CN117294464A - Knowledge management information security system operation method - Google Patents
Knowledge management information security system operation method Download PDFInfo
- Publication number
- CN117294464A CN117294464A CN202310992199.XA CN202310992199A CN117294464A CN 117294464 A CN117294464 A CN 117294464A CN 202310992199 A CN202310992199 A CN 202310992199A CN 117294464 A CN117294464 A CN 117294464A
- Authority
- CN
- China
- Prior art keywords
- access
- channel
- authority
- special
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 66
- 238000012544 monitoring process Methods 0.000 claims abstract description 29
- 230000008569 process Effects 0.000 claims abstract description 23
- 238000007726 management method Methods 0.000 claims description 35
- 230000005856 abnormality Effects 0.000 claims description 28
- 230000006399 behavior Effects 0.000 claims description 21
- 238000012550 audit Methods 0.000 claims description 15
- 238000004458 analytical method Methods 0.000 claims description 12
- 230000002159 abnormal effect Effects 0.000 claims description 10
- 238000003860 storage Methods 0.000 claims description 10
- 238000004590 computer program Methods 0.000 claims description 9
- 230000000670 limiting effect Effects 0.000 claims description 7
- 238000011156 evaluation Methods 0.000 claims description 3
- 238000013475 authorization Methods 0.000 claims description 2
- 230000000694 effects Effects 0.000 description 5
- 230000009286 beneficial effect Effects 0.000 description 2
- 230000008901 benefit Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- OKTJSMMVPCPJKN-UHFFFAOYSA-N Carbon Chemical compound [C] OKTJSMMVPCPJKN-UHFFFAOYSA-N 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000007796 conventional method Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 229910021389 graphene Inorganic materials 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000000873 masking effect Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
- 230000036961 partial effect Effects 0.000 description 1
- 230000002829 reductive effect Effects 0.000 description 1
- 238000004088 simulation Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 230000001052 transient effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/14—Error detection or correction of the data by redundancy in operation
- G06F11/1402—Saving, restoring, recovering or retrying
- G06F11/1446—Point-in-time backing up or restoration of persistent data
- G06F11/1448—Management of the data involved in backup or backup restore
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Abstract
The invention discloses a knowledge management information security system operation method, which comprises the following steps: acquiring authentication information, and authenticating identity and authority of a user; dynamically adjusting the authority according to the role and task requirements of knowledge management; opening a special authority channel when executing special access outside the authority, and monitoring access operation in the special authority channel; the knowledge resources and the process data are stored in a distributed mode and are backed up; access content is monitored at access time and access is masked when anomalies are found. The security of knowledge resources can be protected. The requirements of different users and different tasks can be met, and the flexibility and user experience of the system are improved. The utilization of resources can be effectively managed and optimized, and the efficiency of the system is improved. And the knowledge resources and the process data are stored in a distributed manner and are backed up, so that the stability and the reliability of the system can be improved, and the data loss is prevented.
Description
Technical Field
The invention relates to the technical field of information security, in particular to an operation method of a knowledge management information security system.
Background
In the information age, knowledge management has become a key element in organizing internal information processing and decision making. Knowledge Management Systems (KMSs) are widely used within organizations for collecting, storing, retrieving and sharing knowledge. However, as the value of knowledge becomes increasingly prominent, security issues of knowledge have also attracted widespread attention.
Conventional knowledge management systems typically rely on centralized servers and databases for storage and management of knowledge. However, this centralized architecture has some problems. First, centralized servers and databases may be targets of attacks, which once attacked, may result in loss or leakage of a significant amount of knowledge. Second, the centralized architecture may result in limited access and sharing of knowledge, affecting knowledge utilization efficiency.
Disclosure of Invention
This section is intended to outline some aspects of embodiments of the invention and to briefly introduce some preferred embodiments. Some simplifications or omissions may be made in this section as well as in the description summary and in the title of the application, to avoid obscuring the purpose of this section, the description summary and the title of the invention, which should not be used to limit the scope of the invention.
The present invention has been made in view of the above-described problems.
Therefore, the technical problems solved by the invention are as follows: the existing knowledge management information security system operation method has low authority opening security, and solves the optimization problem of low access efficiency caused by comprehensive monitoring.
In order to solve the technical problems, the invention provides the following technical scheme: a knowledge management information security system operation method comprises the following steps: acquiring authentication information, and authenticating identity and authority of a user; opening part of rights according to the authentication result, and dynamically adjusting the rights according to the roles and task requirements of knowledge management; opening a special authority channel when executing special access outside the authority, and monitoring access operation in the special authority channel; if the access quantity of the special access is larger than the access quantity in the time limit and the access efficiency of the special channel is lower than the demand, a plurality of special authority channels are opened, a resource access efficiency low-channel is set in the plurality of special authority channels to be a slow channel, the slow channel is comprehensively monitored, a resource access efficiency high-channel is set to be a fast channel, and the low-risk part hysteresis analysis is carried out while the real-time monitoring is carried out on the fast channel; the knowledge resources and the process data are stored in a distributed mode and are backed up; access content is monitored at access time and access is masked when anomalies are found.
As a preferred scheme of the knowledge management information security system operation method of the present invention, the method comprises: the authentication result comprises that internal staff and external users are distinguished according to identity information, and matched authority parts are liberated according to user grades and staff grades;
the access record of the authenticated user is called, if the number of times of further opening permission in the historical access record of the authenticated user exceeds 50% and the number of times of abnormal record does not exist in the user access record, when the user has applied for permission opening audit, the permission in the historical record is directly opened, and meanwhile, the access process is audited after the access is finished; if the number of times of further opening permission in the historical access records of the authenticated user is not more than 50%, the number of times of abnormal records in the user access records is not applied for permission opening by the user, the access is carried out after the application of single permission; the authority opening audit comprises that if a user needs to frequently use the access outside the authority, the user can submit an authority opening application and pass the authority opening audit, then the user can access without passing a single authority application, and when the authority opening audit is carried out, the access times outside the authority are limited.
As a preferred scheme of the knowledge management information security system operation method of the present invention, the method comprises: the limit is expressed as:
F(P)=sqrt(T)*I 2 *R+T*I*R 2
wherein T represents the historical total number of accesses in the last access period; i represents the importance of the accessed resource to the information security, and is between 0 and 1; r represents the trust level assessed during authority open auditing, and is between 0 and 1; the next cycle is updated each time the limit number of times the number of accesses outside the rights is exhausted.
As a preferred scheme of the knowledge management information security system operation method of the present invention, the method comprises: the dynamic adjustment comprises dynamically adjusting the authority of the user and the staff according to the behaviors and the requirements of the user and the staff, continuously monitoring and analyzing the behaviors of the user, predicting the possible requirements of the user, and opening the authority of related resources if the user is carrying out a specific project and reporting; if the demand of the user is predicted to be met and the behavior mode is predicted to change, the additional permission is revoked, if the internal staff allocates a new project and needs to access the resource without permission, the permission of the related resource is opened, and the permission is revoked after the project is completed.
As a preferred scheme of the knowledge management information security system operation method of the present invention, the method comprises: the special access comprises the steps that if a user applies for access through a single authority, a special channel is used for the access process, the access operation is monitored in the access process of the special channel, the special access is set with a time limit, and the time limit is set according to the content amount of the resource: t= (a+1/b) t 0 The method comprises the steps of carrying out a first treatment on the surface of the Wherein t is time limit, a is text length of resource content, b is resource difficulty degree scoring of accessing resource, t 0 Representing a time step; if the access quantity of the special access is larger than the access quantity in the time limit and the access efficiency of the special channel is lower than the requirement, adding a special authority channel until the access quantity of the special access is not larger than the access quantity in the time limit and the access efficiency of the special channel is not satisfiedStopping increasing the number of channels when the number of channels is lower than the demand; when the number of the special authority channels is multiple, setting a low-resource access efficiency channel as a slow channel in the multiple special authority channels, and comprehensively monitoring the slow channel; setting a high-efficiency resource access channel as a rapid channel, and performing real-time monitoring on the rapid channel and performing hysteresis analysis on a low-risk resource access part; when the slow channel and the fast channel are set, each special channel is set as the slow channel in sequence and randomly within the time limit, and the time for setting each channel as the slow channel is the same, and when the original fast channel is set as the slow channel, one special channel is selected as the fast channel randomly; the hysteresis analysis further comprises the steps of finding out resources with the abnormal times of 0 as low-risk resources according to the historical security records, monitoring the access of the low-risk resources in real time while keeping the records when the fast channel is used for monitoring, executing the multi-disc when the access is completed, and analyzing whether the abnormality is found.
As a preferred scheme of the knowledge management information security system operation method of the present invention, the method comprises: the exception record also comprises recording an exception once if the exception occurs in the access process to cause shielding access; recording one exception when the malicious frequent downloading and malicious batch exporting are identified, and limiting malicious downloading and malicious batch exporting behaviors; if the reason is approved and revised due to the abnormality submitted by the user, reducing the record of one abnormality; and when the abnormality is recorded, inserting a resource label into the abnormality, and when the permission opening audit and the low-risk resource evaluation are carried out, counting the abnormality of the access resource.
As a preferred scheme of the knowledge management information security system operation method of the present invention, the method comprises: the shielding access comprises shielding access if frequent downloading behavior, behavior of attempting to access unauthorized resources and behavior of inquiring in a large amount in a short time occur; if frequent downloading actions and actions for carrying out a large number of queries in a short time are applied before access, the access is not shielded; if frequent downloading actions and actions of carrying out a large number of queries in a short time lead to abnormality, submitting reasons of the abnormality, and reducing records of the abnormality is equivalent to applying before accessing, and the accessing is not shielded when the accessing is carried out; the distributed storage backup is adopted for all knowledge resources and process data, after the shielding access is finished, consistency of the backup and platform resources is checked, if the consistency is inconsistent, tamper early warning is sent out, and tampered content is repaired; tracing the source of the access user according to the early warning information, and pulling in the blacklist.
The knowledge management information security system operation system adopting the method of the invention is characterized in that: the authentication unit acquires authentication information and authenticates the identity and authority of the user; the access authorization unit opens part of rights according to the authentication result and dynamically adjusts the rights according to the roles and task requirements of knowledge management; opening a special authority channel when executing special access outside the authority, and monitoring access operation in the special authority channel; if the access quantity of the special access is larger than the access quantity in the time limit and the access efficiency of the special channel is lower than the demand, a plurality of special authority channels are opened, a resource access efficiency low-channel is set in the plurality of special authority channels to be a slow channel, the slow channel is comprehensively monitored, a resource access efficiency high-channel is set to be a fast channel, and the low-risk part hysteresis analysis is carried out while the real-time monitoring is carried out on the fast channel; the backup and shielding control unit is used for carrying out distributed storage on the knowledge resources and the process data and carrying out backup; access content is monitored at access time and access is masked when anomalies are found.
A computer device, comprising: a memory and a processor; the memory stores a computer program characterized in that: the processor, when executing the computer program, implements the steps of the method of any of the present invention.
A computer-readable storage medium having stored thereon a computer program, characterized by: the computer program, when executed by a processor, implements the steps of the method of any of the present invention.
The invention has the beneficial effects that: the knowledge management information security system operation method provided by the invention can effectively prevent unauthorized access and operation by acquiring the authentication information to authenticate the identity and the authority of the user, thereby protecting the security of knowledge resources. And part of rights are opened according to the authentication result, and the rights are dynamically adjusted according to the roles and task requirements of knowledge management, so that the requirements of different users and different tasks can be met, and the flexibility and user experience of the system are improved. And when special access outside the permission is executed, a special permission channel is opened, and access operation is monitored in the special permission channel, so that the utilization of resources can be effectively managed and optimized, and the efficiency of the system is improved. And the knowledge resources and the process data are stored in a distributed manner and are backed up, so that the stability and the reliability of the system can be improved, and the data loss is prevented.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the description of the embodiments will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art. Wherein:
FIG. 1 is a flowchart illustrating an overall operation method of a knowledge management information security system according to a first embodiment of the present invention;
fig. 2 is a comparison diagram of resource output efficiency in a knowledge management information security system operation method according to a second embodiment of the present invention.
Detailed Description
So that the manner in which the above recited objects, features and advantages of the present invention can be understood in detail, a more particular description of the invention, briefly summarized above, may be had by reference to the embodiments, some of which are illustrated in the appended drawings. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments of the present invention without making any inventive effort, shall fall within the scope of the present invention.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention, but the present invention may be practiced in other ways other than those described herein, and persons skilled in the art will readily appreciate that the present invention is not limited to the specific embodiments disclosed below.
Further, reference herein to "one embodiment" or "an embodiment" means that a particular feature, structure, or characteristic can be included in at least one implementation of the invention. The appearances of the phrase "in one embodiment" in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments.
While the embodiments of the present invention have been illustrated and described in detail in the drawings, the cross-sectional view of the device structure is not to scale in the general sense for ease of illustration, and the drawings are merely exemplary and should not be construed as limiting the scope of the invention. In addition, the three-dimensional dimensions of length, width and depth should be included in actual fabrication.
Also in the description of the present invention, it should be noted that the orientation or positional relationship indicated by the terms "upper, lower, inner and outer", etc. are based on the orientation or positional relationship shown in the drawings, are merely for convenience of describing the present invention and simplifying the description, and do not indicate or imply that the apparatus or elements referred to must have a specific orientation, be constructed and operated in a specific orientation, and thus should not be construed as limiting the present invention. Furthermore, the terms "first, second, or third" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance.
The terms "mounted, connected, and coupled" should be construed broadly in this disclosure unless otherwise specifically indicated and defined, such as: can be fixed connection, detachable connection or integral connection; it may also be a mechanical connection, an electrical connection, or a direct connection, or may be indirectly connected through an intermediate medium, or may be a communication between two elements. The specific meaning of the above terms in the present invention will be understood in specific cases by those of ordinary skill in the art.
Example 1
Referring to fig. 1, for one embodiment of the present invention, there is provided a knowledge management information security system operation method, including:
s1: and acquiring authentication information, and authenticating the identity and the authority of the user.
Further, the personal identity is authenticated by inputting information, and the authentication result comprises distinguishing an internal employee from an external user according to the identity information, and freeing the matched authority part according to the user grade and the employee grade.
In the next step, access records of the authenticated user are called, if the number of times of further opening permission in the history access records of the authenticated user exceeds 50% and the user access records have no abnormal record times, when the user has applied for passing the permission opening audit, the permission in the history records is directly opened, and meanwhile, the access process is audited after the access is finished; if the number of times of further opening permission in the historical access records of the authenticated user is not more than 50%, the number of times of abnormal records in the user access records is not applied for permission opening by the user, the access is carried out after the application of single permission; the authority opening audit comprises that if a user needs to frequently use the access outside the authority, the user can submit an authority opening application and pass the authority opening audit, then the user can access without passing a single authority application, and when the authority opening audit is carried out, the access times outside the authority are limited. The limits are expressed as:
F(P)=sqrt(T)*I 2 *R+T*I*R 2
wherein T represents the historical total number of accesses in the last access period; i represents the importance of the accessed resource to the information security, and is between 0 and 1; r represents the trust level assessed during authority open auditing, and is between 0 and 1; the next cycle is updated each time the limit number of times the number of accesses outside the rights is exhausted.
It is to be noted that if the number of times of opening the access rights exceeds 50%, it is indicated that the user often needs to open the rights, and at this time, if the user does not have an abnormal record, it is indicated that the user operates properly at the time of opening the rights. Therefore, the application can be checked, and the direct open authority can be obtained for access.
S2: and opening part of rights according to the authentication result, and dynamically adjusting the rights according to the roles and task requirements of knowledge management.
Further, dynamic adjustment includes dynamically adjusting the permissions of users and employees based on their behavior and needs; continuously monitoring and analyzing the behavior of the user, predicting the possible requirement of the user, and opening the authority of the related resource if the user is carrying out a specific project and reporting; if the predicted user needs are met and the behavior mode changes, the additional permission is revoked; if the internal staff allocates a new project and needs to access the resource without the authority, the authority of the related resource is opened, and the authority is revoked after the project is completed.
It will be appreciated that different users and different employees have respective needs and rights, so that the rights they need are also different. Rights are adjusted in time according to their needs, and if they are transient changes, the rights need to be revoked after completion. Thereby ensuring safety.
S3: opening a special authority channel when executing special access outside the authority, and monitoring access operation in the special authority channel; if the access quantity of the special access is larger than the access quantity in the time limit and the access efficiency of the special channel is lower than the demand, a plurality of special authority channels are opened, a resource access efficiency low-channel is set as a slow channel in the plurality of special authority channels, the slow channel is comprehensively and strictly monitored, a resource access efficiency high-channel is set as a fast channel, and the low-risk part hysteresis analysis is carried out while the real-time monitoring is carried out on the fast channel.
Further, the special access includes, if the user applies for access through a single authority, using a special channel for the access process, monitoring the access operation in the access process of the special channel, and setting a time limit for the special access, where the setting of the time limit is set according to the content of the resource: t= (a+1/b) t 0 The method comprises the steps of carrying out a first treatment on the surface of the Wherein t is time limit, a is text length of resource content, and b is resource difficulty of accessing resourceScore, t 0 Representing a time step.
If the access quantity of the special access is larger than the access quantity in the time limit and the access efficiency of the special channel is lower than the requirement, adding a special authority channel until the access quantity of the special access is not larger than the access quantity in the time limit and the access efficiency of the special channel is not lower than the requirement, and stopping adding the channel quantity; when the number of the special authority channels is multiple, setting a low-resource access efficiency channel as a slow channel in the multiple special authority channels, and comprehensively and strictly monitoring the slow channel; setting a high-efficiency resource access channel as a fast channel, and performing real-time monitoring on the fast channel and performing partial hysteresis analysis on low-risk resource access.
The hysteresis analysis further comprises the steps of finding out resources with the abnormal times of 0 as low-risk resources according to the historical security records, monitoring the access of the low-risk resources in real time when the fast channel is used for performing real-time monitoring, reserving the records, performing the multi-disc when the access is completed, and analyzing whether the abnormality is found.
When the access beyond the permission is executed, a new permission needs to be opened, and then the permission belongs to a special access way, and a special all-line channel needs to be opened. One rights channel is a limitation on the efficiency of access and if the access volume is too large, multiple channels need to be added. At the same time, the time of opening the authority is limited, so that dangerous problems are prevented. If the resources to be accessed are very large within the time limit, it is obvious that the time is not enough, then a plurality of channels need to be opened or the accessed content is too deep, then the efficiency of the access is reduced, that is, the access is slow, and then the required content can be quickly output by opening a plurality of channels.
It is known that setting one fast channel and one slow channel for monitoring the access channel can ensure that the average efficiency of access of the plurality of channels is constant. At this time, the slow channel can be monitored and analyzed more comprehensively because of the slower access efficiency. The fast channel needs to be monitored quickly, and then some resources with low risk need to be arranged to be accessed for analysis, so that the access efficiency of the fast channel can be ensured.
In addition, when the slow channel and the fast channel are set, each special channel is set as the slow channel in sequence and randomly within the time limit, and the time of setting each channel as the slow channel is the same, and when the original fast channel is set as the slow channel, one special channel is selected as the fast channel randomly. For example, the limiting time is 9 minutes, there are three special channels abc in total, one channel is randomly selected as a slow channel and one fast channel is randomly selected as b, then a is selected as a slow channel, the time for a slow channel is three minutes, after three minutes, the slow channel is changed and is assumed to be changed into c, and after three minutes, the slow channel is changed into b, but at the moment, b is a fast channel, then the fast channel is randomly changed into a or c, and at the moment, b is changed into a slow channel.
The exception record also comprises recording an exception once if the exception occurs in the access process to cause shielding access; recording one exception when the malicious frequent downloading and malicious batch exporting are identified, and limiting malicious downloading and malicious batch exporting behaviors; if the reason is approved and revised due to the abnormality submitted by the user, reducing the record of one abnormality; and when the abnormality is recorded, inserting a resource label into the abnormality, and when the permission opening audit and the low-risk resource evaluation are carried out, counting the abnormality of the access resource.
It is to be noted that, inserting the resource tag into the exception record can timely identify whether the user may have an exception when accessing the resource. Can achieve the timely recognition effect. If malicious frequent downloads and malicious batch exports exist, the information security is firstly not facilitated. At the same time, the workload for the system increases, and if notifications are made in advance or timely corrected and approved, this behavior is justified. Only in reasonably frequent downloads and batch exports will no record as an exception or security problem.
S4: the knowledge resources and the process data are stored in a distributed mode and are backed up; access content is monitored at access time and access is masked when anomalies are found.
Further, the shielding access comprises shielding the access if frequent downloading actions occur, actions of attempting to access unauthorized resources and actions of inquiring in a large amount of time; if frequent downloading actions and actions for carrying out a large number of queries in a short time are applied before access, the access is not shielded; if frequent downloading actions and actions of carrying out a large number of queries in a short time cause abnormality, submitting causes of the abnormality, and reducing records of the abnormality is equivalent to applying before accessing, and the accessing is not shielded during the accessing.
It is known that when an abnormality occurs, the access permission and the access behavior are re-masked in time, so that the security of the data and the resources can be ensured, and if the behavior of the user is reasonable, the masking is released after the application is submitted or corrected.
The method is characterized in that all knowledge resources and process data are backed up by adopting distributed storage, after shielding access is finished, consistency of the backup and platform resources is checked, if the consistency is inconsistent, tamper early warning is sent out, and tampered content is repaired; tracing the source of the access user according to the early warning information, and pulling in the blacklist.
It is known that the distributed storage backup can ensure the safety of the resource backup, so that the situation that the whole backup resource cannot be used due to one resource error is avoided. After shielding is finished, the backup and platform data resources are checked, whether the platform resources and the data are tampered or not can be effectively detected, the safety can be greatly improved, if the tampering is found, the user has great potential safety hazard, the blacklist is pulled in time, and if the user is corrected in later period, the user can be pulled out from the blacklist.
Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, database, or other medium used in the various embodiments provided herein may include at least one of non-volatile and volatile memory. The nonvolatile memory may include read only memory, magnetic tape, floppy disk, flash memory, optical memory, high density embedded nonvolatile memory, resistive memory, magnetic memory, ferroelectric memory, phase change memory, graphene memory, and the like. Volatile memory can include random access memory, external cache memory, or the like. By way of illustration, and not limitation, RAM can take many forms, such as static random access memory or dynamic random access memory. The databases referred to in the various embodiments provided herein may include at least one of relational databases and non-relational databases. The non-relational database may include, but is not limited to, a blockchain-based distributed database, and the like.
The processors referred to in the embodiments provided herein may be general purpose processors, central processing units, graphics processors, digital signal processors, programmable logic units, quantum computing-based data processing logic units, etc., without being limited thereto.
Example 2
Referring to fig. 2, for one embodiment of the present invention, a method for operating a knowledge management information security system is provided, and in order to verify the beneficial effects of the present invention, scientific demonstration is performed through economic benefit calculation and simulation experiments.
Table 1 shows the security effect of the present invention and the conventional method in the knowledge management information security system, and also shows the comparison result of the effect of the present invention when applying for additional open rights with normal general access.
TABLE 1 Security Effect and rights opening Effect Table
According to the invention, not only is the data and the resource less easy to tamper, but also the efficiency of access beyond the ordinary authority can be kept in a state of being equal to the ordinary access, so that the experience of use is greatly improved.
Fig. 2 is a comparison between the output efficiency of the user accessing the resource and the output efficiency of the common authority when the invention is used for opening the access function beyond the authority compared with the conventional invention. It can be seen that the method has high and stable output efficiency when the user accesses the resources beyond the authority, and the traditional method has low output efficiency and poor stability.
It should be noted that the above embodiments are only for illustrating the technical solution of the present invention and not for limiting the same, and although the present invention has been described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that the technical solution of the present invention may be modified or substituted without departing from the spirit and scope of the technical solution of the present invention, which is intended to be covered in the scope of the claims of the present invention.
Claims (10)
1. A method for operating a knowledge management information security system, comprising:
acquiring authentication information, and authenticating identity and authority of a user;
opening part of rights according to the authentication result, and dynamically adjusting the rights according to the roles and task requirements of knowledge management;
opening a special authority channel when executing special access outside the authority, and monitoring access operation in the special authority channel; if the access quantity of the special access is larger than the access quantity in the time limit and the access efficiency of the special channel is lower than the demand, a plurality of special authority channels are opened, a resource access efficiency low-channel is set in the plurality of special authority channels to be a slow channel, the slow channel is comprehensively monitored, a resource access efficiency high-channel is set to be a fast channel, and the low-risk part hysteresis analysis is carried out while the real-time monitoring is carried out on the fast channel;
the knowledge resources and the process data are stored in a distributed mode and are backed up; access content is monitored at access time and access is masked when anomalies are found.
2. The knowledge management information security system operation method of claim 1, wherein: the authentication result comprises that internal staff and external users are distinguished according to identity information, and matched authority parts are liberated according to user grades and staff grades;
the access record of the authenticated user is called, if the number of times of further opening permission in the historical access record of the authenticated user exceeds 50% and the number of times of abnormal record does not exist in the user access record, when the user has applied for permission opening audit, the permission in the historical record is directly opened, and meanwhile, the access process is audited after the access is finished; if the number of times of further opening permission in the historical access records of the authenticated user is not more than 50%, the number of times of abnormal records in the user access records is not applied for permission opening by the user, the access is carried out after the application of single permission;
the authority opening audit comprises that if a user needs to frequently use the access outside the authority, the user can submit an authority opening application and pass the authority opening audit, then the user can access without passing a single authority application, and when the authority opening audit is carried out, the access times outside the authority are limited.
3. The knowledge management information security system operation method of claim 2, wherein: the limit is expressed as:
F(P)=sqrt(T)*I 2 *R+T*I*R 2
wherein T represents the historical total number of accesses in the last access period; i represents the importance of the accessed resource to the information security, and is between 0 and 1; r represents the trust level assessed during authority open auditing, and is between 0 and 1;
the next cycle is updated each time the limit number of times the number of accesses outside the rights is exhausted.
4. The knowledge management information security system operation method of claim 3, wherein: the dynamic adjustment comprises dynamically adjusting the rights of users and employees according to their behaviors and needs;
continuously monitoring and analyzing the behavior of the user, predicting the possible requirement of the user, and opening the authority of the related resource if the user is carrying out a specific project and reporting; if the predicted user needs are met and the behavior mode changes, the additional permission is revoked;
if the internal staff allocates a new project and needs to access the resource without the authority, the authority of the related resource is opened, and the authority is revoked after the project is completed.
5. The knowledge management information security system operation method of claim 4, wherein: the special access comprises the steps that if a user applies for access through a single authority, a special channel is used for the access process, the access operation is monitored in the access process of the special channel, the special access is set with a time limit, and the time limit is set according to the content amount of the resource: t= (a+1/b) t 0 ;
Wherein t is time limit, a is text length of resource content, b is resource difficulty degree scoring of accessing resource, t 0 Representing a time step;
if the access quantity of the special access is larger than the access quantity in the time limit and the access efficiency of the special channel is lower than the requirement, adding a special authority channel until the access quantity of the special access is not larger than the access quantity in the time limit and the access efficiency of the special channel is not lower than the requirement, and stopping adding the channel quantity;
when the number of the special authority channels is multiple, setting a low-resource access efficiency channel as a slow channel in the multiple special authority channels, and comprehensively monitoring the slow channel; setting a high-efficiency resource access channel as a rapid channel, and performing real-time monitoring on the rapid channel and performing hysteresis analysis on a low-risk resource access part;
when the slow channel and the fast channel are set, each special channel is set as the slow channel in sequence and randomly within the time limit, and the time for setting each channel as the slow channel is the same, and when the original fast channel is set as the slow channel, one special channel is selected as the fast channel randomly;
the hysteresis analysis further comprises the steps of finding out resources with the abnormal times of 0 as low-risk resources according to the historical security records, monitoring the access of the low-risk resources in real time when the fast channel is used for performing real-time monitoring, reserving the records, performing the multi-disc when the access is completed, and analyzing whether the abnormality is found.
6. The knowledge management information security system operation method of claim 5, wherein: the exception record also comprises recording an exception once if the exception occurs in the access process to cause shielding access; recording one exception when the malicious frequent downloading and malicious batch exporting are identified, and limiting malicious downloading and malicious batch exporting behaviors;
if the reason is approved and revised due to the abnormality submitted by the user, reducing the record of one abnormality;
and when the abnormality is recorded, inserting a resource label into the abnormality, and when the permission opening audit and the low-risk resource evaluation are carried out, counting the abnormality of the access resource.
7. The knowledge management information security system operation method of claim 6, wherein: the shielding access comprises shielding access if frequent downloading behavior, behavior of attempting to access unauthorized resources and behavior of inquiring in a large amount in a short time occur; if frequent downloading actions and actions for carrying out a large number of queries in a short time are applied before access, the access is not shielded; if frequent downloading actions and actions of carrying out a large number of queries in a short time lead to abnormality, submitting reasons of the abnormality, and reducing records of the abnormality is equivalent to applying before accessing, and the accessing is not shielded when the accessing is carried out;
the distributed storage backup is adopted for all knowledge resources and process data, after the shielding access is finished, consistency of the backup and platform resources is checked, if the consistency is inconsistent, tamper early warning is sent out, and tampered content is repaired; tracing the source of the access user according to the early warning information, and pulling in the blacklist.
8. A knowledge management information security system operating system employing the method of any one of claims 1-7, characterized by:
the authentication unit acquires authentication information and authenticates the identity and authority of the user;
the access authorization unit opens part of rights according to the authentication result and dynamically adjusts the rights according to the roles and task requirements of knowledge management; opening a special authority channel when executing special access outside the authority, and monitoring access operation in the special authority channel; if the access quantity of the special access is larger than the access quantity in the time limit and the access efficiency of the special channel is lower than the demand, a plurality of special authority channels are opened, a resource access efficiency low-channel is set in the plurality of special authority channels to be a slow channel, the slow channel is comprehensively monitored, a resource access efficiency high-channel is set to be a fast channel, and the low-risk part hysteresis analysis is carried out while the real-time monitoring is carried out on the fast channel;
the backup and shielding control unit is used for carrying out distributed storage on the knowledge resources and the process data and carrying out backup; access content is monitored at access time and access is masked when anomalies are found.
9. A computer device, comprising: a memory and a processor; the memory stores a computer program characterized in that: the processor, when executing the computer program, implements the steps of the method of any one of claims 1 to 7.
10. A computer-readable storage medium having stored thereon a computer program, characterized by: the computer program implementing the steps of the method of any of claims 1 to 7 when executed by a processor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310992199.XA CN117294464A (en) | 2023-08-08 | 2023-08-08 | Knowledge management information security system operation method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310992199.XA CN117294464A (en) | 2023-08-08 | 2023-08-08 | Knowledge management information security system operation method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117294464A true CN117294464A (en) | 2023-12-26 |
Family
ID=89243267
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310992199.XA Pending CN117294464A (en) | 2023-08-08 | 2023-08-08 | Knowledge management information security system operation method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117294464A (en) |
-
2023
- 2023-08-08 CN CN202310992199.XA patent/CN117294464A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9081978B1 (en) | Storing tokenized information in untrusted environments | |
| US20110239293A1 (en) | Auditing access to data based on resource properties | |
| US20210124730A1 (en) | Blockchain based distributed file systems | |
| CN103632080A (en) | Mobile data application safety protection system and mobile data application safety protection method based on USBKey | |
| US9516031B2 (en) | Assignment of security contexts to define access permissions for file system objects | |
| EP3567509B1 (en) | Systems and methods for tamper-resistant activity logging | |
| US20210133079A1 (en) | Validation of log files using blockchain system | |
| CN102761555A (en) | Mandatory access control system and control method based on access history | |
| Solovyev | Long-term digital documents storage technology | |
| WO2021046637A1 (en) | Methods and systems for data self-protection | |
| CN111914295A (en) | Database access control method and device and electronic equipment | |
| US20200314109A1 (en) | Time-based server access | |
| US11868339B2 (en) | Blockchain based distributed file systems | |
| CN111242481A (en) | E-government platform based on big data | |
| CN112637108A (en) | Internal threat analysis method and system based on anomaly detection and emotion analysis | |
| US10142344B2 (en) | Credential management system | |
| CN117294464A (en) | Knowledge management information security system operation method | |
| Chari et al. | A bigData platform for analytics on access control policies and logs | |
| US20200012802A1 (en) | File system lock down | |
| Chen | Research on the systematization of computer accounting information based on internal control | |
| CN114205118B (en) | Data access control analysis method based on data security method category | |
| Mirajkar et al. | A provenance-based access control model for securely storing data in cloud | |
| CN115473712B (en) | Cloud security service security management platform and cloud security service management method | |
| Wu et al. | Enterprise data security storage integrating blockchain and artificial intelligence technology in property and resource risk management | |
| Tomono et al. | A log management system for internal control |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |