CN117640168A - Data security detection method and device, storage medium and electronic equipment - Google Patents
Data security detection method and device, storage medium and electronic equipment Download PDFInfo
- Publication number
- CN117640168A CN117640168A CN202311487314.4A CN202311487314A CN117640168A CN 117640168 A CN117640168 A CN 117640168A CN 202311487314 A CN202311487314 A CN 202311487314A CN 117640168 A CN117640168 A CN 117640168A
- Authority
- CN
- China
- Prior art keywords
- data
- target
- preset
- target data
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 105
- 238000000034 method Methods 0.000 claims description 50
- 238000004590 computer program Methods 0.000 claims description 12
- 238000005516 engineering process Methods 0.000 claims description 7
- 238000012360 testing method Methods 0.000 description 18
- 238000004891 communication Methods 0.000 description 16
- 238000013500 data storage Methods 0.000 description 11
- 238000010586 diagram Methods 0.000 description 10
- 238000013479 data entry Methods 0.000 description 8
- 230000006870 function Effects 0.000 description 8
- 238000012545 processing Methods 0.000 description 8
- 238000012795 verification Methods 0.000 description 5
- 238000012217 deletion Methods 0.000 description 4
- 230000037430 deletion Effects 0.000 description 4
- 238000011161 development Methods 0.000 description 4
- 238000004458 analytical method Methods 0.000 description 3
- 230000001419 dependent effect Effects 0.000 description 2
- 230000002452 interceptive effect Effects 0.000 description 2
- 239000004973 liquid crystal related substance Substances 0.000 description 2
- 238000013475 authorization Methods 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 239000000872 buffer Substances 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 238000009877 rendering Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Abstract
The embodiment of the specification discloses a data security detection method, a device, a storage medium and electronic equipment, and relates to the technical field of computers.
Description
Technical Field
The present disclosure relates to the field of computer technologies, and in particular, to a data security detection method, a device, a storage medium, and an electronic apparatus.
Background
Along with the rapid development of network technology, information security is facing a great challenge, privacy of users is facing a great challenge, and the privacy of users is generally unauthorized to be accessed by others, so that information is revealed, and therefore, when the users access data on each large website platform, information security risk can be detected, so that information disclosure is prevented.
Taking the common means of data security detection as an example, the level override detection is usually performed by using a black box detection, and a legal test is performed by creating two accounts with the same authority level and using a first account to obtain a legal test request website; and based on the legal test request website, carrying out a comparison test request by using the second account to obtain a corresponding comparison test request result, and comparing the comparison test request result with the operation authority of the first account to determine whether an information security hole exists. However, the data security detection mode needs to create an account in advance and then test the account respectively, so that the deployment is complicated, the efficiency is low, the information security detection can only carry out security scanning or testing on the application before the application is released, and the problem of many omission exists in the method of the prior detection. Therefore, a suitable data security detection method is needed.
Disclosure of Invention
The embodiment of the specification provides a data security detection method, a device, a storage medium and electronic equipment, which can enhance the accuracy of data security detection and improve the efficiency of data security detection. The technical scheme is as follows:
In a first aspect, embodiments of the present disclosure provide a data security detection method, where the method includes:
acquiring call link information aiming at target data;
acquiring a user identifier corresponding to a user executing target operation on the target data according to the call link information;
determining whether the target data meets preset conditions related to the preset data according to preset data corresponding to the user identification;
and executing the target operation on the target data under the condition that the target data meets the preset condition.
In a second aspect, embodiments of the present disclosure provide a data security detection device, the device including:
the information acquisition module is used for acquiring call link information aiming at target data;
the identification acquisition module is used for acquiring a user identification corresponding to a user executing target operation on the target data according to the call link information;
the condition determining module is used for determining whether the target data meets preset conditions related to the preset data according to the preset data corresponding to the user identification;
and the execution operation module is used for executing the target operation on the target data under the condition that the target data meets the preset condition.
In a third aspect, the present description provides a computer storage medium storing a plurality of instructions adapted to be loaded by a processor and to perform the above-described method steps.
In a fourth aspect, the present description provides a computer program product, the computer storage medium storing a plurality of instructions adapted to be loaded by a processor and to perform the above-described method steps.
In a fifth aspect, embodiments of the present disclosure provide an electronic device, which may include: a processor and a memory; wherein the memory stores a computer program adapted to be loaded by the processor and to perform the above-mentioned method steps.
The technical scheme provided by some embodiments of the present specification has the following beneficial effects:
according to the method and the device, the user identification corresponding to the user for executing the target operation on the target data is obtained according to the call link information aiming at the target data, whether the target data meets the preset condition related to the preset data is further determined according to the preset data corresponding to the user identification, so that the target operation is executed on the target data only when the target data meets the preset condition, and the condition that the target data is leaked or tampered is avoided. In other words, the embodiment of the specification can detect whether the target operation aiming at the target data is safe or not in real time, the detection instantaneity is high, the data safety of the database storing the target data in online use is guaranteed, whether the target operation is safe or not is judged by detecting whether the target data meets the preset condition related to preset data or not, the detection is reliable, and the detection efficiency is high.
Drawings
In order to more clearly illustrate the embodiments of the present description or the technical solutions in the prior art, the following description will briefly explain the drawings used in the embodiments or the description of the prior art, and it is obvious that the drawings in the following description are only some embodiments of the present description, and other drawings can be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic diagram of a data security detection method according to an embodiment of the present disclosure;
fig. 2 is a flow chart of a data security detection method according to an embodiment of the present disclosure;
fig. 3 is a flow chart of a data security detection method according to an embodiment of the present disclosure;
fig. 4 is a flow chart of a data security detection method according to an embodiment of the present disclosure;
fig. 5 is a flow chart of a data security detection method according to an embodiment of the present disclosure;
fig. 6 is a schematic structural diagram of a data security detection device according to an embodiment of the present disclosure;
fig. 7 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure.
Detailed Description
The technical solutions of the embodiments of the present specification will be clearly and completely described below with reference to the drawings in the embodiments of the present specification, and it is apparent that the described embodiments are only some embodiments of the present specification, not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are intended to be within the scope of the present disclosure.
In the description of the present specification, it should be understood that the terms "first," "second," and the like are used for descriptive purposes only and are not to be construed as indicating or implying relative importance. In the description of the present specification, it should be noted that, unless expressly specified and limited otherwise, "comprise" and "have" and any variations thereof are intended to cover non-exclusive inclusion. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those listed steps or elements but may include other steps or elements not listed or inherent to such process, method, article, or apparatus. The specific meaning of the terms in this specification will be understood by those of ordinary skill in the art in the light of the specific circumstances. In addition, in the description of the present specification, unless otherwise indicated, "a plurality" means two or more. "and/or", describes an association relationship of an association object, and indicates that there may be three relationships, for example, a and/or B, and may indicate: a exists alone, A and B exist together, and B exists alone. The character "/" generally indicates that the context-dependent object is an "or" relationship.
The present specification is described in detail below with reference to specific examples.
It should be noted that, information (including but not limited to user equipment information, user personal information, etc.), data (including but not limited to data for analysis, stored data, presented data, etc.), and signals according to the embodiments of the present disclosure are all authorized by the user or are fully authorized by the parties, and the collection, use, and processing of relevant data is required to comply with relevant laws and regulations and standards of relevant countries and regions. For example, data and information, user information, and the like referred to in this specification are acquired with sufficient authorization.
Along with the rapid development of network technology, information security is facing a great challenge, privacy of users is facing a great challenge, and the privacy of users is generally unauthorized to be accessed by others, so that information is revealed, and therefore, when the users access data on each large website platform, information security risk can be detected, so that information disclosure is prevented.
Taking the common means of data security detection as an example, there are two general detection methods when performing the horizontal override detection: one is black box detection, which is to establish two accounts with the same authority level, and perform legal test by using the first account to obtain a legal test request website; and based on the legal test request website, carrying out comparison test requirements by using the second account to obtain a corresponding comparison test request result, comparing the comparison test request result with the operation authority of the first account, and determining whether a horizontal override vulnerability exists. However, the horizontal override detection mode needs to create account numbers in advance and then test the account numbers respectively, so that the deployment is complicated, and the efficiency is low.
Another detection method is that the detection mode of the interactive application security test (IAST, interactive Application Security Testing) detects the horizontal override by combining the database resource analysis of the SQL (Structured Query Language ) statement and the detection model, but the method is also very dependent on external conditions, such as the detection model, and is complex to deploy, so that the efficiency is low, and the information security detection can only perform security scanning or testing on the application before the application is released, so that the method for detecting in advance still has a plurality of missing problems. Thus, a suitable data security detection method is needed.
Based on the above problems, the present specification proposes a data security detection method to solve the above problems. Fig. 1 is a schematic diagram of an architecture of a data security detection method according to an embodiment of the present disclosure, where the schematic diagram includes: a security detection server 101, a plurality of electronic devices, and a data storage server 103. The plurality of electronic devices include at least electronic device 1021, electronic device 1022, and electronic device 1023. It should be understood that the number of the security detection server 101, the plurality of electronic devices, and the data storage server 103 shown in fig. 1 is only illustrative, and the embodiment of the present disclosure is not limited in any way.
The security detection server 101 and the data storage server 103 may be understood as a server or a cluster of multiple servers, which receives requests or information through multiple interfaces provided, and provides corresponding data or services based on the requested content of the requests. The security detection server 101 and the data storage server 103 may be a plurality of physical servers, and the plurality of physical servers are independent in hardware; or multiple servers are in multiple virtual servers, the multiple virtual servers are deployed in the same hardware resource pool, and the deployment modes of the virtual servers include but are not limited to: VMware, virtual Box, and Virtual PC.
The communication between the security detection server 101 and the data storage server 103 and the plurality of electronic devices may be performed through communication links established based on a communication protocol, for example: gRPC Protocol, gRPC is a high-performance, general open-source remote server call (Remote Procedure Call, RPC) framework, which is mainly developed for mobile applications and designed based on HTTP/2 Protocol standards, is developed based on Protocol Buffers (PB) serialization protocols, and supports numerous development languages. In addition, the communication link may also be a wireless communication link or a wired communication link, such as: the wired communication link may include an optical fiber, twisted pair or coaxial cable, and the WIreless communication link may include a Bluetooth communication link, a WIreless-FIdelity (Wi-Fi) communication link, a microwave communication link, or the like.
In the embodiment of the present disclosure, the security detection server 101 may be a server corresponding to an application program, and is used for providing data security protection for the application. Application may be any type of Application developed based on any type of development framework, such as applications for games, social and video classes. The security detection server 101 may also be a server corresponding to a certain database, and is configured to provide data security protection for the database based on the data security detection method of the embodiment of the present disclosure.
The data storage server 103 stores preset data corresponding to the user identifier. The preset data corresponding to the user identifier can be understood as the data content which the user corresponding to the user identifier allows to acquire. For example, if the user identifier corresponds to the log data of the application program with the preset identifier of 10 months 1 to 10 months 30 days, the user corresponding to the user identifier may acquire the log data of the application program with the preset identifier of 10 months 1 to 10 months 30 days, but is not allowed to acquire the log data such as 9 months 1 days, in other words, when the data except the log data of the application program with the preset identifier of 10 months 1 to 10 months 30 days is acquired by the user corresponding to the user identifier, the data leakage, that is, the data security risk is illustrated.
In other embodiments, the data storage server 103 may be integrated with the security detection server 101, which is not limited in this specification.
It will be appreciated that the security detection server 101 and the data storage server 103 are also provided with other service capabilities and functions to accomplish the tasks of the embodiments described below. For example, the security detection server 101 and the data storage server 103 also provide portal services, resource management services, CI/CD services, and the like.
The user communicates with the data security server 101 via the electronic device, i.e. sends an access request for the target data to the data security server 101 via the electronic device. The content of the access request may be any content in any format set by the user via the electronic device. Electronic devices including, but not limited to, physical or virtual servers, mobile Stations (MSs), mobile terminals, mobile phones, handsets, portable devices (portable equipment), bluetooth headsets, smart watches, etc. may communicate with one or more core networks via a radio access network (Radio Access Network, RAN). It is understood that the embodiment of the present disclosure is not limited to the type of electronic device described above.
In the embodiment of the present specification, the electronic device may further be provided with a display device, and the display device may be various devices capable of implementing a display function, for example: the display device may be a cathode ray tube display (Cathode raytubedisplay, CR), a Light-emitting diode display (Light-emitting diodedisplay, LED), an electronic ink screen, a liquid crystal display (Liquid crystal display, LCD), a plasma display panel (Plasma displaypanel, PDP), or the like.
The user can view the access request interception information transmitted from the data security server 101, or view the target data for the access request transmitted from the data security server 101, or view the authentication request for authenticating the user's identity transmitted from the data security server 101, by using the display means on the electronic device. And the user may send an instruction to the electronic device through the display device of the electronic device, for example, by performing a long press or click, double click operation on the display device of the electronic device, the instruction including sending an access request to acquire the target data or the like to the data security server 101 through the electronic device.
In one embodiment, as shown in fig. 2, a schematic diagram of a data security detection method according to an embodiment of the present disclosure is provided, which may be implemented by a computer program and may be executed on a data security detection device based on von neumann system. The computer program may be integrated in the application or may run as a stand-alone tool class application.
Specifically, the data security detection method includes:
s102, acquiring call link information aiming at target data.
The target data may be understood as target data specified by a user logging into a server storing data or transmitting an access request to the server storing data. For example, the target data is log data of a certain specified date. In one embodiment, the target data is data including stain parameters. The stain parameter can be understood as a parameter transmitted by the front end, is safely called stain, and means that a user can modify the stain by himself; similarly, the non-taint parameter is not a front-end incoming parameter, meaning that the user cannot modify himself at will. In this embodiment, the data security detection is performed for the data including the stain parameter as the target data, and the target data may be targeted for security detection, while avoiding the computational pressure caused by ineffective data security detection.
It is understood that in the embodiment of the present specification, the type of the target data may be various types of data such as documents, tables, pictures, audio, video, and the like.
In this embodiment, the target data corresponds to a target resource identifier, in other words, the target resource identifier resourceid characterizes an identifier of the target data, for example, a name of the target data, a location where the target data is stored, and so on. The call link information may also be understood as data flow information including the target resource, that is, the complete execution code of a certain class of data, where a data flow refers to a data flow of the target data in the whole execution flow, for example, the target resource identifier is obtained, pruned, and is subjected to judgment and matching … … until the information generated by the corresponding process is output.
For example, the data flow information refers to information generated by data flow from the source point to the sink point, for example, the data flow information corresponding to the target data may be information generated by a process of processing the acquired target resource identifier resource from the source point through an intermediate data flow node to reach the sink point.
When the target resource identifier is processed by the intermediate data stream node, simple initialization, detection and determination can be carried out to determine whether the target resource identifier accords with a preset parameter format rule or other operations without influencing data security detection, and the target resource identifier can be selected and processed according to actual needs.
As shown in fig. 3, a flow chart of data security detection provided in this embodiment of the present disclosure is shown, and for a target resource identifier resource id corresponding to target data, information generated by data flow from a source point to sink point is call link information, and a node passing in the middle is selected, such as select_ from table where resource id = #resource id# implemented based on SQL statements.
S104, according to the call link information, obtaining a user identifier corresponding to a user executing target operation on target data.
The User identifier refers to an identifier for characterizing the Identity of a User, and the User identifier User Identity can be understood as identification data for characterizing the Identity of the User. For example, the user identifier may be an identification number, a user ID, a mobile phone number, an email, etc., or may be device data of a user terminal used by the user, or may be an identifier generated according to a physiological characteristic, or may be a combination of a plurality of data in the above data, which is not described herein.
The target operation is performed on the target data, which may be understood as specific content of the target operation corresponding to the operation instruction sent by the user for the target data, in other words, a process of performing a specific operation on the target data based on the operation instruction given by the user. Operations on the target data may be deletion, updating, and querying. Specifically, for the deletion operation, removal of the target data can be achieved by selecting the deletion operation. For the update operation, operations such as editing, modifying or replacing can be performed on the target data to achieve the update of the target data. For query operation, a data result meeting the condition can be obtained through the query condition of the target data.
In one embodiment, user login data of a database for logging in storage target data, which is included in calling link information, is obtained according to the calling link information; and acquiring a user identifier corresponding to the user executing the target operation on the target data according to the user login data.
Specifically, the call link information includes user login data for logging in a database storing target data, and is specifically obtained according to a data entry instruction included in the call link information. The data entry instruction refers to a software entry of data, that is, a software program that receives/generates data, and may include source codes such as a login state, codes corresponding to a user access request, and the like. The source code, also called source program, refers to a series of codes for access control by the server, which are generated when the user initiates an access request, and a series of readable computer language instructions, for example, when the user initiates an access request, the server generates a code according to the access request, which may be a code corresponding to the access request of the user or a code corresponding to the login state, that is, the server may determine the data entry instruction by scanning the login state code or combining the context analysis code.
Further, the scan data entry instruction obtains the user identification. The scanning data entry instruction is a direct scanning code in a static scanning mode, and one possible implementation mode may be that keywords in the scanning data entry instruction are extracted and summarized to form data flow information; in another possible implementation manner, the scanning may be performed by a comparison manner, specifically, the parameters included in the data entry instruction are split and extracted, and compared and screened with the parameters to be determined, for example, a user identifier (uid), a target resource identifier (resource), and the like.
By the method for acquiring the user identifier, the process of compiling the code is omitted, the detection process is simplified, and the efficiency of data security detection is improved.
S106, determining whether the target data meets preset conditions related to the preset data according to the preset data corresponding to the user identification.
The preset data corresponding to the user identifier can be understood as the data content which the user corresponding to the user identifier allows to acquire. For example, if the user identifier corresponds to the log data of the application program with the preset identifier of 10 months 1 day to 10 months 30 days, the user corresponding to the user identifier may acquire the log data of the application program of 10 months 1 day to 10 months 30 days, and is not allowed to acquire the log data of 9 months 1 day.
The preset condition related to the preset data may be determined according to the type or content of the preset data. For example, the preset conditions corresponding to the preset data of different types or different security levels are different, and if the preset conditions corresponding to the preset data with higher security level are more strict. Specifically, the target data may be data excluding the preset data, or the data excluding the preset data included in the target data may be security data that allows the acquisition of the owner, or the data excluding the preset data included in the target data may be only the amount of data below the preset threshold, or other conditions set by the relevant person as needed.
S108, executing target operation on the target data under the condition that the target data meets the preset condition.
In the case that the target data meets the preset condition, the target operation of the user on the target data is explained not to cause the data security problem, so that the target operation is executed on the target data.
As shown in fig. 3, the scan data entry instruction acquires a user identifier uid, that is, string uid=context (). Get.uid (), according to the call link information. Based on the user identifier uid, the preset data corresponding to the user identifier is obtained, in this embodiment, a data obtaining Request carrying the user identifier uid is sent to the data storage server to obtain preset data corresponding to the user identifier, where the data obtaining Request is based on an Http implementation Request, that is, boolean is access =http Request ntil. Post (url, parameters), and the preset data corresponding to the user identifier is obtained according to the response data of the data storage server. Further, whether the target data meets a preset condition isacess related to the preset data is determined, the target operation is executed on the target data under the condition that the target data meets the preset condition true, and the target operation is stopped on the target data under the condition that the target data does not meet the preset condition false.
According to the method and the device, the user identification corresponding to the user for executing the target operation on the target data is obtained according to the call link information aiming at the target data, whether the target data meets the preset condition related to the preset data is further determined according to the preset data corresponding to the user identification, so that the target operation is executed on the target data only when the target data meets the preset condition, and the condition that the target data is leaked or tampered is avoided. In other words, the embodiment of the specification can detect whether the target operation aiming at the target data is safe or not in real time, the detection instantaneity is high, the data safety of the database storing the target data in online use is guaranteed, whether the target operation is safe or not is judged by detecting whether the target data meets the preset condition related to preset data or not, the detection is reliable, and the detection efficiency is high.
In one embodiment, as shown in fig. 4, a schematic diagram of a data security detection method according to an embodiment of the present disclosure is provided, which may be implemented by a computer program and may be executed on a data security detection device based on von neumann system. The computer program may be integrated in the application or may run as a stand-alone tool class application.
Specifically, the data security detection method includes:
s202, acquiring call link information aiming at target data.
See S101 above, and will not be described here again.
S204, determining whether the operation type of performing the target operation on the target data is a preset type?
The operation type of the target data may be deletion, update, query and new addition, and when the operation type of the target data is a new addition operation, that is, when the target data is newly added, the new added target data is not matched with the preset data corresponding to the user identifier, so that the method is not suitable for a data security detection method for determining whether the target data meets the preset condition related to the preset data according to the preset data corresponding to the user identifier.
In this embodiment, by executing the security detection method when the operation type of the target operation is limited to the preset type, it is possible to avoid that the data security detection limits the user to execute a reasonable operation on the target data instead, which brings inconvenience to the user.
In one embodiment, determining whether the type of operation for performing the target operation on the target data is a preset type includes: acquiring an operation instruction which is included in the calling link information and indicates to execute target operation on target data according to the calling link information; and determining whether the operation type of the target operation is a preset type according to the instruction content of the operation instruction.
And scanning the call link information, acquiring an operation instruction for indicating to execute the target operation on the target data, and determining the operation type of the target operation according to the instruction content of the operation instruction. For example, identifying a keyword corresponding to an operation instruction, for example, the operation instruction is a database (uid, resourceid …), and extracting parameters before the symbol "()" by identifying "()" to obtain instruction content, so as to determine the operation type of the target operation as a query; in another possible implementation manner, the search traversal is performed from the operation instruction according to preset required parameters, for example uid, resourceid, … …, which parameters are included are determined, and the determined parameters are taken as instruction contents.
In one embodiment, the target operation on the target data is usually performed on the whole data stream, that is, the last node in the call link information, so that an instruction corresponding to the last operation in the call link information can be directly extracted, so as to determine the instruction content and the operation type of the target operation corresponding to the instruction content.
In one embodiment, the target operation is performed on the target data in the event that the operation type of the target operation is determined not to be a preset type. In other words, in the case where it is determined that the operation type of the target operation is not the preset type, an operation of judging whether or not the target data satisfies the preset condition related to the preset data is not performed. For example, the operation instruction is a Daoimpl.query (uid, resourceid …), then a query operation is performed on target data for which the target resource identifies a resource.
S206, under the condition that the operation type for executing the target operation on the target data is determined to be the preset type, acquiring a user identifier corresponding to the user for executing the target operation on the target data according to the call link information.
See S104 above, and will not be described here again.
S208, determining whether the target data meets the preset conditions related to the preset data according to the preset data corresponding to the user identification?
See S106 above, and will not be described again here.
S210, executing the target operation on the target data if the operation type of the target operation is not the preset type or the target data meets the preset condition.
See S108 above, and will not be described again here.
S212, stopping executing the target operation on the target data when the target data does not meet the preset condition.
In the case that the operation type of the target operation for the target data is a preset type and the target data does not meet a preset condition related to the preset data, determining that the access request may cause data leakage of the server or threaten data security of the server, intercepting the access request for the target data, or stopping executing the target operation on the target data.
In one embodiment, in a case that an operation type of a target operation for target data is a preset type and the target data does not satisfy a preset condition related to the preset data, sending a verification request to a target electronic device; the verification request is used for indicating the target electronic equipment to confirm whether the target operation on the target data needs to be stopped or not, and sending a stopping instruction or a continuing instruction to the data security server; and stopping executing the target operation on the target data when the data security server receives the stop instruction, and continuing executing the target operation on the target data when receiving the continue instruction.
In other words, in the event that the access request is determined to be unexpected or threatening data security, a method of sending a verification request to the target electronic device may be employed to verify whether the target operation for the target data needs to be continued or stopped, such as verifying whether the user's identity information is a preset identity. The verification request may be a live experience request verified through an iris or a face, or may be a non-live experience request such as a mail or a phone indicating the user to send the identity information of the user. The manner of verifying the request may be any manner, which is not limited in this specification.
In this embodiment, by sending the verification request to the electronic device, it may be further confirmed whether the target operation needs to be stopped for the target data, so as to avoid the problem that the user cannot perform the target operation for the target data and is inconvenient for the user due to interception of the access request sent by the user meeting the preset identity.
According to the method and the device, the user identification corresponding to the user for executing the target operation on the target data is obtained according to the call link information aiming at the target data, whether the target data meets the preset condition related to the preset data is further determined according to the preset data corresponding to the user identification, so that the target operation is executed on the target data only when the target data meets the preset condition, and the condition that the target data is leaked or tampered is avoided. In other words, the embodiment of the specification can detect whether the target operation aiming at the target data is safe or not in real time, the detection instantaneity is high, the data safety of the database storing the target data in online use is guaranteed, whether the target operation is safe or not is judged by detecting whether the target data meets the preset condition related to preset data or not, the detection is reliable, and the detection efficiency is high.
In one embodiment, as shown in fig. 5, a schematic diagram of a data security detection method according to an embodiment of the present disclosure is provided, which may be implemented by a computer program and may be executed on a data security detection device based on von neumann system. The computer program may be integrated in the application or may run as a stand-alone tool class application.
Specifically, the data security detection method includes:
s302, call link information aiming at target data is obtained through a pile inserting technology.
Instrumentation is understood to be a technique that enables intervention and control of program behavior by inserting instrumentation code into a target program. In this embodiment, tracking and control of the program execution flow may be performed by using the instrumentation technique, so as to obtain the state and data of the program during running in real time, thereby detecting that the target data is called in time, so as to call link information for the target data.
S304, determining whether the operation type of performing the target operation on the target data is a preset type?
See S102 above, and will not be described here again.
S306, under the condition that the operation type for executing the target operation on the target data is determined to be the preset type, acquiring a user identifier corresponding to a user for executing the target operation on the target data according to the call link information.
See S106 above, and will not be described again here.
S308, determining whether the matching degree of the target data and the preset data exceeds a preset threshold value according to the preset data corresponding to the user identifier?
And determining the matching degree of the target data and the preset data according to the preset data corresponding to the user identification, wherein the matching degree represents the similarity or consistency between the target data and the preset data. The degree of matching between the target data and the preset data is determined as "high matching", "medium matching" or "low matching" by the preset standard. As another example, the degree of matching is determined by other criteria, such as accuracy, recall, F1 score, etc.
In one embodiment, the target data is preprocessed by a preset matching model or matching algorithm, and the matching degree with the preset data is further calculated, so that whether the matching degree exceeds a preset threshold value is determined. For example, the preset threshold is 80%, 90%, etc., set by the relevant personnel as needed.
S310, executing target operation on the target data under the condition that the matching degree of the target data and the preset data exceeds a preset threshold value.
And executing target operation on the target data under the condition that the matching degree of the target data and the preset data exceeds a preset threshold value, namely, the target data meets the preset condition related to the preset data.
S312, stopping executing the target operation on the target data under the condition that the operation type of the target operation is not the preset type or the target data does not meet the preset condition.
See S212 above, and will not be described again here.
According to the method and the device, the user identification corresponding to the user for executing the target operation on the target data is obtained according to the call link information aiming at the target data, whether the target data meets the preset condition related to the preset data is further determined according to the preset data corresponding to the user identification, so that the target operation is executed on the target data only when the target data meets the preset condition, and the condition that the target data is leaked or tampered is avoided. In other words, the embodiment of the specification can detect whether the target operation aiming at the target data is safe or not in real time, the detection instantaneity is high, the data safety of the database storing the target data in online use is guaranteed, whether the target operation is safe or not is judged by detecting whether the target data meets the preset condition related to preset data or not, the detection is reliable, and the detection efficiency is high.
The following are device embodiments of the present specification that may be used to perform method embodiments of the present specification. For details not disclosed in the device embodiments of the present specification, please refer to the method embodiments of the present specification.
Referring to fig. 6, a schematic structural diagram of a data security detection device according to an exemplary embodiment of the present disclosure is shown. The data security detection device may be implemented as all or part of the device by software, hardware, or a combination of both. The data security detection device includes an information acquisition module 401, an identification acquisition module 402, a condition determination module, and an execution operation module 402.
An information acquisition module 401, configured to acquire call link information for target data;
the identifier obtaining module 402 is configured to obtain, according to the call link information, a user identifier corresponding to a user performing a target operation on the target data;
a condition determining module 402, configured to determine, according to preset data corresponding to the user identifier, whether the target data meets a preset condition related to the preset data;
an execution operation module 403, configured to execute the target operation on the target data if the target data meets the preset condition.
In one embodiment, a data security detection device includes:
the type determining module is used for determining whether the operation type for executing the target operation on the target data is a preset type;
The identifier acquisition module 402 includes:
the identification acquisition unit is used for acquiring a user identification corresponding to a user executing the target operation on the target data according to the call link information under the condition that the operation type of the target operation is determined to be a preset type.
In one embodiment, the identification acquisition unit comprises:
the first acquisition subunit is used for acquiring an operation instruction which is included in the calling link information and indicates to execute target operation on the target data according to the calling link information;
and the second acquisition subunit is used for determining whether the operation type of the target operation is a preset type according to the instruction content of the operation instruction.
In one embodiment, a data security detection device includes:
and the target execution module is used for executing the target operation on the target data under the condition that the operation type of the target operation is not a preset type.
In one embodiment, the condition determination module 402 includes:
the condition determining unit is used for determining whether the matching degree of the target data and the preset data exceeds a preset threshold value according to the preset data corresponding to the user identifier;
Executing operation module 403 includes:
and the execution operation unit is used for executing the target operation on the target data under the condition that the matching degree of the target data and the preset data exceeds the preset threshold value.
In one embodiment, the identification acquisition module 402 includes:
a user login unit, configured to obtain, according to the call link information, user login data included in the call link information, for logging in a database storing the target data;
the identification acquisition unit is used for acquiring a user identification corresponding to a user executing target operation on the target data according to the user login data.
In one embodiment, the information acquisition module 401 includes:
and the information acquisition unit is used for acquiring call link information aiming at the target data according to the instrumentation technology.
In one embodiment, a data security detection device includes:
and the execution stopping module is used for stopping executing the target operation on the target data under the condition that the target data does not meet the preset condition.
According to the method and the device, the user identification corresponding to the user for executing the target operation on the target data is obtained according to the call link information aiming at the target data, whether the target data meets the preset condition related to the preset data is further determined according to the preset data corresponding to the user identification, so that the target operation is executed on the target data only when the target data meets the preset condition, and the condition that the target data is leaked or tampered is avoided. In other words, the embodiment of the specification can detect whether the target operation aiming at the target data is safe or not in real time, the detection instantaneity is high, the data safety of the database storing the target data in online use is guaranteed, whether the target operation is safe or not is judged by detecting whether the target data meets the preset condition related to preset data or not, the detection is reliable, and the detection efficiency is high.
It should be noted that, in the data security detection apparatus provided in the foregoing embodiment, only the division of the foregoing functional modules is used as an example when the data security detection method is executed, and in practical application, the foregoing functional allocation may be performed by different functional modules according to needs, that is, the internal structure of the device is divided into different functional modules, so as to complete all or part of the functions described above. In addition, the data security detection device and the data security detection method provided in the foregoing embodiments belong to the same concept, which embody the detailed implementation process in the method embodiment, and are not described herein again.
The foregoing embodiment numbers of the present specification are merely for description, and do not represent advantages or disadvantages of the embodiments.
The embodiments of the present disclosure further provide a computer storage medium, where a plurality of instructions may be stored, where the instructions are adapted to be loaded by a processor and executed by the processor, where the specific execution process may refer to the specific description of the embodiments shown in fig. 1 to 5, and the details are not repeated herein.
The present disclosure further provides a computer program product, where at least one instruction is stored, where the at least one instruction is loaded by the processor and executed by the processor to perform the data security detection method according to the embodiment shown in fig. 1 to 5, and the specific execution process may refer to the specific description of the embodiment shown in fig. 1 to 5, which is not repeated herein.
Referring to fig. 7, a schematic structural diagram of an electronic device is provided in an embodiment of the present disclosure. As shown in fig. 7, the electronic device 500 may include: at least one processor 501, at least one network interface 504, a user interface 503, a memory 505, at least one communication bus 502.
Wherein a communication bus 502 is used to enable connected communications between these components.
The user interface 503 may include a Display screen (Display) and a Camera (Camera), and the optional user interface 503 may further include a standard wired interface and a standard wireless interface.
The network interface 504 may optionally include a standard wired interface, a wireless interface (e.g., WI-FI interface), among others.
Wherein the processor 501 may include one or more processing cores. The processor 501 connects various portions of the overall server 500 using various interfaces and lines to perform various functions of the server 500 and process data by executing or executing instructions, programs, code sets, or instruction sets stored in the memory 505, and invoking data stored in the memory 505. Alternatively, the processor 501 may be implemented in hardware in at least one of digital signal processing (Digital Signal Processing, DSP), field programmable gate array (Field-Programmable Gate Array, FPGA), programmable logic array (Programmable Logic Array, PLA). The processor 501 may integrate one or a combination of several of a central processing unit (Central Processing Unit, CPU), an image processor (Graphics Processing Unit, GPU), and a modem, etc. The CPU mainly processes an operating system, a user interface, an application program and the like; the GPU is used for rendering and drawing the content required to be displayed by the display screen; the modem is used to handle wireless communications. It will be appreciated that the modem may not be integrated into the processor 501 and may be implemented by a single chip.
The Memory 505 may include a random access Memory (Random Access Memory, RAM) or a Read-Only Memory (Read-Only Memory). Optionally, the memory 505 comprises a non-transitory computer readable medium (non-transitory computer-readable storage medium). Memory 505 may be used to store instructions, programs, code sets, or instruction sets. The memory 505 may include a stored program area and a stored data area, wherein the stored program area may store instructions for implementing an operating system, instructions for at least one function (such as a touch function, a sound playing function, an image playing function, etc.), instructions for implementing the above-described various method embodiments, etc.; the storage data area may store data or the like involved in the above respective method embodiments. The memory 505 may also optionally be at least one storage device located remotely from the processor 501. As shown in fig. 7, an operating system, a network communication module, a user interface module, and a data security detection application may be included in the memory 505, which is one type of computer storage medium.
In the electronic device 500 shown in fig. 7, the user interface 503 is mainly used for providing an input interface for a user, and acquiring data input by the user; and the processor 501 may be configured to invoke the data security detection application stored in the memory 505 and specifically perform the following operations:
Acquiring call link information aiming at target data;
acquiring a user identifier corresponding to a user executing target operation on the target data according to the call link information;
determining whether the target data meets preset conditions related to the preset data according to preset data corresponding to the user identification;
and executing the target operation on the target data under the condition that the target data meets the preset condition.
In one embodiment, after the processor 501 executes the obtaining the call link information for the target data, before the obtaining, according to the call link information, the user identifier corresponding to the user performing the target operation on the target data, the method further executes:
determining whether the operation type for executing the target operation on the target data is a preset type;
acquiring a user identifier corresponding to a user executing target operation on the target data according to the call link information, and specifically executing:
and under the condition that the operation type of the target operation is determined to be a preset type, acquiring a user identifier corresponding to a user executing the target operation on the target data according to the call link information.
In one embodiment, the processor 501 performs the determining whether the operation type of performing the target operation on the target data is a preset type, specifically performing:
acquiring an operation instruction which is included in the calling link information and indicates to execute target operation on the target data according to the calling link information;
and determining whether the operation type of the target operation is a preset type according to the instruction content of the operation instruction.
In one embodiment, after the processor 501 performs the determining whether the operation type of performing the target operation on the target data is a preset type, it further performs:
and executing the target operation on the target data under the condition that the operation type of the target operation is not a preset type.
In one embodiment, the processor 501 executes the preset data corresponding to the user identifier to determine whether the target data meets a preset condition related to the preset data, specifically executes:
determining whether the matching degree of the target data and the preset data exceeds a preset threshold value according to the preset data corresponding to the user identifier;
and executing the target operation on the target data under the condition that the target data meets the preset condition, wherein the method comprises the following steps:
And executing the target operation on the target data under the condition that the matching degree of the target data and the preset data exceeds the preset threshold value.
In one embodiment, the processor 501 executes the step of obtaining, according to the call link information, a user identifier corresponding to a user performing the target operation on the target data, and specifically performs the step of:
acquiring user login data of a database which is included in the call link information and stores the target data according to the call link information;
and acquiring a user identifier corresponding to the user executing the target operation on the target data according to the user login data.
In one embodiment, the processor 501 executes the step of obtaining call link information for the target data, specifically:
and acquiring call link information aiming at the target data according to the instrumentation technology.
In one embodiment, after executing the preset data corresponding to the user identifier, the processor 501 further executes to determine whether the target data meets a preset condition related to the preset data:
and stopping executing the target operation on the target data under the condition that the target data does not meet the preset condition.
According to the method and the device, the user identification corresponding to the user for executing the target operation on the target data is obtained according to the call link information aiming at the target data, whether the target data meets the preset condition related to the preset data is further determined according to the preset data corresponding to the user identification, so that the target operation is executed on the target data only when the target data meets the preset condition, and the condition that the target data is leaked or tampered is avoided. In other words, the embodiment of the specification can detect whether the target operation aiming at the target data is safe or not in real time, the detection instantaneity is high, the data safety of the database storing the target data in online use is guaranteed, whether the target operation is safe or not is judged by detecting whether the target data meets the preset condition related to preset data or not, the detection is reliable, and the detection efficiency is high.
Those skilled in the art will appreciate that implementing all or part of the above-described methods in accordance with the embodiments may be accomplished by way of a computer program stored on a computer readable storage medium, which when executed may comprise the steps of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a read-only memory, a random access memory, or the like.
The foregoing disclosure is only illustrative of the preferred embodiments of the present invention and is not to be construed as limiting the scope of the claims, which follow the meaning of the claims of the present invention.
Claims (12)
1. A method of data security detection, the method comprising:
acquiring call link information aiming at target data;
acquiring a user identifier corresponding to a user executing target operation on the target data according to the call link information;
determining whether the target data meets preset conditions related to the preset data according to preset data corresponding to the user identification;
and executing the target operation on the target data under the condition that the target data meets the preset condition.
2. The data security detection method according to claim 1, after the acquiring the call link information for the target data, before the acquiring the user identifier corresponding to the user performing the target operation on the target data according to the call link information, further comprising:
determining whether the operation type for executing the target operation on the target data is a preset type;
the step of obtaining the user identifier corresponding to the user performing the target operation on the target data according to the call link information includes:
And under the condition that the operation type of the target operation is determined to be a preset type, acquiring a user identifier corresponding to a user executing the target operation on the target data according to the call link information.
3. The data security detection method according to claim 2, the determining whether an operation type of performing a target operation on the target data is a preset type, comprising:
acquiring an operation instruction which is included in the calling link information and indicates to execute target operation on the target data according to the calling link information;
and determining whether the operation type of the target operation is a preset type according to the instruction content of the operation instruction.
4. The data security detection method according to claim 2, wherein after determining whether the operation type of performing the target operation on the target data is a preset type, further comprising:
and executing the target operation on the target data under the condition that the operation type of the target operation is not a preset type.
5. The data security detection method according to claim 1, wherein the determining, according to the preset data corresponding to the user identifier, whether the target data meets a preset condition related to the preset data includes:
Determining whether the matching degree of the target data and the preset data exceeds a preset threshold value according to the preset data corresponding to the user identifier;
and executing the target operation on the target data under the condition that the target data meets the preset condition, wherein the method comprises the following steps:
and executing the target operation on the target data under the condition that the matching degree of the target data and the preset data exceeds the preset threshold value.
6. The method for detecting data security according to claim 1, wherein the step of obtaining, according to the call link information, a user identifier corresponding to a user performing a target operation on the target data includes:
acquiring user login data of a database which is included in the call link information and stores the target data according to the call link information;
and acquiring a user identifier corresponding to the user executing the target operation on the target data according to the user login data.
7. The data security detection method according to claim 1, the acquiring call link information for target data, comprising:
and acquiring call link information aiming at the target data according to the instrumentation technology.
8. The data security detection method according to claim 1, wherein after determining whether the target data meets a preset condition related to the preset data according to preset data corresponding to the user identifier, the method further comprises:
and stopping executing the target operation on the target data under the condition that the target data does not meet the preset condition.
9. A data security detection device, the device comprising:
the information acquisition module is used for acquiring call link information aiming at target data;
the identification acquisition module is used for acquiring a user identification corresponding to a user executing target operation on the target data according to the call link information;
the condition determining module is used for determining whether the target data meets preset conditions related to the preset data according to the preset data corresponding to the user identification;
and the execution operation module is used for executing the target operation on the target data under the condition that the target data meets the preset condition.
10. A computer storage medium storing a plurality of instructions adapted to be loaded by a processor and to perform the method steps of any one of claims 1 to 8.
11. A computer program product, the computer storage medium storing a plurality of instructions adapted to be loaded by a processor and to perform the method steps of any one of claims 1 to 8.
12. An electronic device, comprising: a processor and a memory; wherein the memory stores a computer program adapted to be loaded by the processor and to perform the method steps of any of claims 1-8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311487314.4A CN117640168A (en) | 2023-11-08 | 2023-11-08 | Data security detection method and device, storage medium and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311487314.4A CN117640168A (en) | 2023-11-08 | 2023-11-08 | Data security detection method and device, storage medium and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117640168A true CN117640168A (en) | 2024-03-01 |
Family
ID=90026120
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311487314.4A Pending CN117640168A (en) | 2023-11-08 | 2023-11-08 | Data security detection method and device, storage medium and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117640168A (en) |
-
2023
- 2023-11-08 CN CN202311487314.4A patent/CN117640168A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113098870B (en) | Phishing detection method and device, electronic equipment and storage medium | |
| US20200143051A1 (en) | Security scanning method and apparatus for mini program, and electronic device | |
| US9306889B2 (en) | Method and device for processing messages | |
| US11762979B2 (en) | Management of login information affected by a data breach | |
| KR102355973B1 (en) | Apparatus and method for detecting smishing message | |
| CN111414407A (en) | Data query method and device of database, computer equipment and storage medium | |
| JP2022502692A (en) | Speech processing methods, devices, devices, programs and computer storage media | |
| CN107145784B (en) | Vulnerability scanning method and device and computer readable medium | |
| CN107634947A (en) | Limitation malice logs in or the method and apparatus of registration | |
| CN112307464A (en) | Fraud identification method and device and electronic equipment | |
| EP2728472B1 (en) | User terminal, reliability management server, and method and program for preventing unauthorized remote operation | |
| KR101657667B1 (en) | Malicious app categorization apparatus and malicious app categorization method | |
| CN116800525A (en) | Honeypot protection method and device, storage medium and electronic equipment | |
| CN110348226A (en) | A kind of scan method of project file, device, electronic equipment and storage medium | |
| CN117640168A (en) | Data security detection method and device, storage medium and electronic equipment | |
| CN115329181A (en) | Information query method, query server and client | |
| CN107203714B (en) | Configuration method and device of data verification file | |
| CN113506090A (en) | Audit data processing method and device, storage medium and electronic equipment | |
| US9674160B2 (en) | Methods for anti-fraud masking of a universal resource indentifier (“URI”) | |
| CN117640166A (en) | List construction method and device, storage medium and electronic equipment | |
| CN117640155A (en) | List construction method and device, storage medium and electronic equipment | |
| CN110851586B (en) | Bank operation data processing system, method, equipment and storage medium | |
| US20230394151A1 (en) | Protected qr code scanner using operational system override | |
| CN117640162A (en) | List construction method and device, storage medium and electronic equipment | |
| CN117034291A (en) | Vulnerability detection method, vulnerability detection device, vulnerability detection equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |