CN117708880A - Intelligent security processing method and system for banking data - Google Patents
Intelligent security processing method and system for banking data Download PDFInfo
- Publication number
- CN117708880A CN117708880A CN202311723897.6A CN202311723897A CN117708880A CN 117708880 A CN117708880 A CN 117708880A CN 202311723897 A CN202311723897 A CN 202311723897A CN 117708880 A CN117708880 A CN 117708880A
- Authority
- CN
- China
- Prior art keywords
- data
- banking
- real
- security
- backup
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 27
- 230000006399 behavior Effects 0.000 claims abstract description 33
- 230000007246 mechanism Effects 0.000 claims abstract description 33
- 238000011084 recovery Methods 0.000 claims abstract description 33
- 238000012544 monitoring process Methods 0.000 claims abstract description 26
- 238000012550 audit Methods 0.000 claims abstract description 22
- 206010000117 Abnormal behaviour Diseases 0.000 claims abstract description 18
- 238000005516 engineering process Methods 0.000 claims abstract description 18
- 230000035945 sensitivity Effects 0.000 claims abstract description 18
- 238000001514 detection method Methods 0.000 claims abstract description 16
- 238000004458 analytical method Methods 0.000 claims abstract description 14
- 238000010801 machine learning Methods 0.000 claims abstract description 13
- 238000007726 management method Methods 0.000 claims abstract description 12
- 238000000034 method Methods 0.000 claims description 26
- 238000012545 processing Methods 0.000 claims description 22
- 230000004044 response Effects 0.000 claims description 16
- 230000008569 process Effects 0.000 claims description 15
- 238000000586 desensitisation Methods 0.000 claims description 13
- 230000002159 abnormal effect Effects 0.000 claims description 12
- 238000004891 communication Methods 0.000 claims description 12
- 238000004590 computer program Methods 0.000 claims description 10
- 230000008260 defense mechanism Effects 0.000 claims description 9
- 230000000694 effects Effects 0.000 claims description 9
- 238000012549 training Methods 0.000 claims description 9
- 230000005540 biological transmission Effects 0.000 claims description 7
- 230000006870 function Effects 0.000 claims description 6
- 230000007123 defense Effects 0.000 claims description 4
- 230000005856 abnormality Effects 0.000 claims description 3
- 238000013500 data storage Methods 0.000 claims description 3
- 238000004088 simulation Methods 0.000 claims description 3
- 230000002708 enhancing effect Effects 0.000 claims 1
- 238000012795 verification Methods 0.000 description 8
- 238000011835 investigation Methods 0.000 description 5
- 230000003442 weekly effect Effects 0.000 description 5
- 238000002955 isolation Methods 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 238000005336 cracking Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000002265 prevention Effects 0.000 description 2
- 230000001105 regulatory effect Effects 0.000 description 2
- 230000003014 reinforcing effect Effects 0.000 description 2
- 238000010923 batch production Methods 0.000 description 1
- 230000003542 behavioural effect Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000011010 flushing procedure Methods 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000000737 periodic effect Effects 0.000 description 1
- 238000013439 planning Methods 0.000 description 1
- 238000012706 support-vector machine Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Abstract
A banking data intelligent security processing method and system is characterized by comprising the following steps: determining the security requirement of the banking data, classifying the banking data into different grades, and classifying according to the sensitivity degree and the business importance; performing end-to-end encryption on sensitive data, implementing an enhanced access control mechanism, and adopting role-based authority management; adopting anonymization technology to desensitize the data needed to be used in the business scene; deploying a threat detection system, and timely discovering potential security threats by using a machine learning algorithm and behavior analysis; setting a regular data backup strategy and establishing an effective disaster recovery plan; and implementing a data audit mechanism, recording logs of data access and operation, deploying a real-time monitoring system, detecting abnormal behaviors in time and taking corresponding measures. The invention is helpful for banking industry to provide more personalized and real-time service, improves customer experience and enhances customer loyalty.
Description
Technical Field
The invention belongs to the technical field of data processing, and particularly relates to an intelligent safe processing method and system for banking business data.
Background
With the rapid development of life, banking systems are closely related to people's daily lives, and in recent years, events in which banking processes are suspended due to the updating of banking systems have occurred many times. The banking process is suspended, the receipt and payment operations of the customer are prevented, and the daily economic life of the customer may be affected, which negatively affects the bank, thereby damaging the bank. Banking involves a large amount of sensitive information, including customer identity, account information, etc., and is thus the target of hacking. Data disclosure may lead to customer privacy disclosure and financial loss. Banking involves multiple channels and sources of data, including online transactions, ATM operations, mobile applications, etc., resulting in complex sources of data that are difficult to integrate and manage efficiently. Banks face varying regulatory and regulatory environments that require continuous updating and adjustment of their data processing methods to ensure compliance. This includes compliance requirements for customer authentication, money back-flushing (AML), anti-terrorist financing (CTF), etc. Many banks are still using legacy systems that are aged, which may not have modern security features and flexibility, resulting in inefficient data processing. With the expansion of business scale, the data volume processed by banks is continuously increased, and higher requirements are put on real-time processing capacity. Conventional batch processes may not meet these requirements. Banking customers are increasingly desiring personalized, real-time services, and therefore more flexible data processing methods are needed to meet customer expectations and provide better customer experience.
Disclosure of Invention
This section is intended to outline some aspects of embodiments of the invention and to briefly introduce some preferred embodiments. Some simplifications or omissions may be made in this section as well as in the description summary and in the title of the application, to avoid obscuring the purpose of this section, the description summary and the title of the invention, which should not be used to limit the scope of the invention.
The present invention has been made in view of the above-mentioned or existing problems with banking data processing methods.
In order to solve the technical problems, the invention provides the following technical scheme:
in a first aspect, an embodiment of the present invention provides a method for intelligently and safely processing banking data, which is characterized by including: determining the security requirement of the banking data, classifying the banking data into different grades, and classifying according to the sensitivity degree and the business importance; performing end-to-end encryption on sensitive data, implementing an enhanced access control mechanism, and adopting role-based authority management; aiming at data which does not need to be associated with specific personal identities, anonymizing technology is adopted, the risk of data leakage is reduced, and desensitization treatment is carried out on the data which need to be used in a business scene so as to protect personal privacy; the threat detection system is deployed, a machine learning algorithm and behavior analysis are used for timely finding potential security threats, a multi-level security defense mechanism is implemented, and the anti-attack capability of the system is improved; setting a regular data backup strategy and establishing an effective disaster recovery plan; and implementing a data audit mechanism, recording logs of data access and operation so as to facilitate subsequent investigation and supervision, deploying a real-time monitoring system, detecting abnormal behaviors in time and taking corresponding measures.
As a preferable scheme of the intelligent security processing method for banking data, the invention comprises the following steps: the security requirements of the banking data include confidentiality, integrity and availability, the banking data is classified into different classes, and the classification is performed according to the sensitivity and the importance of the business, including personal identity information, financial transaction information, business contracts and legal documents, internal operation and flow data and public information.
As a preferable scheme of the intelligent security processing method for banking data, the invention comprises the following steps: the end-to-end encryption of the sensitive data implements an enhanced access control mechanism, adopts role-based rights management, and comprises the following steps: the sensitive data are precisely classified to determine personal identity information and financial transaction record data which need end-to-end encryption, a key management system is designed to ensure that the process of generating, distributing, rotating and storing encryption keys is safe and reliable, a hardware security module is used for protecting the keys, an AES algorithm is selected to ensure that the selection of the algorithm is strong enough to resist the current and future computing power, the end-to-end encryption is implemented in the process of generating the data and the process of transmitting the data and the storage of the data, the data are encrypted in all steps, only authorized entities can decrypt the data, the encryption keys are periodically rotated to reduce the risk of cracking the keys, and a safe transmission protocol is used for protecting the integrity and confidentiality of the data in the process of transmitting the data, so that man-in-the middle attack and data tampering can be prevented; the authentication mechanism, such as multi-factor authentication, is used to ensure that only authorized users can log in the system, the users are distributed to different roles, each role represents a group of authorities, specific authorities are defined in each role, the users can only access data and functions in the responsibility range, access control based on strategies is introduced, access authorities are automatically granted or denied according to the strategies defined in advance, access activities of all users are recorded, including successful and failed access attempts, and a real-time monitoring system is deployed, so that abnormal access behaviors can be timely detected.
As a preferable scheme of the intelligent security processing method for banking data, the invention comprises the following steps: aiming at the data which does not need to be associated with specific personal identities, adopting an anonymization technology to desensitize the data which needs to be used in a business scene, wherein the method comprises the following steps: the specific numerical value of the personal identity is converted into a more general range, so that the accuracy of the data is reduced; the numerical value is slightly disturbed, so that an individual is not easy to identify; adding a small random number to the specific revenue data; rearranging the data so that the relationship of the individual to its original data becomes insignificant; and (3) formulating a desensitization rule, ensuring consistency and repeatability in the whole data processing process, establishing a monitoring mechanism, periodically evaluating the desensitization effect, and ensuring the practicability and quality of the desensitized data.
As a preferable scheme of the intelligent security processing method for banking data, the invention comprises the following steps: the deployment threat detection system uses a machine learning algorithm and behavior analysis to discover potential security threats in time, implements a multi-level security defense mechanism, improves the anti-attack capability of the system, and comprises: training a system to identify a known threat pattern using a supervised learning algorithm, performing anomaly detection using an unsupervised learning algorithm, and identifying activities that do not match the normal behavior pattern; monitoring the behavior of users and systems, identifying abnormal behavior patterns, using entity behavior analysis, focusing on the behavior of specific users or system entities to identify potential threats; implementing a real-time response mechanism, when the threat detection system finds abnormal activity, a predefined response measure can be immediately adopted; firewall, intrusion detection and prevention systems are deployed to monitor and prevent malicious network traffic, secure remote access is ensured using a virtual private network, network isolation is implemented, sensitive data and systems are ensured to be isolated from the public network, and network traffic analysis tools are used to detect abnormal network behavior.
As a preferable scheme of the intelligent security processing method for banking data, the invention comprises the following steps: setting a regular data backup strategy, and establishing an effective disaster recovery plan, wherein the method comprises the following steps: classifying the data into different levels according to sensitivity and business importance so as to ensure the priority of the backup strategy; determining service priority of various data, and ensuring that key service data are backed up more frequently; for a key service system, real-time backup or near real-time backup is adopted, so that the real-time property of data is ensured; for general business data, the full backup is carried out regularly, and the backup is carried out daily or weekly; by using the incremental backup technology, only the data which changes since the last backup is backed up, so as to reduce the influence of the backup process on the system performance; storing the backup data in an offline medium, such as a tape library or an offline hard disk, to prevent the backup data from being attacked online; constructing a cross-department disaster recovery team, and defining responsibilities and tasks of each member; training team members, and performing simulation exercise regularly to ensure that the team is familiar with the disaster recovery process; setting up a standby data center, and ensuring that the standby data center can be quickly switched to a standby environment when the main data center is not available; rapidly deploying key systems and applications in a standby environment by using a virtualization technology; recording disaster recovery flow in detail, including steps of data recovery, system reconstruction and communication recovery; the necessary tools and software are provided to ensure that disaster recovery operations can be performed quickly and effectively in emergency situations; establishing an emergency communication plan to ensure rapid and effective communication among team members; setting a notification flow to ensure timely notification of disaster recovery progress to key stakeholders; deploying a monitoring system, periodically checking the effectiveness of backup and recovery processes, and recording abnormal events; the disaster recovery plan is periodically reviewed and the plan and flow are continually improved based on feedback from simulated drills and actual events.
As a preferable scheme of the intelligent security processing method for banking data, the invention comprises the following steps: the implementation of the data audit mechanism records the log of data access and operation so as to facilitate subsequent investigation and supervision, deploys a real-time monitoring system, timely detects abnormal behaviors and takes corresponding measures, and comprises the following steps: enabling audit functions for key data storage positions such as a database, a file system and the like, and ensuring that all data access events are recorded; recording the user identity of the access data, including user name and employee ID information, to ensure tracking of the visitor; recording data, including adding, modifying, deleting and the like, so as to track the history of data change; adding a time stamp into the audit log so as to accurately record the time when the data operation occurs; for data containing sensitive information, reinforcing audit monitoring, and recording access and operation to the data; recording changes to sensitive data, including when and by whom; encrypting the audit log to ensure that even if the log file is acquired, sensitive information in the audit log cannot be easily read; establishing a baseline behavior model of the user and the system by using a machine learning algorithm so as to detect abnormal behaviors; focusing on the behavior of a particular user or system entity, identifying potential threats; setting a real-time alarm mechanism based on a predefined rule and model so as to trigger an alarm immediately when abnormal behaviors are found; the real-time alarm notification is transmitted through various channels, including e-mail, short message or instant messaging, so that relevant personnel can be ensured to receive the notification in time; setting a predefined response strategy to take corresponding measures according to different threat levels; and an automatic response mechanism is adopted, so that the dependence on manual intervention is reduced, and the response speed is improved.
In a second aspect, an embodiment of the present invention provides an intelligent security processing system for banking data, which includes a data class classification module for determining security requirements of banking data, classifying the banking data into different classes, and classifying according to sensitivity and importance of the banking data; the data encryption module is used for carrying out end-to-end encryption on the sensitive data, implementing an enhanced access control mechanism and adopting role-based authority management; the data processing module is used for reducing the risk of data leakage by adopting an anonymization technology aiming at the data which does not need to be associated with specific personal identities, and performing desensitization processing on the data which needs to be used in a business scene so as to protect personal privacy; the threat defense module is used for deploying a threat detection system, timely discovering potential security threats by using a machine learning algorithm and behavior analysis, implementing a multi-level security defense mechanism and improving the attack resistance of the system; the data backup module is used for setting a regular data backup strategy and establishing an effective disaster recovery plan; the data auditing module is used for implementing a data auditing mechanism, recording logs of data access and operation so as to facilitate subsequent investigation and supervision, deploying a real-time monitoring system, detecting abnormal behaviors in time and taking corresponding measures.
In a third aspect, embodiments of the present invention provide a computer apparatus comprising a memory and a processor, the memory storing a computer program, wherein: and the processor realizes any step of the intelligent safe processing method for the banking data when executing the computer program.
In a fourth aspect, embodiments of the present invention provide a computer-readable storage medium having a computer program stored thereon, wherein: the computer program, when executed by the processor, implements any step of the intelligent security processing method for banking data.
The beneficial effects of the invention are as follows: by adopting advanced encryption technology, access control mechanism and security audit, the method can obviously improve the security of banking data and effectively prevent hacking, data leakage and unauthorized access. Through a multi-level security defense mechanism, potential security threats are timely detected and prevented, and various risks faced by banking business, including network attack and data damage, are reduced. The method considers the regulation and supervision requirements, ensures that the processing of banking data accords with the industry standard and regulation requirements, improves the compliance level and reduces the potential legal responsibility. By adopting a real-time monitoring system and an intelligent data processing technology, the method can discover abnormal behaviors and respond more rapidly, improves the data processing efficiency and reduces the response time of the system. By adopting anonymization technology and desensitization treatment, the method effectively protects the privacy information of the client, reduces the risk of sensitive data disclosure and enhances the trust of the client. By means of machine learning algorithm and behavior analysis, the method can achieve intelligent analysis of banking data, understand user behavior modes better, find potential abnormal activities and evaluate risks in time. Through regular backup and disaster recovery planning, the method ensures the reliability and the integrity of the data, improves the disaster resistance of the banking system and reduces the risk of data loss. Through intelligent processing and analysis of data, the method is helpful for banking to provide more personalized and real-time service, customer experience is improved, and customer loyalty is enhanced.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the description of the embodiments will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art. Wherein:
fig. 1 is a flowchart of a banking data intelligent security processing method according to an embodiment of the present invention.
Fig. 2 is a schematic structural diagram of an intelligent security processing system for banking data according to an embodiment of the present invention.
Fig. 3 is a flowchart of steps of data audit in a banking data intelligent security processing method according to an embodiment of the present invention.
Fig. 4 is an internal structure diagram of a computer device of a banking data intelligent security processing method and system according to an embodiment of the present invention.
Detailed Description
In order that the above-recited objects, features and advantages of the present invention will become more readily apparent, a more particular description of the invention will be rendered by reference to specific embodiments thereof which are illustrated in the appended drawings.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention, but the present invention may be practiced in other ways other than those described herein, and persons skilled in the art will readily appreciate that the present invention is not limited to the specific embodiments disclosed below.
Further, reference herein to "one embodiment" or "an embodiment" means that a particular feature, structure, or characteristic can be included in at least one implementation of the invention. The appearances of the phrase "in one embodiment" in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments.
Examples
Referring to fig. 1 to 3, a first embodiment of the present invention provides a method for intelligently and safely processing banking data, including:
s1: the security requirement of the banking data is determined, the banking data is classified into different grades, and the banking data is classified according to the sensitivity degree and the business importance.
Preferably, the security requirements of banking data include confidentiality, integrity and availability, and classification based on sensitivity and business importance includes personal identity information, financial transaction information, business contracts and legal documents, internal operations and flow data, and public information.
Furthermore, the sensitivity of personal identity information is highest, including the name, address, social security number and birthday of a client, the importance of business is very high, identity theft and fraud can be caused by leakage, the strongest encryption algorithm is adopted to implement end-to-end encryption, the access control is required to be the strictest, and only authenticated personnel can access the personal identity information; the sensitivity of financial transaction information is high, including account balance, transaction history and loan information, the business importance is also very high, the leakage can cause financial loss and trust problems, the encryption protection data transmission is adopted, the access control is implemented, and the access to the information is limited to the related staff; the sensitivity of business contracts and legal documents is high, including evidence of compliance of contracts, legal documents and regulations, business importance is high, leakage can cause compliance problems and legal liabilities, access control is adopted, only people needing to know the information can access, and periodic audit is carried out to track access history; the sensitivity of the internal operation and flow data is low, including training records of staff and internal operation manuals, the business importance is general, leakage can lead to exposure of the internal flow, and the basic access control is adopted, so that only the internal staff needing to know the information can access the internal flow; the sensitivity of public information is very low, including bank notices and market activities, business importance is low, leakage does not cause serious problems, basic access control is adopted, information is ensured to be disclosed outwards, and the public information is limited to content which cannot influence the security of banks.
S2: and carrying out end-to-end encryption on the sensitive data, implementing an enhanced access control mechanism, and adopting role-based authority management.
Preferably, sensitive data is precisely classified to determine personal identity information and financial transaction record data which need end-to-end encryption, a key management system is designed to ensure that the process of generating, distributing, rotating and storing encryption keys is safe and reliable, a hardware security module is used for protecting the keys, an AES algorithm is selected to ensure that the selection of the algorithm is strong enough to resist the current and future computing power, the end-to-end encryption is implemented at the generating end of the data, the data transmission process and the storage end of the data, the data is ensured to be encrypted in all steps, only authorized entities can decrypt the encrypted keys, the encryption keys are periodically rotated, so that the risk of cracking the keys is reduced, and a safe transmission protocol is used for protecting the integrity and confidentiality of the data in the data transmission process, so that man-in-the middle attacks and data tampering can be prevented.
Preferably, an authentication mechanism, such as multi-factor authentication, is used to ensure that only authorized users can log in the system, assign users to different roles, each role represents a set of rights, define specific rights in each role, ensure that users can only access data and functions in the responsibility range, introduce policy-based access control, automatically grant or deny access rights according to a predefined policy, record access activities of all users, including successful and failed access attempts, and deploy a real-time monitoring system, so that abnormal access behaviors can be detected in time.
Further, selecting an AES algorithm, using 256-bit key length as an encryption algorithm, generating an AES key through a secure random number generator, transmitting the key to a system needing encrypted data through a secure channel, periodically rotating the key, distributing a new key through the secure channel, storing the key in an HSM, ensuring physical and logical isolation, selecting the HSM conforming to a security standard, ensuring that the performance and functions of the HSM meet the system requirements, integrating the HSM into the system, ensuring proper configuration and connection of the HSM, periodically maintaining the HSM, updating software and firmware, monitoring the HSM state, and detecting possible attacks.
Further, when the user logs in, the system requires to input a user name and a password, the system generates a one-time security verification code and sends the one-time security verification code to a hardware token of the user, the user uses the verification code generated by the hardware token to perform second-step identity verification, and for higher security level operation, the user can be required to provide biological feature identification information; the user inputs the user name and the password, the system verifies whether the password provided by the user is correct, if the mobile phone short message verification code is started, the system sends the verification code to the registered mobile phone of the user, if the biometric identification is started, the system performs biometric feature verification, and the user is authorized to log in the system only after the biometric feature verification is performed through the multiple factors.
S3: aiming at the data which does not need to be associated with specific personal identities, an anonymization technology is adopted, and desensitization processing is carried out on the data which needs to be used in a business scene.
Preferably, the specific numerical value of the personal identity is converted into a more general range, so that the accuracy of the data is reduced; the numerical value is slightly disturbed, so that an individual is not easy to identify; adding a small random number to the specific revenue data; rearranging the data so that the relationship of the individual to its original data becomes insignificant; and (3) formulating a desensitization rule, ensuring consistency and repeatability in the whole data processing process, establishing a monitoring mechanism, periodically evaluating the desensitization effect, and ensuring the practicability and quality of the desensitized data.
And S4, deploying a threat detection system, timely discovering potential security threats by using a machine learning algorithm and behavior analysis, implementing a multi-level security defense mechanism and improving the anti-attack capability of the system.
Preferably, the system is trained using a supervised learning algorithm to identify known threat patterns, an unsupervised learning algorithm is employed to detect anomalies, and activities inconsistent with normal behavior patterns are identified; monitoring the behavior of users and systems, identifying abnormal behavior patterns, using entity behavior analysis, focusing on the behavior of specific users or system entities to identify potential threats; implementing a real-time response mechanism, when the threat detection system finds abnormal activity, a predefined response measure can be immediately adopted; firewall, intrusion detection and prevention systems are deployed to monitor and prevent malicious network traffic, secure remote access is ensured using a virtual private network, network isolation is implemented, sensitive data and systems are ensured to be isolated from the public network, and network traffic analysis tools are used to detect abnormal network behavior.
Further, if the threat mode is a malicious login behavior, preparing a data set containing known data of malicious login and normal login, selecting a support vector machine by an algorithm, using the marked data set, and training an SVM model to identify the malicious login mode; collecting login log data containing login IP, time and equipment information, extracting characteristics in the login log, such as IP address, login time and equipment type, marking known malicious login and normal login samples, training a model by using a supervised learning algorithm, enabling the model to identify a known threat mode, evaluating the performance of the model by using a test set, and adjusting parameters to improve accuracy.
S5: setting a regular data backup strategy and establishing an effective disaster recovery plan.
Preferably, the data are classified into different levels according to sensitivity and business importance so as to ensure the priority of the backup strategy; determining service priority of various data, and ensuring that key service data are backed up more frequently; for a key service system, real-time backup or near real-time backup is adopted, so that the real-time property of data is ensured; for general business data, the full backup is carried out regularly, and the backup is carried out daily or weekly; by using the incremental backup technology, only the data which changes since the last backup is backed up, so as to reduce the influence of the backup process on the system performance; the backup data is stored in an offline medium, such as a tape library or an offline hard disk, to prevent the backup data from being attacked online.
Preferably, a cross-department disaster recovery team is built to define the responsibilities and tasks of each member; training team members, and performing simulation exercise regularly to ensure that the team is familiar with the disaster recovery process; setting up a standby data center, and ensuring that the standby data center can be quickly switched to a standby environment when the main data center is not available; rapidly deploying key systems and applications in a standby environment by using a virtualization technology; recording disaster recovery flow in detail, including steps of data recovery, system reconstruction and communication recovery; the necessary tools and software are provided to ensure that disaster recovery operations can be performed quickly and effectively in emergency situations; establishing an emergency communication plan to ensure rapid and effective communication among team members; setting a notification flow to ensure timely notification of disaster recovery progress to key stakeholders; deploying a monitoring system, periodically checking the effectiveness of backup and recovery processes, and recording abnormal events; the disaster recovery plan is periodically reviewed and the plan and flow are continually improved based on feedback from simulated drills and actual events.
Further, if the user identity information (level 1, class a) is a daily full backup, an hourly incremental backup, a remote backup to a safe geographical location, the transaction record (level 2, class B) is a daily full backup, an daily incremental backup, a remote backup to a relatively offline geographical location, the system configuration information (level 3, class C) is a weekly full backup, a weekly incremental backup, a remote backup to a cloud storage or a remote data center; if the user identity information (level 1, class a) is the highest priority, backup per hour, transaction record (level 2, class B): the next highest priority, backup daily, system configuration information (level 3, class C) is lower priority, backup weekly.
S6: and implementing a data audit mechanism, recording logs of data access and operation so as to facilitate subsequent investigation and supervision, deploying a real-time monitoring system, detecting abnormal behaviors in time and taking corresponding measures.
Preferably, an audit function is started on key data storage positions such as a database, a file system and the like, so that all data access events are ensured to be recorded; recording the user identity of the access data, including user name and employee ID information, to ensure tracking of the visitor; recording data, including adding, modifying, deleting and the like, so as to track the history of data change; adding a time stamp into the audit log so as to accurately record the time when the data operation occurs; for data containing sensitive information, reinforcing audit monitoring, and recording access and operation to the data; recording changes to sensitive data, including when and by whom; the audit log is encrypted to ensure that even if the log file is acquired, sensitive information therein cannot be easily interpreted.
Preferably, a machine learning algorithm is used to build a baseline behavioral model of the user and system in order to detect abnormal behavior; focusing on the behavior of a particular user or system entity, identifying potential threats; setting a real-time alarm mechanism based on a predefined rule and model so as to trigger an alarm immediately when abnormal behaviors are found; the real-time alarm notification is transmitted through various channels, including e-mail, short message or instant messaging, so that relevant personnel can be ensured to receive the notification in time; setting a predefined response strategy to take corresponding measures according to different threat levels; and an automatic response mechanism is adopted, so that the dependence on manual intervention is reduced, and the response speed is improved.
Further, if abnormal behavior of the user a needs to be monitored, collecting user and system log data, selecting login time, login location, access frequency, resource utilization rate and network flow according to characteristics, and constructing a baseline behavior model by using an isolated forest, wherein the expression is as follows:
where E (H (x_i, t)) is the expected path length of data point x_i in all trees, c (n) is the constant of the average path length, and H is the sum of the sums;
focusing on a user A, training by using normal behavior data of the user A, monitoring the behavior of the user A in real time, and calculating the degree of abnormality; setting a warning threshold, and triggering an alarm if the degree of abnormality exceeds the threshold; if abnormal behaviors occur continuously and repeatedly, the alarm level is improved; and (5) real-time message notification and system log record.
In a preferred embodiment, an intelligent security processing system for banking data includes a data class classification module for determining security requirements of the banking data, classifying the banking data into different classes according to sensitivity and importance of the service; the data encryption module is used for carrying out end-to-end encryption on the sensitive data, implementing an enhanced access control mechanism and adopting role-based authority management; the data processing module is used for reducing the risk of data leakage by adopting an anonymization technology aiming at the data which does not need to be associated with specific personal identities, and performing desensitization processing on the data which needs to be used in a business scene so as to protect personal privacy; the threat defense module is used for deploying a threat detection system, timely discovering potential security threats by using a machine learning algorithm and behavior analysis, implementing a multi-level security defense mechanism and improving the attack resistance of the system; the data backup module is used for setting a regular data backup strategy and establishing an effective disaster recovery plan; the data auditing module is used for implementing a data auditing mechanism, recording logs of data access and operation so as to facilitate subsequent investigation and supervision, deploying a real-time monitoring system, detecting abnormal behaviors in time and taking corresponding measures.
The above unit modules may be embedded in hardware or independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above units.
In one embodiment, a computer device, which may be a terminal, is provided that includes a processor, a memory, a communication interface, a display screen, and an input device connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The communication interface of the computer device is used for carrying out wired or wireless communication with an external terminal, and the wireless mode can be realized through WIFI, an operator network, NFC (near field communication) or other technologies. The display screen of the computer equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, can also be keys, a track ball or a touch pad arranged on the shell of the computer equipment, and can also be an external keyboard, a touch pad or a mouse and the like.
It should be noted that the above embodiments are only for illustrating the technical solution of the present invention and not for limiting the same, and although the present invention has been described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that modifications and equivalents may be made thereto without departing from the spirit and scope of the technical solution of the present invention, which is intended to be covered by the scope of the claims of the present invention.
Claims (10)
1. The intelligent safe processing method for the banking data is characterized by comprising the following steps of:
determining the security requirement of the banking data, classifying the banking data into different grades, and classifying according to the sensitivity degree and the business importance;
performing end-to-end encryption on sensitive data, implementing an enhanced access control mechanism, and adopting role-based authority management;
aiming at data which does not need to be associated with specific personal identities, adopting an anonymization technology to reduce the risk of data leakage, and carrying out desensitization treatment on the data which needs to be used in a business scene;
the threat detection system is deployed, a machine learning algorithm is used for finding out potential security threats, a multi-level security defense mechanism is implemented, and the anti-attack capability of the system is improved;
setting a data backup strategy and establishing a disaster recovery plan;
and implementing a data audit mechanism, recording logs of data access and operation, deploying a real-time monitoring system, detecting abnormal behaviors and taking corresponding measures.
2. The intelligent security processing method of banking data of claim 1, wherein said determining security requirements of banking data includes confidentiality, integrity and availability, said classifying banking data into different levels according to sensitivity and business importance includes personal identity information and financial transaction information and business contracts and legal documents and internal operation and process data and public information.
3. The intelligent security processing method of banking data according to claim 1, wherein the performing end-to-end encryption of sensitive data to implement an enhanced access control mechanism, employing role-based rights management, includes:
classifying sensitive data, designing a key management system, protecting a key by using a hardware security module, selecting an AES algorithm to ensure that the selection of the algorithm is strong enough, and implementing end-to-end encryption in the process of generating and transmitting the data; the encryption key can be decrypted only by authorized entities, and the security transmission protocol is used for protecting the integrity and confidentiality of data in the process of data transmission, so that man-in-the-middle attacks and data tampering are prevented; using an authentication mechanism, only authorized users can log in the system, the users are distributed to different roles, each role represents a group of rights, and specific rights are defined in each role; access control based on a strategy is introduced, access rights are automatically granted or denied according to a predefined strategy, access activities of all users are recorded, a real-time monitoring system is deployed, and abnormal access behaviors are timely detected.
4. The intelligent security processing method of banking data according to claim 1, wherein the desensitizing process is performed on data which is required to be used in a business scenario by adopting an anonymization technology with respect to data which is not required to be associated with a specific personal identity, comprising:
rearranging the data, arranging the data from small to large with the mantissa of the income value being odd, arranging the data from large to small with the mantissa of the income value being even, making a desensitization rule, and periodically evaluating the desensitization effect.
5. The intelligent security processing method of banking data as claimed in claim 1, wherein said deployment threat detection system uses machine learning algorithm to discover potential security threats, implements a multi-level security defense mechanism, and improves the attack resistance of the system, comprising:
using a supervised learning algorithm training system to identify a threat mode, and adopting an unsupervised learning algorithm to detect abnormality; monitoring the behavior of users and systems, using entity behavior analysis, focusing on the behavior of specific users or system entities to identify potential threats; implementing a real-time response mechanism, when the threat detection system finds abnormal activity, a predefined response measure can be immediately adopted; firewall, intrusion detection and defense systems are deployed to monitor and prevent malicious network traffic, secure remote access is ensured using virtual private networks, and network quarantine is implemented.
6. The intelligent security processing method of banking data according to claim 1, wherein setting up a data backup policy and establishing a disaster recovery plan includes:
classifying the data into different levels according to sensitivity and business importance; determining service priority of various data, and adopting real-time backup or near real-time backup for a key service system; storing the backup data in an offline medium, constructing a cross-department disaster recovery team, and defining the responsibilities and tasks of each member; training team members, and performing simulation exercise regularly; setting up a standby data center, and rapidly deploying key systems and applications in a standby environment by using a virtualization technology; recording disaster recovery flow, including the steps of data recovery and system reconstruction and communication recovery; establishing a communication plan and setting a notification flow; and deploying a monitoring system, checking the effectiveness of the backup and recovery processes, and recording abnormal events.
7. The intelligent security processing method of banking data according to claim 1, wherein the implementing a data audit mechanism, recording logs of data access and operation, deploying a real-time monitoring system, detecting abnormal behavior and taking corresponding measures includes:
enabling an audit function for data storage positions of a database and a file system, recording user identities of access data, including user name and employee ID information, recording data operation, adding a time stamp into an audit log, and accurately recording the occurrence time of the data operation; enhancing audit monitoring for data containing sensitive information; encrypting the audit log, establishing a baseline behavior model of the user and the system by using a machine learning algorithm, focusing on the behavior of the user or the system entity, and identifying potential threats; setting a real-time alarm mechanism based on defined rules and models, transmitting real-time alarm notification through various channels, setting a predefined response strategy, and taking corresponding measures according to different threat levels; and an automatic response mechanism is adopted, so that the dependence on manual intervention is reduced, and the response speed is improved.
8. An intelligent security processing system for banking data, comprising:
the data grade classification module is used for determining the security requirement of the banking data, classifying the banking data into different grades and classifying according to the sensitivity degree and the business importance;
the data encryption module is used for carrying out end-to-end encryption on the sensitive data, implementing an enhanced access control mechanism and adopting role-based authority management;
the data processing module is used for reducing the risk of data leakage by adopting an anonymization technology aiming at the data which does not need to be associated with specific personal identities, and performing desensitization processing on the data which needs to be used in a business scene;
the threat defense module is used for deploying a threat detection system, discovering potential security threats by using a machine learning algorithm, implementing a multi-level security defense mechanism and improving the anti-attack capability of the system;
the data backup module is used for setting a data backup strategy and establishing a disaster recovery plan;
and the data auditing module is used for implementing a data auditing mechanism, recording logs of data access and operation, deploying a real-time monitoring system, detecting abnormal behaviors and taking corresponding measures.
9. A computer device comprising a memory and a processor, said memory storing a computer program, characterized in that the processor, when executing said computer program, implements the steps of the intelligent security processing method of banking data as claimed in any one of claims 1 to 7.
10. A computer readable storage medium having stored thereon a computer program, characterized in that the computer program when executed by a processor implements the steps of the intelligent security processing method of banking data as claimed in any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311723897.6A CN117708880A (en) | 2023-12-14 | 2023-12-14 | Intelligent security processing method and system for banking data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311723897.6A CN117708880A (en) | 2023-12-14 | 2023-12-14 | Intelligent security processing method and system for banking data |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117708880A true CN117708880A (en) | 2024-03-15 |
Family
ID=90160124
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311723897.6A Pending CN117708880A (en) | 2023-12-14 | 2023-12-14 | Intelligent security processing method and system for banking data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117708880A (en) |
-
2023
- 2023-12-14 CN CN202311723897.6A patent/CN117708880A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11928231B2 (en) | Dynamic multi-factor authentication | |
| US11799893B2 (en) | Cybersecurity detection and mitigation system using machine learning and advanced data correlation | |
| CN113660224B (en) | Situation awareness defense method, device and system based on network vulnerability scanning | |
| US20130086685A1 (en) | Secure integrated cyberspace security and situational awareness system | |
| EP4229532B1 (en) | Behavior detection and verification | |
| US20130086376A1 (en) | Secure integrated cyberspace security and situational awareness system | |
| US20220405401A1 (en) | Cybersecurity threat management using impact scoring | |
| US9900330B1 (en) | Systems and methods for identifying potentially risky data users within organizations | |
| CN113411297A (en) | Situation awareness defense method and system based on attribute access control | |
| CN116962076A (en) | Zero trust system of internet of things based on block chain | |
| GB2535579A (en) | Preventing unauthorized access to an application server | |
| CN115208611A (en) | Identity authentication method, identity authentication device, computer equipment, storage medium and program product | |
| CN117708880A (en) | Intelligent security processing method and system for banking data | |
| CN114037286A (en) | Big data based automatic sensitive data detection method and system for power dispatching | |
| US20230156020A1 (en) | Cybersecurity state change buffer service | |
| US20230334388A1 (en) | Cybersecurity operations center load balancing | |
| Luo | Research and Development of Deep Protection Model for Computer Network Information Security | |
| Azhar et al. | Big Data Security Issues: A Review | |
| CN117882336A (en) | Optimizing application security based on malicious user intent | |
| CN117763570A (en) | Cloud computing-based secure resource pool management method and system | |
| CN117527214A (en) | Information security detection method | |
| CN117332433A (en) | Data security detection method and system based on system integration | |
| Findley | BIFROST: A Statistical Analysis Framework for Detecting Insider Threat Activities on Cyber Systems | |
| CN117272349A (en) | Method, system and storage medium for protecting security of relational database | |
| CN117478364A (en) | Transmission anti-disclosure method and system based on enterprise research and development core data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |