of output strategies. In order to facilitate the user to set the output strategy in the intelligence output module, an interface for the user to configure the output strategy is also arranged in the database. Preferably, the configuration content of the output policy includes specifying a target client to receive corresponding threat intelligence update data. And the plurality of clients perform security defense by using the acquired threat intelligence update data. Preferably, the plurality of clients are other devices different from the TIP device, or computer security applications or computer protection software provided on different devices.
As shown in fig. 2, the configuration content of the output policy includes: output intelligence limit parameters, encryption configuration parameters and output frequency. The output intelligence defining parameters include: intelligence source, output field, time range and threat level of output threat intelligence. The encryption configuration parameters comprise: encrypting mode parameters, outputting files and compressing formats; the encryption mode parameters comprise: a selected encryption algorithm, an encryption key, or a parameter that generates an encryption key. Preferably, the encryption key or the parameter for generating the encryption key may be set to be a variable (e.g., a variable related to time/date) to enhance the security of encrypted data transmission, so as to avoid the potential safety hazard of data leakage caused by using fixed key encryption.
The information output module periodically screens threat information updating data which is in accordance with the output information limited parameter limit in the specific output strategy from the database according to the output frequency set in the specific output strategy, encrypts according to the encryption mode specified by the encryption configuration parameter in the specific output strategy to generate a threat information updating file to be transmitted, wherein the output file name and the compression format are specified by the encryption configuration parameter in the specific output strategy, and stores the threat information updating file to be transmitted to a corresponding storage path for a related client to obtain. Preferably, the TIP device generates a URL for each threat intelligence update file to be transmitted generated by the output policy, and the client calls (for example, through a browser) the corresponding URL to download the corresponding threat intelligence update data update file. In addition, in the embodiment shown in fig. 1, the TIP device further receives authentication/permission credential information of the client, which is used to perform permission authentication on the client device accessing the TIP device, so as to prevent an illegal client device from accessing the TIP device to obtain threat intelligence update data.
Furthermore, the intelligence source in the output intelligence limiting parameter is used for limiting the acquisition intelligence source for outputting threat intelligence updating data; the output field is used for limiting the field of each piece of threat intelligence in the output threat intelligence updating data; the parameter of the time range is used for limiting the time range of the output threat intelligence updating data before the current output moment. And the intelligence output module also determines whether to encrypt threat intelligence update data which accords with the limit of the output intelligence limiting parameters in a full mode or an incremental mode based on the configuration value of the parameter of the acquisition time range, generates a threat intelligence update file to be transmitted and outputs the update file. In one embodiment, if the value of the parameter of the acquisition time range is not set, the intelligence output module acquires threat intelligence update data meeting the limit of the output intelligence limiting parameter from the database in a full mode according to the configured output frequency, encrypts the threat intelligence update data, generates a threat intelligence update file to be transmitted and outputs the threat intelligence update file; and if not, the information output module acquires threat information updating data which is within the acquisition time range parameter value from the current output moment and accords with the limitation of other parameters in the output information limiting parameters from the database in an increment mode according to the configured output frequency, encrypts the threat information updating data, generates a threat information updating file to be transmitted and outputs the threat information updating file.
Further, before storing the threat intelligence update data in a local memory and a database, the intelligence acquisition module identifies the threat level of each piece of threat intelligence in the threat intelligence update data, attaches corresponding threat level identification information to each piece of threat intelligence, and files the threat intelligence into the database for storage. Preferably, the intelligence acquisition module updates a specific field (a field for identifying threat severity) of each piece of threat intelligence in the data according to the threat intelligence, and maps the threat level of each piece of intelligence to one of severe, high, medium, low and basic information according to a built-in rule.
Correspondingly, the invention also provides a threat information management method. The method comprises the following steps: periodically acquiring threat intelligence updating data from a plurality of intelligence sources by using computer equipment, storing the threat intelligence updating data into a local memory for a local security module to use, and filing the acquired threat intelligence updating data into a database for storage according to the corresponding data source and the acquisition time in real time; screening corresponding threat intelligence updating data from the database based on an output strategy configured by a user, and transmitting the threat intelligence updating data to other equipment serving as a client; and the other equipment performs security defense by using the acquired threat intelligence updating data. The implementation details of the intelligence management method are the same as the processing of obtaining and outputting threat intelligence update data by the threat intelligence management system, and are not described herein again.
The third aspect of the present invention also provides a computer-readable storage medium. The computer-readable storage medium has stored thereon program code that, when executed by a computer, implements the above-described threat intelligence management method. The computer-readable storage media types include, but are not limited to, ROM, RAM, and optical disks on which information is recorded.
The above-mentioned embodiments are only used to illustrate the technical solutions of the present application, and not to limit the same. Although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not depart from the spirit and scope of the corresponding technical solutions.

Claims (15)

1. An intelligence management system, the system comprising: a Threat Intelligence Platform (TIP) device and a number of clients; the threat intelligence platform apparatus includes: the system comprises an information acquisition module, an information output module and a database; the intelligence acquisition module periodically acquires threat intelligence update data from a plurality of intelligence sources, stores the threat intelligence update data into a local memory for use by the local security module, and files the acquired threat intelligence update data into a database for storage according to the corresponding acquisition data source and acquisition time in real time; the intelligence output module outputs corresponding threat intelligence updating data to the plurality of client sides based on an output strategy configured by a user; and the plurality of clients perform security defense by using the acquired threat intelligence update data.
2. The intelligence management system of claim 1, wherein the configuration of the output policy comprises: outputting an intelligence limit parameter, an encryption configuration parameter and an output frequency; and the intelligence output module periodically screens threat intelligence updating data which is defined by output intelligence limiting parameters in a specific output strategy from the database according to the output frequency in the specific output strategy, encrypts the threat intelligence updating data according to an encryption mode specified by encryption configuration parameters in the specific output strategy, generates a threat intelligence updating file to be transmitted, and stores the threat intelligence updating file to be transmitted to a corresponding storage path for a relevant client to obtain.
3. Intelligence management system according to claim 2, characterized in that the encryption configuration parameters comprise: an encryption algorithm, an encryption key, an encrypted output file name and a compression format; the information output module encrypts threat information updating data screened out from the database by adopting an encryption algorithm and an encryption key set by encryption configuration parameters in a specific output strategy to generate a threat information updating file to be transmitted, wherein the output file name and the compression format are specified by the encryption configuration parameters in the specific output strategy, and the threat information updating file to be transmitted is stored in a corresponding storage path to be acquired by a related client.
4. The intelligence management system of claim 2, wherein the output intelligence defining parameters include: the information source outputs fields, and a time range and a threat level are obtained; the intelligence source in the output intelligence limited parameter is used for limiting the acquisition intelligence source for outputting threat intelligence updating data; the output field is used for limiting the field of each piece of threat intelligence in the output threat intelligence updating data; the parameter of the time range is used for limiting the time range of the output threat intelligence updating data before the current output moment; and the threat level is used for limiting the threat level of each piece of intelligence in the output threat intelligence updating data.
5. The intelligence management system of claim 4, wherein the intelligence output module further determines to obtain threat intelligence update data complying with the output intelligence restriction parameter from the database in a full or incremental manner for encrypted output based on whether the value of the parameter of the acquisition time range is set; the concrete implementation is as follows: if the acquisition time range parameter is not set, acquiring threat intelligence updating data which is defined by other parameters in the output intelligence limiting parameters from the database in a full-scale mode according to the output frequency configured by a specific output strategy for encrypting and outputting; otherwise, acquiring threat intelligence updating data which is within the parameter value of the acquisition time range from the current output moment and accords with the limit of other parameters in the output intelligence limiting parameters from the database in an incremental mode according to the output frequency configured by the specific output strategy, and carrying out encryption output.
6. The intelligence management system of any of claims 1-5, wherein prior to storing the obtained threat intelligence update data in local memory and a database, the intelligence acquisition module identifies a threat level of each piece of threat intelligence in the obtained threat intelligence update data, and files each piece of threat intelligence in the database for storage after attaching corresponding threat level identification information.
7. The intelligence management system of claim 6, wherein configuration content of the outgoing policies includes specifying targeted clients that receive corresponding threat intelligence update data, the intelligence output module supporting a plurality of the outgoing policies simultaneously.
8. A threat intelligence management method, the method comprising: periodically acquiring threat intelligence updating data from a plurality of intelligence sources by using computer equipment, storing the threat intelligence updating data into a local memory for a local security module to use, and filing the acquired threat intelligence updating data into a database for storage according to the corresponding acquired data source and the acquisition time in real time; screening corresponding threat intelligence updating data from the database based on an output strategy configured by a user, and transmitting the threat intelligence updating data to other equipment serving as a client; and the other equipment utilizes the acquired threat intelligence update data to carry out security defense.
9. The threat intelligence management method of claim 8, wherein the screening of the database for corresponding threat intelligence update data to other devices acting as clients based on the user-configured output policy is implemented as: and periodically screening threat intelligence updating data which is defined by output intelligence limiting parameters in the specific output strategy from the database according to the output frequency specified in the specific output strategy, and encrypting according to an encryption mode specified by encryption configuration parameters in the specific output strategy to generate a threat intelligence updating file to be transmitted and storing the threat intelligence updating file to be transmitted to a corresponding storage path for a related client to obtain.
10. The threat intelligence management method of claim 9, wherein the encryption configuration parameters comprise: an encryption algorithm, an encryption key, an encrypted output file name and a compression format; encrypting according to the encryption mode specified by the encryption configuration parameters to generate a threat information update file to be transmitted, and realizing that: and encrypting threat information update data screened out from the database by adopting an encryption algorithm and an encryption key set by encryption configuration parameters in a specific output strategy to generate a threat information update file to be transmitted, wherein the output file name and the compression format are specified by the encryption configuration parameters in the specific output strategy, and storing the threat information update file to be transmitted to a corresponding storage path for a related client to obtain.
11. The threat intelligence management method of claim 9, wherein the output intelligence defining parameters comprise: the information source outputs fields, and a time range and a threat level are obtained; the intelligence source in the output intelligence limiting parameter is used for limiting the obtaining intelligence source for outputting threat intelligence updating data; the output field is used for limiting the field of each piece of threat intelligence in the output threat intelligence updating data; the parameter of the time range is used for limiting the time range of the output threat intelligence updating data before the current output moment; and the threat level is used for limiting the threat level of each piece of intelligence in the output threat intelligence updating data.
12. The threat intelligence management method of claim 11, the method further comprising: and determining to acquire threat intelligence update data meeting the limit of the output intelligence limiting parameter from the database in a full amount mode or an incremental mode for encrypted output based on whether the value of the parameter of the acquisition time range is set, wherein the specific implementation is as follows: if the acquisition time range parameter is not set, the threat information platform equipment acquires threat information updating data which is in accordance with the limit of the output information limiting parameter from the database in a full mode according to the configured output frequency, and encrypts and outputs the threat information updating data; otherwise, the threat intelligence platform equipment acquires threat intelligence update data which is within the acquisition time range parameter value from the database at the current output moment and conforms to other parameter limits in the output intelligence limit parameters in an incremental mode according to the configured output frequency, and encrypts and outputs the threat intelligence update data.
13. The threat intelligence management method of any one of claims 8-11, wherein the method further comprises: before storing the threat intelligence updating data in a local memory and a database, identifying the threat level of each piece of threat intelligence in the threat intelligence updating data, adding corresponding threat level identification information to each piece of threat intelligence, and then filing the threat intelligence into the database for storage.
14. The threat intelligence management method of claim 13, the method further comprising: the configuration content of the output strategy is set to include a target client end for receiving corresponding threat intelligence updating data, and the threat intelligence platform equipment supports a plurality of output strategies simultaneously.
15. A computer-readable storage medium having stored thereon program code that, when executed by a computer, implements the threat intelligence management method of any of claims 8-14.
CN202211068358.9A 2022-09-02 2022-09-02 Information management method, system and computer readable storage medium Active CN115145941B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211068358.9A CN115145941B (en) 2022-09-02 2022-09-02 Information management method, system and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211068358.9A CN115145941B (en) 2022-09-02 2022-09-02 Information management method, system and computer readable storage medium

Publications (2)

Publication Number Publication Date
CN115145941A true CN115145941A (en) 2022-10-04
CN115145941B CN115145941B (en) 2022-12-16

Family

ID=83416074

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211068358.9A Active CN115145941B (en) 2022-09-02 2022-09-02 Information management method, system and computer readable storage medium

Country Status (1)

Country Link
CN (1) CN115145941B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116781432A (en) * 2023-08-24 2023-09-19 北京微步在线科技有限公司 Information data updating method and device, computer equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150207809A1 (en) * 2011-05-31 2015-07-23 Tyson Macaulay System and method for generating and refining cyber threat intelligence data
US20190220580A1 (en) * 2016-06-23 2019-07-18 Logdog Information Security Ltd. Distributed user-centric cyber security for online-services
CN114417329A (en) * 2021-12-08 2022-04-29 国家电网有限公司信息通信分公司 Threat information production and analysis method based on federal learning
CN114500048A (en) * 2022-01-26 2022-05-13 南方电网数字电网研究院有限公司 External threat information analysis method and system based on network security

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150207809A1 (en) * 2011-05-31 2015-07-23 Tyson Macaulay System and method for generating and refining cyber threat intelligence data
US20190220580A1 (en) * 2016-06-23 2019-07-18 Logdog Information Security Ltd. Distributed user-centric cyber security for online-services
CN114417329A (en) * 2021-12-08 2022-04-29 国家电网有限公司信息通信分公司 Threat information production and analysis method based on federal learning
CN114500048A (en) * 2022-01-26 2022-05-13 南方电网数字电网研究院有限公司 External threat information analysis method and system based on network security

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116781432A (en) * 2023-08-24 2023-09-19 北京微步在线科技有限公司 Information data updating method and device, computer equipment and storage medium
CN116781432B (en) * 2023-08-24 2024-05-28 北京微步在线科技有限公司 Information data updating method and device, computer equipment and storage medium

Also Published As

Publication number Publication date
CN115145941B (en) 2022-12-16

Similar Documents

Publication Publication Date Title
CN111164948B (en) Managing network security vulnerabilities using blockchain networks
US6499110B1 (en) Method and apparatus for facilitating information security policy control on a per security engine user basis
Ongtang et al. Porscha: Policy oriented secure content handling in Android
US8286253B1 (en) Data leakage prevention for resource limited device
CN112270012B (en) Device, method and system for distributed data security protection
US20200403996A1 (en) Activity Based Authorization for Accessing and Operating Enterprise Infrastructure
US20200059487A1 (en) Verifying network subsystem integrity with blockchain
US11489660B2 (en) Re-encrypting data on a hash chain
CN104903861B (en) Clipboard management
KR101838973B1 (en) Agent based security threat monitoring system using white list
CN110490741B (en) Device and method for managing data validity and controllability in block chain
CN111064701A (en) Shared data security access control method, device, equipment and medium
CN115145941B (en) Information management method, system and computer readable storage medium
Lee et al. Rcryptect: Real-time detection of cryptographic function in the user-space filesystem
CN117459327B (en) Cloud data transparent encryption protection method, system and device
CN111597584B (en) Privacy protection and data sharing method, device and equipment based on blockchain
CN115221538B (en) Encryption method and system suitable for financial data
CN114826790B (en) Block chain monitoring method, device, equipment and storage medium
CN107332840B (en) Intelligent authority management system and method
KR101993723B1 (en) Security policy automation support system and method
US20220100900A1 (en) Modifying data items
Anjum et al. Uncovering Software Supply Chains Vulnerability: A Review of Attack Vectors, Stakeholders, and Regulatory Frameworks
CN117993017B (en) Data sharing system, method, device, computer equipment and storage medium
US20220385683A1 (en) Threat management using network traffic to determine security states
Sun et al. On the Development of a Protection Profile Module for Encryption Key Management Components

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant