CN116644474A - Data security analysis method and related device - Google Patents

Data security analysis method and related device Download PDF

Info

Publication number
CN116644474A
CN116644474A CN202310638548.8A CN202310638548A CN116644474A CN 116644474 A CN116644474 A CN 116644474A CN 202310638548 A CN202310638548 A CN 202310638548A CN 116644474 A CN116644474 A CN 116644474A
Authority
CN
China
Prior art keywords
data
analyzed
systems
target
determining
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310638548.8A
Other languages
Chinese (zh)
Inventor
张恩兵
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Bank of China Ltd
Original Assignee
Bank of China Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bank of China Ltd filed Critical Bank of China Ltd
Priority to CN202310638548.8A priority Critical patent/CN116644474A/en
Publication of CN116644474A publication Critical patent/CN116644474A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/22Indexing; Data structures therefor; Storage structures
    • G06F16/2228Indexing structures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/02Banking, e.g. interest calculation or account maintenance

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Finance (AREA)
  • Accounting & Taxation (AREA)
  • Software Systems (AREA)
  • Databases & Information Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Data Mining & Analysis (AREA)
  • Health & Medical Sciences (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Strategic Management (AREA)
  • Technology Law (AREA)
  • General Business, Economics & Management (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the application discloses a data security analysis method and a related device, which can be used for determining a data link topology corresponding to data to be analyzed in order to improve the security of the data, wherein the data link topology is used for identifying a plurality of related systems when the data to be analyzed is applied, and the data authority corresponding to the systems respectively refers to the use authority of the systems to the data, and can identify the use mode of the systems which can be executed on the data. Therefore, the processing equipment can conduct security check on the systems according to the data link topology, and whether abnormal application of the data to be analyzed exists in the systems or not is determined. The application can detect the data use condition in a targeted way based on the use condition of the data to be analyzed in each system, so that the comprehensiveness and accuracy of the data detection can be improved, and the data safety is ensured.

Description

Data security analysis method and related device
Technical Field
The present application relates to the field of data processing technologies, and in particular, to a data security analysis method and a related device.
Background
Legal application and security management of data are the core of banking system and the basis for ensuring customer service. The existing banking system lacks an effective monitoring means for data security application, and if the security awareness of technicians is light or the use of the banking system is convenient, the risk of illegally intercepting and illegally using business data through the association system exists.
Disclosure of Invention
In order to solve the technical problems, the application provides
The embodiment of the application discloses the following technical scheme:
in a first aspect, an embodiment of the present application discloses a data security analysis method, where the method includes:
determining a data link topology corresponding to data to be analyzed, wherein the data link topology is used for identifying a plurality of related systems when the data to be analyzed is applied and data authorities respectively corresponding to the systems;
and carrying out safety check on the systems according to the data link topology, and determining whether abnormal application of the data to be analyzed exists in the systems or not.
In one possible implementation manner, the determining the data link topology corresponding to the data to be analyzed includes:
determining a source system, a direct association system and an indirect association system corresponding to the data to be analyzed, wherein the source system is a system for generating the data to be analyzed, the direct association system is a system directly connected with the source system, and the indirect association system is a system which is not directly connected with the source system and is directly connected with the direct association system;
and determining the data authority corresponding to the direct association system and the indirect association system respectively according to the data type corresponding to the data to be analyzed.
In one possible implementation, the data rights include storable applicable, non-storable applicable, and non-storable non-applicable, the security checking the plurality of systems according to the data link topology includes:
respectively taking the systems as target systems, and determining whether the system storage data of the target systems have the data to be analyzed or not according to the target systems and the response to the data authority corresponding to the target systems being non-storable and applicable;
if the system storage data of the target system contains the data to be analyzed, judging that the data to be analyzed has abnormal application in the target system;
determining whether the data to be analyzed exists in system storage data and system interface data of the target system or not according to the data authority corresponding to the target system as non-storable and non-applicable;
if the system storage data or the system interface data of the target system contain the data to be analyzed, judging that the data to be analyzed have abnormal application in the target system.
In one possible implementation manner, the determining whether the system storage data of the target system has the data to be analyzed includes:
determining the similarity between the system storage data of the target system and the data to be analyzed through a data analysis model;
and determining that the data to be analyzed exists in the system storage data of the target system in response to the similarity exceeds a preset threshold.
In one possible implementation, the method further includes:
and generating data security alarm information in response to abnormal application of the data to be analyzed in the systems.
In a second aspect, an embodiment of the present application discloses a data security analysis apparatus, the apparatus including a first determination unit and a second determination unit:
the first determining unit is configured to determine a data link topology corresponding to data to be analyzed, where the data link topology is used to identify a plurality of systems related to the application of the data to be analyzed, and data rights corresponding to the plurality of systems respectively;
and the second determining unit is used for carrying out security check on the systems according to the data link topology and determining whether the systems have abnormal application to the data to be analyzed.
In one possible implementation manner, the first determining unit is specifically configured to:
determining a source system, a direct association system and an indirect association system corresponding to the data to be analyzed, wherein the source system is a system for generating the data to be analyzed, the direct association system is a system directly connected with the source system, and the indirect association system is a system which is not directly connected with the source system and is directly connected with the direct association system;
and determining the data authority corresponding to the direct association system and the indirect association system respectively according to the data type corresponding to the data to be analyzed.
In a possible implementation manner, the data authority includes storable applicable, non-storable applicable, and non-storable non-applicable, and the second determining unit is specifically configured to:
respectively taking the systems as target systems, and determining whether the system storage data of the target systems have the data to be analyzed or not according to the target systems and the response to the data authority corresponding to the target systems being non-storable and applicable;
if the system storage data of the target system contains the data to be analyzed, judging that the data to be analyzed has abnormal application in the target system;
determining whether the data to be analyzed exists in system storage data and system interface data of the target system or not according to the data authority corresponding to the target system as non-storable and non-applicable;
if the system storage data or the system interface data of the target system contain the data to be analyzed, judging that the data to be analyzed have abnormal application in the target system.
In a possible implementation manner, the second determining unit is specifically configured to:
determining the similarity between the system storage data of the target system and the data to be analyzed through a data analysis model;
and determining that the data to be analyzed exists in the system storage data of the target system in response to the similarity exceeds a preset threshold.
In a possible implementation manner, the apparatus further includes a generating unit:
the generating unit is used for generating data security alarm information in response to the abnormal application of the data to be analyzed in the systems.
In a third aspect, embodiments of the present application disclose a computer device comprising a processor and a memory:
the memory is used for storing program codes and transmitting the program codes to the processor;
the processor is configured to execute the data security analysis method according to any one of the first aspects according to instructions in the program code.
In a fourth aspect, an embodiment of the present application discloses a computer readable storage medium for storing a computer program for executing the data security analysis method according to any one of the first aspects.
In a fifth aspect, an embodiment of the application discloses a computer program product comprising instructions which, when run on a computer, cause the computer to perform the data security analysis method of any of the first aspects.
According to the technical scheme, in order to improve the safety of data, the data link topology corresponding to the data to be analyzed can be determined first, the data link topology is used for identifying a plurality of related systems when the data to be analyzed is applied, and the data authority corresponding to the systems respectively refers to the use authority of the systems for the data, and the use mode of the systems which can execute the data can be identified. Therefore, the processing equipment can conduct security check on the systems according to the data link topology, and whether abnormal application of the data to be analyzed exists in the systems or not is determined. The application can detect the data use condition in a targeted way based on the use condition of the data to be analyzed in each system, so that the comprehensiveness and accuracy of the data detection can be improved, and the data safety is ensured.
Drawings
In order to more clearly illustrate the embodiments of the application or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of a data security analysis method according to an embodiment of the present application;
fig. 2 is a block diagram of a data security analysis device according to an embodiment of the present application.
Detailed Description
Embodiments of the present application are described below with reference to the accompanying drawings.
It will be appreciated that the method may be applied to a processing device that is capable of data security analysis, for example, a terminal device or a server having data security analysis functionality. The method can be independently executed by the terminal equipment or the server, can also be applied to a network scene of communication between the terminal equipment and the server, and is executed by the cooperation of the terminal equipment and the server. The terminal equipment can be a computer, a mobile phone and other equipment. The server can be understood as an application server or a Web server, and can be an independent server or a cluster server in actual deployment.
Referring to fig. 1, fig. 1 is a flowchart of a data security analysis method according to an embodiment of the present application, where the method includes:
s201: and determining the data link topology corresponding to the data to be analyzed.
The data to be analyzed can be any data needing to be subjected to data security analysis, the data link topology is used for identifying a plurality of systems related to the application of the data to be analyzed, and data authorities respectively corresponding to the systems, wherein the data authorities refer to the use authorities of the systems to the data to be analyzed, and the use modes of the systems which can be executed to the data to be analyzed can be identified.
S102: and carrying out security check on the systems according to the data link topology, and determining whether abnormal application of the data to be analyzed exists in the systems.
Because the data link topology can show the use mode of each system for the data to be analyzed in safe use, based on the data link topology, the processing equipment can carry out targeted detection on the use condition of each system for the data, thereby determining whether a plurality of systems have abnormal application for the data to be analyzed.
According to the technical scheme, in order to improve the safety of data, the data link topology corresponding to the data to be analyzed can be determined first, the data link topology is used for identifying a plurality of related systems when the data to be analyzed is applied, and the data authority corresponding to the systems respectively refers to the use authority of the systems for the data, and the use mode of the systems which can execute the data can be identified. Therefore, the processing equipment can conduct security check on the systems according to the data link topology, and whether abnormal application of the data to be analyzed exists in the systems or not is determined. The application can detect the data use condition in a targeted way based on the use condition of the data to be analyzed in each system, so that the comprehensiveness and accuracy of the data detection can be improved, and the data safety is ensured.
In one possible implementation manner, when determining a data link topology corresponding to data to be analyzed, a processing device may first determine a source system, a direct association system and an indirect association system corresponding to the data to be analyzed, where the source system is a system generating the data to be analyzed, the direct association system is a system directly connected to the source system, and the indirect association system is a system not directly connected to the source system and directly connected to the direct association system.
Among other things, it is understood that different types of data may also have different requirements for data security. Therefore, in order to improve the accuracy and rationality of the data security analysis, the processing device may determine the usage rights of various systems to the data to be analyzed in conjunction with the data type of the data to be analyzed. The processing device can determine the data authority corresponding to the direct association system and the indirect association system respectively according to the data type corresponding to the data to be analyzed.
In one possible implementation, the data authority includes a storable applicable, a non-storable applicable and a non-storable non-applicable, wherein the storable applicable refers to that the system can apply the data to be analyzed and can also store the data to be analyzed, and the non-storable applicable refers to that the system can apply the data to be analyzed but cannot store the data to be analyzed; non-storable and non-applicable means that the system is not able to store nor apply the data to be analyzed.
When the plurality of systems are subjected to security inspection according to the data link topology, the processing equipment can respectively take the plurality of systems as target systems, and for the target systems, the processing equipment can determine whether system storage data of the target systems have the data to be analyzed or not in response to the fact that the data authority corresponding to the target systems is non-storable and applicable, wherein the system storage data of the target systems refer to the data stored by the target systems.
If the system storage data of the target system has the data to be analyzed, the target system is specified to store the data to be analyzed illegally, so that abnormal application of the data to be analyzed in the target system can be judged.
In response to the data authority corresponding to the target system being non-storable and non-applicable, the processing device may determine whether the data to be analyzed exists in the system storage data and the system interface data of the target system, if so, it indicates that the target system applies the data to be analyzed, and if not, it indicates that the data to be analyzed is not applied. Therefore, if the system storage data or the system interface data of the target system contain the data to be analyzed, the processing device can determine that the data to be analyzed have abnormal application in the target system.
In one possible implementation, in order to improve the accuracy of the data security analysis, the processing device may perform in combination with a model analysis when determining whether the system storage data of the target system has the data to be analyzed. The processing device may determine, through a data analysis model, a similarity between the system storage data of the target system and the data to be analyzed, and in response to the similarity exceeding a preset threshold, the processing device may determine that the system storage data of the target system has the data to be analyzed. Therefore, even if the data to be analyzed changes in the process of data storage or application, the data to be analyzed can be detected, and the safe analysis of the data to be analyzed is realized.
In one possible implementation, in response to the presence of abnormal applications to the data to be analyzed in the plurality of systems, the processing device may generate data security alert information, which may be used to record data abnormal applications and inform the relevant personnel, in order to facilitate the relevant personnel to learn about the data security problem.
For example, in an actual application scenario, the processing device may define a system range of the directly associated node and a secondary node range corresponding to the data source by establishing a transaction link topology between systems, and define a security application check range of each item of data in combination with a data security check rule.
The processing device can automatically identify whether illegal interception and illegal application of source sensitive data exist or not based on similarity analysis of the source system and the service interfaces of the associated system, interaction records and association check of system storage data. And finally, respectively carrying out early warning prompt based on the risk level of the research and judgment result, and ensuring the safe application and intelligent monitoring of the data.
The link topology between the systems defines the connection relation between the systems, the topology nodes comprise a source system and a data flow direction generated by data, if sensitive data only limit the maintainability and storage of the source system according to the safety application rule, the allowable application range of the data is only a node corresponding system directly connected with the source system in a topological mode, the direct association system is not storable, the secondary node system is not applicable (systems except the direct association node belong to the secondary node), namely the direct association node is not capable of storing the corresponding data and providing corresponding information according to online and batch interfaces for external release, and the secondary node is also not capable of carrying out application storage and release on the data which is not authorized to be used. In the application process, according to the security management requirement, the security sensitivity level of each data can be set, and the corresponding security inspection level is matched, so that the inspection range is definitely defined, wherein the level 1 is a system directly related to the source system, the level 2 is a direct and indirect related system taking the data source system as the center, and the like, and according to the correlation principle, the closer to the source system, the stronger the corresponding correlation is, and the lower the correlation and the possibility of illegal application are.
And secondly, according to the security application checking range of the data security level and the topological connection relation, combining with the establishment of a security application analysis model, analyzing and judging the data security application condition. The data security application analysis model is mainly used for judging whether the sensitive data of the source system are stored in the association system and an external service interface thereof after being directly or indirectly deformed through interception and conversion, and if yes, illegal interception and illegal application are carried out on the sensitive data of the source. In the analysis process, the data items provided to the association system by the source system through the interface are combined with the data content stored by the association system, the interaction histories in the external service interface are subjected to similarity analysis and correlation regression statistics, the similarity degree result of the processed and deformed data items and the source data items is automatically identified, and the risk level of the data security application of each association node of the source system is generated. And finally, respectively carrying out early warning prompt or emergency response based on the risk level of the research and judgment result, and ensuring the safe application and intelligent monitoring of the data.
Based on the data security analysis method provided by the foregoing embodiment, the embodiment of the present application further provides a data security analysis device, referring to fig. 2, fig. 2 is a block diagram of a data security analysis device 200 provided by the embodiment of the present application, where the device includes a first determining unit 201 and a second determining unit 202:
the first determining unit 201 is configured to determine a data link topology corresponding to data to be analyzed, where the data link topology is used to identify a plurality of systems related to the application of the data to be analyzed, and data rights corresponding to the plurality of systems respectively;
the second determining unit 202 is configured to perform security check on the multiple systems according to the data link topology, and determine whether the multiple systems have abnormal applications to the data to be analyzed.
In one possible implementation manner, the first determining unit 201 is specifically configured to:
determining a source system, a direct association system and an indirect association system corresponding to the data to be analyzed, wherein the source system is a system for generating the data to be analyzed, the direct association system is a system directly connected with the source system, and the indirect association system is a system which is not directly connected with the source system and is directly connected with the direct association system;
and determining the data authority corresponding to the direct association system and the indirect association system respectively according to the data type corresponding to the data to be analyzed.
In a possible implementation manner, the data authority includes storable applicable, non-storable applicable, and non-storable non-applicable, and the second determining unit 202 is specifically configured to:
respectively taking the systems as target systems, and determining whether the system storage data of the target systems have the data to be analyzed or not according to the target systems and the response to the data authority corresponding to the target systems being non-storable and applicable;
if the system storage data of the target system contains the data to be analyzed, judging that the data to be analyzed has abnormal application in the target system;
determining whether the data to be analyzed exists in system storage data and system interface data of the target system or not according to the data authority corresponding to the target system as non-storable and non-applicable;
if the system storage data or the system interface data of the target system contain the data to be analyzed, judging that the data to be analyzed have abnormal application in the target system.
In one possible implementation manner, the second determining unit 202 is specifically configured to:
determining the similarity between the system storage data of the target system and the data to be analyzed through a data analysis model;
and determining that the data to be analyzed exists in the system storage data of the target system in response to the similarity exceeds a preset threshold.
In a possible implementation manner, the apparatus 200 further includes a generating unit:
the generating unit is used for generating data security alarm information in response to the abnormal application of the data to be analyzed in the systems.
The embodiment of the application also provides computer equipment, which comprises a processor and a memory:
the memory is used for storing program codes and transmitting the program codes to the processor;
the processor is configured to execute the data security analysis method according to any one of the above embodiments according to instructions in the program code.
The embodiments of the present application further provide a computer readable storage medium storing a computer program for executing any one of the data security analysis methods described in the foregoing embodiments.
Embodiments of the present application also provide a computer program product comprising instructions which, when run on a computer, cause the computer to perform the data security analysis method of any of the above embodiments.
Those of ordinary skill in the art will appreciate that: all or part of the steps for implementing the above method embodiments may be implemented by hardware related to program instructions, where the above program may be stored in a computer readable storage medium, and when the program is executed, the program performs steps including the above method embodiments; and the aforementioned storage medium may be at least one of the following media: read-only memory (ROM), RAM, magnetic disk or optical disk, etc., which can store program codes.
It should be noted that, in the present specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment is mainly described in a different point from other embodiments. In particular, for the apparatus and system embodiments, since they are substantially similar to the method embodiments, the description is relatively simple, with reference to the description of the method embodiments in part. The apparatus and system embodiments described above are merely illustrative, in which elements illustrated as separate elements may or may not be physically separate, and elements shown as elements may or may not be physical elements, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present application without undue burden.
The foregoing is only one specific embodiment of the present application, but the scope of the present application is not limited thereto, and any changes or substitutions easily contemplated by those skilled in the art within the technical scope of the present application should be included in the scope of the present application. Therefore, the protection scope of the present application should be subject to the protection scope of the claims.

Claims (10)

1. A method of data security analysis, the method comprising:
determining a data link topology corresponding to data to be analyzed, wherein the data link topology is used for identifying a plurality of related systems when the data to be analyzed is applied and data authorities respectively corresponding to the systems;
and carrying out safety check on the systems according to the data link topology, and determining whether abnormal application of the data to be analyzed exists in the systems or not.
2. The method according to claim 1, wherein determining a data link topology corresponding to the data to be analyzed comprises:
determining a source system, a direct association system and an indirect association system corresponding to the data to be analyzed, wherein the source system is a system for generating the data to be analyzed, the direct association system is a system directly connected with the source system, and the indirect association system is a system which is not directly connected with the source system and is directly connected with the direct association system;
and determining the data authority corresponding to the direct association system and the indirect association system respectively according to the data type corresponding to the data to be analyzed.
3. The method of claim 1, wherein the data rights include storable applicable, non-storable applicable, and non-storable non-applicable, the security checking the plurality of systems according to the data link topology comprising:
respectively taking the systems as target systems, and determining whether the system storage data of the target systems have the data to be analyzed or not according to the target systems and the response to the data authority corresponding to the target systems being non-storable and applicable;
if the system storage data of the target system contains the data to be analyzed, judging that the data to be analyzed has abnormal application in the target system;
determining whether the data to be analyzed exists in system storage data and system interface data of the target system or not according to the data authority corresponding to the target system as non-storable and non-applicable;
if the system storage data or the system interface data of the target system contain the data to be analyzed, judging that the data to be analyzed have abnormal application in the target system.
4. A method according to claim 3, wherein said determining whether the system storage data of the target system has the data to be analyzed comprises:
determining the similarity between the system storage data of the target system and the data to be analyzed through a data analysis model;
and determining that the data to be analyzed exists in the system storage data of the target system in response to the similarity exceeds a preset threshold.
5. The method according to claim 1, wherein the method further comprises:
and generating data security alarm information in response to abnormal application of the data to be analyzed in the systems.
6. A data security analysis device, characterized in that the device comprises a first determination unit and a second determination unit:
the first determining unit is configured to determine a data link topology corresponding to data to be analyzed, where the data link topology is used to identify a plurality of systems related to the application of the data to be analyzed, and data rights corresponding to the plurality of systems respectively;
and the second determining unit is used for carrying out security check on the systems according to the data link topology and determining whether the systems have abnormal application to the data to be analyzed.
7. The apparatus according to claim 6, wherein the first determining unit is specifically configured to:
determining a source system, a direct association system and an indirect association system corresponding to the data to be analyzed, wherein the source system is a system for generating the data to be analyzed, the direct association system is a system directly connected with the source system, and the indirect association system is a system which is not directly connected with the source system and is directly connected with the direct association system;
and determining the data authority corresponding to the direct association system and the indirect association system respectively according to the data type corresponding to the data to be analyzed.
8. A computer device, the computer device comprising a processor and a memory:
the memory is used for storing program codes and transmitting the program codes to the processor;
the processor is configured to perform the data security analysis method of any one of claims 1-5 according to instructions in the program code.
9. A computer-readable storage medium storing a computer program for executing the data security analysis method according to any one of claims 1 to 5.
10. A computer program product comprising instructions which, when run on a computer, cause the computer to perform the data security analysis method of any of claims 1-5.
CN202310638548.8A 2023-05-31 2023-05-31 Data security analysis method and related device Pending CN116644474A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310638548.8A CN116644474A (en) 2023-05-31 2023-05-31 Data security analysis method and related device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310638548.8A CN116644474A (en) 2023-05-31 2023-05-31 Data security analysis method and related device

Publications (1)

Publication Number Publication Date
CN116644474A true CN116644474A (en) 2023-08-25

Family

ID=87624373

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310638548.8A Pending CN116644474A (en) 2023-05-31 2023-05-31 Data security analysis method and related device

Country Status (1)

Country Link
CN (1) CN116644474A (en)

Similar Documents

Publication Publication Date Title
US10356113B2 (en) Apparatus and method for detecting abnormal behavior
CN105009132A (en) Event correlation based on confidence factor
CN112685682B (en) Method, device, equipment and medium for identifying forbidden object of attack event
CN108073821B (en) Data security processing method and device
KR101717596B1 (en) Apparatus and method for detecting abnormal transaction
KR101585342B1 (en) Apparatus and method for detecting abnormal behavior
CN103888282A (en) Network intrusion alarm method and system based on nuclear power plant
CN108234426B (en) APT attack warning method and APT attack warning device
CN111614624A (en) Risk detection method, device, system and storage medium
CN111212055A (en) Non-invasive website remote detection system and detection method
KR20140088712A (en) System for monitoring access to personal information and method therefor
CN114445217A (en) Credit risk prevention and control method, device and system and computer readable storage medium
KR20160062259A (en) Method, system and computer readable medium for managing abnormal state of vehicle
CN111371581A (en) Method, device, equipment and medium for detecting business abnormity of Internet of things card
CN106899977B (en) Abnormal flow detection method and device
CN112817827A (en) Operation and maintenance method, device, server, equipment, system and medium
CN115296895B (en) Request response method and device, storage medium and electronic equipment
KR101973728B1 (en) Integration security anomaly symptom monitoring system
CN116644474A (en) Data security analysis method and related device
CN116483663A (en) Abnormality warning method and device for platform
CN116318932A (en) API asset risk control method, device and equipment
EP2911362B1 (en) Method and system for detecting intrusion in networks and systems based on business-process specification
CN115757107A (en) Embedded point detection method, device, server and storage medium
CN110060060B (en) Security control method and device, electronic equipment and computer readable storage medium
CN113807697A (en) Alarm association-based order dispatching method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination