CN118036046A - Leakage protection method and system based on information security data - Google Patents
Leakage protection method and system based on information security data Download PDFInfo
- Publication number
- CN118036046A CN118036046A CN202410411930.XA CN202410411930A CN118036046A CN 118036046 A CN118036046 A CN 118036046A CN 202410411930 A CN202410411930 A CN 202410411930A CN 118036046 A CN118036046 A CN 118036046A
- Authority
- CN
- China
- Prior art keywords
- data set
- data
- access
- security
- input
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 27
- 238000004458 analytical method Methods 0.000 claims abstract description 67
- 238000012795 verification Methods 0.000 claims abstract description 48
- 238000012360 testing method Methods 0.000 claims abstract description 41
- 230000005540 biological transmission Effects 0.000 claims abstract description 12
- 231100000279 safety data Toxicity 0.000 claims abstract description 9
- 238000011835 investigation Methods 0.000 claims abstract description 4
- 238000012546 transfer Methods 0.000 claims description 25
- 230000008569 process Effects 0.000 claims description 5
- 238000012550 audit Methods 0.000 claims description 4
- 238000004364 calculation method Methods 0.000 claims description 3
- 238000011076 safety test Methods 0.000 claims description 3
- 238000013136 deep learning model Methods 0.000 description 4
- 230000006399 behavior Effects 0.000 description 3
- 230000009545 invasion Effects 0.000 description 3
- 238000011084 recovery Methods 0.000 description 3
- 238000013523 data management Methods 0.000 description 2
- 238000013135 deep learning Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000010606 normalization Methods 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000006378 damage Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 230000001815 facial effect Effects 0.000 description 1
- 230000033001 locomotion Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 230000000737 periodic effect Effects 0.000 description 1
- 238000013439 planning Methods 0.000 description 1
- ZRHANBBTXQZFSP-UHFFFAOYSA-M potassium;4-amino-3,5,6-trichloropyridine-2-carboxylate Chemical compound [K+].NC1=C(Cl)C(Cl)=NC(C([O-])=O)=C1Cl ZRHANBBTXQZFSP-UHFFFAOYSA-M 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 230000011218 segmentation Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The invention relates to the technical field of information safety data protection, and discloses a leakage protection method and a leakage protection system based on information safety data, wherein the leakage protection system comprises a safety access module, an intelligent analysis module and an alarm protection module, and the leakage protection method comprises the following steps: step one, a user is connected with a security access module through a client, and inputs an account number and a password to perform identity verification, and access is allowed or denied; step two, inputting access data by a user according to requirements, performing investigation analysis by an intelligent analysis module, and splitting the access data into a sequence data group; Step three, the intelligent analysis module is connected with the database serial number to encrypt and form an encrypted data group; Fourth, the intelligent analysis module performs security test on the user authority level, and calculates and generates a vulnerability risk index; And fifthly, the alarm protection module generates a transmission signal or an alarm protection signal, and normally transmits data or forces the high-risk account to be offline.
Description
Technical Field
The invention relates to the technical field of information security data protection, in particular to a leakage protection method and system based on information security data.
Background
Information security data protection is a key component of the present digital age and involves a series of policies and techniques that protect data from unauthorized access, leakage, tampering, or destruction. With the increasing frequency and complexity of network attacks, both organizations and individuals need to take steps to ensure that their data remains secure and intact. First, the basis for information security data protection is authentication and access control. This means that only authenticated users can access specific data. This is typically achieved by a combination of a user name and password, but may also include more advanced methods such as biometric (fingerprint or facial recognition) or multi-factor authentication, where the user must provide two or more forms of credentials to gain access. Encryption is another important aspect of information security. By using an algorithm to convert the data into a code which can be interpreted only by a person holding the correct key, the encryption can protect the security of the data during transmission or storage, and two main types of symmetric encryption and asymmetric encryption are adopted. Symmetric encryption uses the same key for encryption and decryption, while asymmetric encryption uses a pair of keys, one for encryption and the other for decryption. Network security involves protecting a computer network from attacks, which includes using firewalls to prevent unauthorized access, deploying intrusion detection systems and intrusion prevention systems to monitor and prevent malicious activity, and implementing network segmentation to limit the range of movement of potential attackers. Disaster recovery planning and business continuity policies are important components of any information security data protection plan. These programs ensure that organizations can quickly resume normal operation in the event of data loss or system failure, backup data, build redundant systems, and conduct periodic recovery tests are critical steps to ensure quick recovery in emergency situations. Because information security data protection is a multi-level, multi-faceted challenge, a combination of technology, policy, and education is required to effectively address, and as technology evolves and threats evolve, organizations and individuals must remain vigilant, continually updating and enhancing security measures to protect precious data assets.
At present, the traditional leakage protection system identification model based on information safety data lacks deep learning capability, lacks intelligent identification capability on sensitive information, cannot realize classification management and audit on the data in enterprises, possibly causes the sensitive data to be leaked or abused unintentionally, besides technical measures, the company or organization formulates an execution safety policy, defines how to process the sensitive information, how to respond to safety events and rules to be followed by staff when using company resources, and timely updates and regularly trains the staff to know potential threats and optimal protection measures so as to reduce security holes caused by errors or negligence.
Disclosure of Invention
Aiming at the defects of the prior art, the invention provides a leakage protection method and a leakage protection system based on information safety data, which have the advantages of strong safety protection capability of a deep learning model, few timely and effective execution safety policy loopholes and the like, and solve the problems that the traditional recognition model lacks the deep learning capability data, has leakage risks and cannot guarantee the timely validity of the execution policy to cause the safety loopholes.
In order to achieve the above purpose, the present invention provides the following technical solutions: the leakage protection method based on the information safety data is realized through a leakage protection system based on the information safety data, the leakage protection system based on the information safety data comprises a safety access module, an intelligent analysis module and an alarm protection module, and the leakage protection method based on the information safety data comprises the following steps of;
step one, a user is connected with a security access module through a client network, an account and a password are input to form a login data set for identity verification, access is judged to be allowed or denied, and different authority levels of the allowed access user are numbered;
Allowing access users to input access data according to requirements, forming an input data set by the intelligent analysis module according to the access data, performing check analysis on the input data set, and splitting the input data set into sequence data sets ;
Step three, the intelligent analysis module is used for analyzing the sequence data setInquiring a network connection database, collecting an output data set of an inquiry result in real time through an encryption machine, numbering the output data set, and encrypting to form an encrypted data setWherein the sequence data is self-containedNumbering the input data set, and performing checking and analysis to obtain the input data set;
fourthly, the intelligent analysis module performs security test of random content according to the user authority level, and calculates and generates vulnerability risk index according to the test result ;
Fifthly, the alarm protection module is used for detecting the vulnerability risk indexAnd comparing the reference data set to generate a transmission signal or an alarm protection signal, if the transmission signal is generated, normally transmitting data, and if the alarm protection signal is generated, forcing the high-risk account to be offline.
Preferably, in the first step, the authentication includes face recognition, fingerprint recognition and voice question-and-answer, and each numbered authority level allows independence of access to the browsing range of the user.
Preferably, the leakage protection system based on the information security data comprises a security access module, an intelligent analysis module and an alarm protection module;
The security access module comprises an identity verification unit and an authority control unit, wherein the security access module acquires a reference data set through a network connection database and numbers the reference data set, the security access module acquires a login data set through a network connection client, numbers the login data set and then transmits the login data set to the identity verification unit, the identity verification unit performs identity verification on the login data set matched with the reference data set, generates a corresponding instruction and then transmits the corresponding instruction to the authority control unit, and the authority control unit correspondingly numbers the reference data set according to the user level and the instruction, and the security access module is connected with the intelligent analysis module through the network;
The intelligent analysis module comprises an input analysis unit, an output analysis unit and a data transfer unit, wherein the input analysis unit is connected with a client through a network to collect an input data set in real time, numbers the input data set and then analyzes the input data set through checking to form a sequence data set The output analysis unit is connected with the database and the encryption machine through a network to collect an output data set in real time, numbers the output data set and encrypts the output data set to form an encrypted data setThe security test is carried out by the data transfer unit aiming at users with different authority levels, and a vulnerability risk index is calculated and generated according to the test resultThe intelligent analysis module is connected with the early warning protection module through a network;
The alarm protection module is used for detecting the vulnerability risk index And generating corresponding signals by comparing the reference data sets, and transmitting the corresponding signals to the data transfer unit and the central control system through a network.
Preferably, the reference data set is composed of a reference verification data set, a reference authority data set, a reference input identification model, a reference output encryption model and a reference vulnerability risk index, and the security access module numbers the reference verification data set, the reference authority data set, the reference input identification model, the reference output encryption model and the reference vulnerability risk index according to the characteristics of the reference data set to obtain corresponding numbers of the reference verification data set, the reference authority data set, the reference input identification model, the reference output encryption model and the reference vulnerability risk index as follows respectively、、、And。
Preferably, the security access module numbers a plurality of users with access requirements according to the characteristics of a login data set, wherein the login data set is provided with the user number of、、、...The identity verification unit matches the login data set with the reference verification data setPerforming identity verification, wherein the identity verification process comprises password matching and information matching, and the number of a single user account password in the login data setWith reference verification data setWhen the passwords are not matched, generating access refusing instructions and transmitting the access refusing instructions to the authority control unit, wherein the numbers of the passwords of the single user account in the login data set are differentWith reference verification data setWhen the passwords are matched identically, the identity verification unit verifies the data set according to the referenceAnd randomly generating related security questions, generating an access permission instruction if the user answers correctly, and generating an access refusal instruction if the user answers incorrectly.
Preferably, the rights control unit is configured to control the rights of the user based on the access permission instruction and the reference rights data setFor the corresponding number of the user level, obtaining the user number of the access permission instruction as follows、、、...And the user account with the access refusal instruction more than three times is obtained, and continuous access is forbidden on the same day.
Preferably, the input analysis unit numbers the data input by the user for obtaining the access permission instruction according to the characteristics of the input data set, and the number of the input data set is、、、...The input analysis unit identifies a model from an input dataset and a reference inputPerforming an audit analysis to form a sequence data setThe formula of the investigation algorithm is as follows:
In the formula (i), The sequence data set is represented by a sequence,Representing multiple sets of morphed sequences broken down from the data variables that the access instruction user is allowed to enter,The representation is made with reference to an input recognition model,Representing the security data of the input dataset deformation sequence after the analysis by referring to the input recognition model,Representing a deformed sequence of the input data set,Indicating the number of user numbers.
Preferably, the output analysis unit numbers the data requested to be output by the user to obtain the access instruction according to the characteristics of the output data set, wherein the number of the output data set is、、、...The output analysis unit outputs an encryption model according to the output data set and the referenceEncryption is performed to form an encrypted data setThe encryption algorithm formula is as follows:
In the formula (i), Representing the set of encrypted data,The reference is shown to output an encryption model,Representing secret data in the output data set by referring to the output encryption model to randomly constitute security data at different encryption levels according to user levels,Indicating the number of user numbers.
Preferably, the data transfer unit performs security test on users with different authority levels, the authority levels are high and correspond to random security test times, the security test contents comprise historical login operation contents and execution security policies, and the data transfer unit calculates and generates vulnerability risk indexes according to test resultsThe calculation formula is as follows:
In the formula (i), Represents a vulnerability risk index that is indicative of the vulnerability,The sum of the safety test results is represented, the test pass is 1, the test fail is-1,A factorial of the number of security tests is indicated,And the vulnerability risk index of the user with the assigned authority level is evaluated through the security test.
Preferably, the alarm protection module is used for protecting the alarm according to the vulnerability risk indexComparing the reference vulnerability risk indexGenerating corresponding signals and transmitting the signals to a data transfer unit and a central control system through a network, wherein the vulnerability risk indexBelow the reference vulnerability risk indexWhen the vulnerability risk index is in the same state, generating a transmission signal to the data transfer unit to continue data transmissionGreater than a reference vulnerability risk indexAnd generating an alarm protection signal, forcing the account to be off line and closing the database.
Compared with the prior art, the invention provides a leakage protection method and system based on information security data, and the leakage protection method and system have the following beneficial effects:
1. The invention sets an identity verification unit and an authority control unit through a secure access module, a user connects the secure access module through a client network, a login data set is formed after inputting an account number and a password and is transmitted to the identity verification unit for identity verification, the judgment numbers are different authority levels and allow access to the user or reject access to the user, the identity verification process comprises password matching and information matching, the illegal personnel are effectively isolated from stealing the account number and password for logging in the authentication process, the identity verification unit randomly generates related security questions when the account number and the password are consistent, the user generates an access permission instruction when answering correctly, the answer error generates an access rejection instruction, the authority control unit corresponds to the user levels according to the instruction and a reference data set, the browsing range of each numbered authority level allows access to the user has independence, the intelligent analysis module sets the input analysis unit to acquire the input data set, and inquire and analyze the data input by the user after obtaining the access permission instruction to obtain the data input by the user, and the sequence data set is formed The method has the advantages that a large amount of access data is processed in a normalization mode, splitting judgment is more accurate, malicious attack data invasion with hidden waistcoats or random and changeable disorder is avoided, the recognition efficiency of a deep learning model is high, error and leakage are not prone to occur, an output analysis unit acquires an output data set in real time through a network connection database and an encryption machine, and the data which is required to be output by an access instruction user is numbered and then encrypted to form an encrypted data setThe key confidential data of different categories in the encryption system database corresponds to unlocking keys of different categories, the data management defensive performance is strong, and the deep learning model has strong safety protection capability.
2. The invention sets the data transfer unit through the intelligent analysis module, carries out security test on users with different authority levels, and calculates and generates vulnerability risk indexes according to test resultsThe risk index of the user account is digitally evaluated, subsequent judgment of user behavior safety is facilitated, and the alarm protection module early-warning protection module is used for early-warning according to the vulnerability risk indexComparing the reference vulnerability risk indexGenerating corresponding signals and vulnerability risk indexesBelow the reference vulnerability risk indexWhen the vulnerability risk index is in the same state, a transmission signal is generated to the data transfer unit to continue data transmissionGreater than a reference vulnerability risk indexAnd when the alarm protection signal is generated, the account is forced to be off line and the database is closed, so that the leakage of information data in a larger range is avoided, and the security policy vulnerability is effectively executed in time.
Drawings
FIG. 1 is a process step diagram of the present invention;
FIG. 2 is a schematic diagram of the system of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Referring to fig. 1, an information security data-based leakage protection method is implemented through an information security data-based leakage protection system, the information security data-based leakage protection system includes a security access module, an intelligent analysis module and an alarm protection module, and the information security data-based leakage protection method includes the following steps;
Firstly, a user is connected with a security access module through a client network, a login data set is formed after an account number and a password are input, the user is judged to be allowed to access or refused to access, and different authority levels of the allowed access user are numbered, the authentication data has time limitation, the accuracy of the authentication is ensured due to invalid timeout, the browsing range of each numbered authority level is allowed to have independence, the access users with the same authority level cannot share data, and each allowed access user cannot cross the browsing range of the authority level of the user, so that data leakage caused by illegal operation of the access user is avoided;
Allowing access users to input access data according to requirements, forming an input data set by the intelligent analysis module according to the access data, performing check analysis on the input data set, and splitting the input data set into sequence data sets Abnormal access data is blocked, and malicious attack data invasion with hidden waistcoats or variable disorder is avoided;
step three, the intelligent analysis module is used for analyzing the sequence data set Inquiring the network connection database, collecting the output data set of the inquiring result in real time by the encryptor, numbering the output data set, encrypting to form an encrypted data setWherein the sequence data setThe method is obtained by checking and analyzing the numbered input data sets, so that the key and the output data sets can be obtained only by a user passing the security test, and the security protection capability of the whole system is effectively improved;
fourthly, the intelligent analysis module performs security test of random content according to the user authority level, and calculates and generates vulnerability risk index according to the test result The risk index of the user account is digitally evaluated, so that the subsequent judgment of the safety of the user behavior is facilitated;
fifthly, the alarm protection module is used for detecting the vulnerability risk index And comparing the reference data set to generate a transmission signal or an alarm protection signal, if the transmission signal is generated, normally transmitting data, and if the alarm protection signal is generated, forcing the high-risk account to be offline, so that further information data leakage is effectively avoided in time.
A leakage protection system based on information security data is characterized in that: the system comprises a safety access module, an intelligent analysis module and an alarm protection module;
the security access module comprises an identity verification unit and an authority control unit, and is connected with the database through a network to acquire a reference data set and number the reference data set, wherein the reference data set consists of a reference verification data set, a reference authority data set, a reference input identification model, a reference output encryption model and a reference vulnerability risk index, and the numbers corresponding to the reference verification data set, the reference authority data set, the reference input identification model, the reference output encryption model and the reference vulnerability risk index are respectively 、、、AndThe security access module is connected with the client through a network to collect a login data set, numbers the login data set and transmits the login data set to the identity verification unit, the identity verification unit performs identity verification on the login data set matched with a reference data set, generates a corresponding instruction and transmits the corresponding instruction to the authority control unit, and the security access module numbers a plurality of users with access requirements according to the characteristics of the login data set, wherein the number of the users in the login data set is、、、...The number sequentially corresponds to a plurality of users accessing the client and logging in, and the identity verification unit matches the logging data set with the reference verification data setThe identity verification is carried out, the identity verification flow comprises password matching and information matching, and the two verification flows effectively isolate illegal personnel from stealing account passwords to log in, and the serial numbers of the account passwords of the single user in the login data set are effectively isolatedWith reference verification data setWhen the passwords are different in matching, the account numbers are different from the passwords, access refusing instructions are generated and transmitted to the authority control unit, and the serial numbers of the passwords of the single user account numbers in the login data set are recordedWith reference verification data setWhen the passwords are matched identically, the account number and the passwords are matched, and the identity verification unit verifies the data set according to the referenceRandomly generating related security questions, transmitting the related security questions to a client in a voice question-and-answer mode, generating an access permission instruction when a user answers correctly, generating an access refusing instruction when the user answers incorrectly, and numbering the access refusing instruction corresponding to a user level according to the instruction and a reference data set by a permission control unit, wherein the permission control unit is used for controlling the access refusing instruction according to the access permission instruction and the reference permission data setFor the corresponding number of the user level, obtaining the user number of the allowed access instruction as、、、...The number corresponds to the number of the user with different levels for obtaining the access permission instruction, the user account with the access refusal instruction more than three times is forbidden to continue to access on the same day, the account has the theft risk, the access prohibition ensures the system safety, and the security access module is connected with the intelligent analysis module through the network;
The intelligent analysis module comprises an input analysis unit, an output analysis unit and a data transfer unit, wherein the input analysis unit is connected with a client through a network to collect an input data set in real time, and the input data set is numbered by data which is allowed to be input by an access instruction user and is analyzed through examination to form a sequence data set And transmitting it to the data transfer unit and the output analysis unit, the input data set is numbered、、、...The input analysis unit identifies a model based on the input data set and the reference inputPerforming an audit analysis to form a sequence data setThe formula of the investigation algorithm is as follows:
In the formula (i), The sequence data set is represented by a sequence,Representing multiple sets of morphed sequences broken down from the data variables that the access instruction user is allowed to enter,The representation is made with reference to an input recognition model,Representing the security data of the input dataset deformation sequence after the analysis by referring to the input recognition model,Representing a deformed sequence of the input data set,Representing the number of user numbers, based on the sequence data setThe method has the advantages that a large amount of access data is processed in a normalization mode, the splitting judgment is more accurate, the invasion of malicious attack data with hidden waistcoats or random disorder is avoided, the recognition efficiency of the deep learning model is high, and the error leakage is not easy;
The output analysis unit is connected with the database and the encryption machine through a network to collect an output data set in real time, and encrypts the data which is obtained in the output data set and is allowed to be requested to be output by an access instruction user after numbering the data to form an encrypted data set And transmitted to the data transfer unit, the number of the output data set is、、、...The output analysis unit outputs an encryption model based on the output data set and the referenceEncryption is performed to form an encrypted data setThe encryption algorithm formula is as follows:
In the formula (i), Representing the set of encrypted data,The reference is shown to output an encryption model,Representing secret data in the output data set by referring to the output encryption model to randomly constitute security data at different encryption levels according to user levels,Representing the number of user numbers, based on the encrypted data setThe key confidential data of different types in the encryption system database correspond to unlocking keys of different types, the data management defensive performance is strong, and the safety protection capability of the whole system is strong;
The data transfer unit performs security test on users with different authority levels, and calculates and generates vulnerability risk indexes according to test results The intelligent analysis module is connected with the alarm protection module through a network, the data transfer unit carries out security test on users with different authority levels, the authority levels are high, the corresponding random security test times are high, the security test contents comprise historical login operation contents and execution security policies, whether the users carry out data input or output by themselves can be effectively distinguished, and the vulnerability risk index is generated by calculating the data transfer unit according to test resultsThe calculation formula is as follows:
In the formula (i), Represents a vulnerability risk index that is indicative of the vulnerability,The sum of the safety test results is represented, the test pass is 1, the test fail is-1,A factorial of the number of security tests is indicated,Representing vulnerability risk index of user with assigned authority level through security test evaluation, and according to vulnerability risk indexThe risk index of the user account is digitally evaluated, so that the subsequent judgment of the safety of the user behavior is facilitated;
The alarm protection module is used for protecting the vulnerability risk index The comparison reference data set generates a corresponding signal, and the corresponding signal is transmitted to the data transfer unit and the central control system through a network, and the early warning protection module is used for detecting the vulnerability risk indexComparing the reference vulnerability risk indexGenerating corresponding signals, and transmitting the corresponding signals to a data transfer unit and a central control system through a network, wherein the vulnerability risk indexBelow the reference vulnerability risk indexWhen the vulnerability risk index is in the same state, a transmission signal is generated to the data transfer unit to continue data transmissionGreater than a reference vulnerability risk indexAnd when the alarm protection signal is generated, the account is forced to be off line and the database is closed, so that the security policy vulnerability is effectively executed in time, and the information data leakage in a larger range is avoided.
Although embodiments of the present invention have been shown and described, it will be understood by those skilled in the art that various changes, modifications, substitutions and alterations can be made therein without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (10)
1. A leakage protection method based on information security data is characterized by comprising the following steps: the information security data-based leakage protection method is realized through an information security data-based leakage protection system, the information security data-based leakage protection system comprises a security access module, an intelligent analysis module and an alarm protection module, and the information security data-based leakage protection method comprises the following steps of;
step one, a user is connected with a security access module through a client network, an account and a password are input to form a login data set for identity verification, access is judged to be allowed or denied, and different authority levels of the allowed access user are numbered;
Allowing access users to input access data according to requirements, forming an input data set by the intelligent analysis module according to the access data, performing check analysis on the input data set, and splitting the input data set into sequence data sets ;
Step three, the intelligent analysis module is used for analyzing the sequence data setInquiring a network connection database, collecting an output data set of an inquiry result in real time through an encryption machine, numbering the output data set, and encrypting to form an encrypted data set/>Wherein the sequence data set/>Numbering the input data set, and performing checking and analysis to obtain the input data set;
fourthly, the intelligent analysis module performs security test of random content according to the user authority level, and calculates and generates vulnerability risk index according to the test result ;
Fifthly, the alarm protection module is used for detecting the vulnerability risk indexAnd comparing the reference data set to generate a transmission signal or an alarm protection signal, if the transmission signal is generated, normally transmitting data, and if the alarm protection signal is generated, forcing the high-risk account to be offline.
2. The leakage protection method based on information security data according to claim 1, wherein: in the first step, the authentication comprises the forms of face recognition, fingerprint recognition and voice question-answer, and each numbered authority level allows the browsing range of the access user to have independence.
3. A leakage protection system based on information security data is characterized in that: the system comprises a safety access module, an intelligent analysis module and an alarm protection module;
The security access module comprises an identity verification unit and an authority control unit, wherein the security access module acquires a reference data set through a network connection database and numbers the reference data set, the security access module acquires a login data set through a network connection client, numbers the login data set and then transmits the login data set to the identity verification unit, the identity verification unit performs identity verification on the login data set matched with the reference data set, generates a corresponding instruction and then transmits the corresponding instruction to the authority control unit, and the authority control unit correspondingly numbers the reference data set according to the user level and the instruction, and the security access module is connected with the intelligent analysis module through the network;
The intelligent analysis module comprises an input analysis unit, an output analysis unit and a data transfer unit, wherein the input analysis unit is connected with a client through a network to collect an input data set in real time, numbers the input data set and then analyzes the input data set through checking to form a sequence data set The output analysis unit is connected with the database and the encryption machine through a network to collect an output data set in real time, numbers the output data set and encrypts the output data set to form an encrypted data set/>The security test is carried out by the data transfer unit aiming at users with different authority levels, and a vulnerability risk index/>' is calculated and generated according to test resultsThe intelligent analysis module is connected with the alarm protection module through a network;
The alarm protection module is used for detecting the vulnerability risk index And generating corresponding signals by comparing the reference data sets, and transmitting the corresponding signals to the data transfer unit and the central control system through a network.
4. A leakage protection system based on information security data according to claim 3, wherein: the reference data set consists of a reference verification data set, a reference authority data set, a reference input identification model, a reference output encryption model and a reference vulnerability risk index, and the security access module numbers the reference verification data set, the reference authority data set, the reference input identification model, the reference output encryption model and the reference vulnerability risk index according to the characteristics of the reference data set to obtain the reference verification data set, the reference authority data set, the reference input identification model, the reference output encryption model and the reference vulnerability risk index with the corresponding numbers respectively being、/>、/>、/>And/>。
5. The information security data based leakage protection system of claim 4, wherein: the security access module numbers a plurality of users with access requirements according to the characteristics of a login data set, wherein the number of the users in the login data set is、/>、/>、.../>The authentication unit matches the login dataset with the reference authentication dataset/>Performing identity verification, wherein the identity verification process comprises password matching and information matching, and the serial number/>, of a single user account password in the login data setWith reference verification dataset/>When the passwords are not matched, generating access refusing instructions and transmitting the access refusing instructions to the permission control unit, wherein the serial numbers/>, of the passwords of the single user account in the login data setWith reference verification dataset/>When the passwords are matched identically, the identity verification unit verifies the data set/>, according to the referenceAnd randomly generating related security questions, generating an access permission instruction if the user answers correctly, and generating an access refusal instruction if the user answers incorrectly.
6. The information security data based leakage protection system of claim 5, wherein: the permission control unit is used for controlling the permission of the access instruction and referencing the permission data setAiming at the corresponding number of the user level, obtaining the user number of the access permission instruction as/>、/>、/>、.../>And the user account with the access refusal instruction more than three times is obtained, and continuous access is forbidden on the same day.
7. The information security data based leakage protection system of claim 6, wherein: the input analysis unit numbers the data input by the user for obtaining the access permission instruction according to the characteristics of the input data set, wherein the number of the input data set is、/>、/>、.../>The input analysis unit identifies a model/>, based on the input dataset and the reference inputPerforming an audit analysis to form a sequence data set/>The formula of the investigation algorithm is as follows:
In the formula,/> The sequence data set is represented by a sequence,Representing multiple sets of deformation sequences split according to data variables entered by a user obtaining said access-enabling instruction,/>Representing a reference input recognition model,/>And (3) representing the safety data of the input data set deformation sequence after the analysis by referring to the input identification model, wherein x represents the input data set deformation sequence, and n represents the number of user numbers.
8. The information security data based leakage protection system of claim 6, wherein: the output analysis unit numbers the data which is requested to be output by the user and is allowed to access according to the characteristics of the output data set, wherein the number of the output data set is、/>、/>、.../>The output analysis unit outputs an encryption model/>, based on the output dataset and the referenceEncryption to form an encrypted data set/>The encryption algorithm formula is as follows:
In the formula,/> Representing an encrypted data set,/>The reference is shown to output an encryption model,The secret data in the output data set is represented by security data randomly composed at different encryption levels according to user levels by referring to the output encryption model, and n represents the number of user numbers.
9. A leakage protection system based on information security data according to claim 3, wherein: the data transfer unit performs security test on users with different authority levels, the authority levels are high and correspond to random security test times, the security test contents comprise historical login operation contents and execution security policies, and the data transfer unit calculates and generates vulnerability risk indexes according to test resultsThe calculation formula is as follows:
In the formula,/> Represents a vulnerability risk index that is indicative of the vulnerability,Representing the sum of the safety test results, the test pass is 1, and the test fail is-1,/>Factorial of security test times,/>And the vulnerability risk index of the user with the assigned authority level is evaluated through the security test.
10. The information security data based leakage protection system of claim 9, wherein: the alarm protection module is used for detecting the vulnerability risk indexContrast to the reference vulnerability risk index/>Generating corresponding signals and transmitting the signals to a data transfer unit and a central control system through a network, wherein the vulnerability risk index/>Below the reference vulnerability risk indexWhen the vulnerability risk index/>, generating a transmission signal to the data transfer unit to continue data transmissionGreater than the reference vulnerability risk index/>And generating an alarm protection signal, forcing the account to be off line and closing the database.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410411930.XA CN118036046B (en) | 2024-04-08 | 2024-04-08 | Leakage protection method and system based on information security data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410411930.XA CN118036046B (en) | 2024-04-08 | 2024-04-08 | Leakage protection method and system based on information security data |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN118036046A true CN118036046A (en) | 2024-05-14 |
| CN118036046B CN118036046B (en) | 2024-06-07 |
Family
ID=90989369
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410411930.XA Active CN118036046B (en) | 2024-04-08 | 2024-04-08 | Leakage protection method and system based on information security data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN118036046B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109446794A (en) * | 2018-10-15 | 2019-03-08 | 维沃移动通信有限公司 | A kind of cipher-code input method and its mobile terminal |
| CA3112143A1 (en) * | 2020-03-18 | 2021-09-18 | Cyberlab Inc. | System and method for determining cybersecurity rating and risk scoring |
| US20220407702A1 (en) * | 2021-06-22 | 2022-12-22 | Artema Labs, Inc | Systems and Methods for Token Creation and Management |
| CN117081815A (en) * | 2023-08-23 | 2023-11-17 | 平安银行股份有限公司 | Method, device, computer equipment and storage medium for data security transmission |
| CN117150524A (en) * | 2023-08-30 | 2023-12-01 | 南京邮电大学 | Self-adaptive safe two-party computing method and system based on GPU |
-
2024
- 2024-04-08 CN CN202410411930.XA patent/CN118036046B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109446794A (en) * | 2018-10-15 | 2019-03-08 | 维沃移动通信有限公司 | A kind of cipher-code input method and its mobile terminal |
| CA3112143A1 (en) * | 2020-03-18 | 2021-09-18 | Cyberlab Inc. | System and method for determining cybersecurity rating and risk scoring |
| US20220407702A1 (en) * | 2021-06-22 | 2022-12-22 | Artema Labs, Inc | Systems and Methods for Token Creation and Management |
| CN117081815A (en) * | 2023-08-23 | 2023-11-17 | 平安银行股份有限公司 | Method, device, computer equipment and storage medium for data security transmission |
| CN117150524A (en) * | 2023-08-30 | 2023-12-01 | 南京邮电大学 | Self-adaptive safe two-party computing method and system based on GPU |
Also Published As
| Publication number | Publication date |
|---|---|
| CN118036046B (en) | 2024-06-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Andress | The basics of information security: understanding the fundamentals of InfoSec in theory and practice | |
| Stewart et al. | CISSP: Certified information systems security professional study guide | |
| US20210328969A1 (en) | Systems and methods to secure api platforms | |
| Andress | Foundations of information security: a straightforward introduction | |
| Murali et al. | A survey on intrusion detection approaches | |
| CN116962076A (en) | Zero trust system of internet of things based on block chain | |
| CN112100662A (en) | Regional data safety monitoring system | |
| CN112199700B (en) | Safety management method and system for MES data system | |
| CN118036046B (en) | Leakage protection method and system based on information security data | |
| El-Abed et al. | Towards the security evaluation of biometric authentication systems | |
| Akbarfam et al. | Dlacb: Deep learning based access control using blockchain | |
| Andronikou et al. | Biometric implementations and the implications for security and privacy | |
| Arjunwadkar et al. | The rule based intrusion detection and prevention model for biometric system | |
| Zibran | Biometric authentication: The security issues | |
| Thapliyal et al. | Security threats in healthcare big data: a comparative study | |
| Ghadge | Enhancing threat detection in Identity and Access Management (IAM) systems | |
| CN112000953A (en) | Big data terminal safety protection system | |
| Sheik et al. | Considerations for secure mosip deployment | |
| MOSTAFA et al. | FALSE ALARM REDUCTION SCHEME FOR DATABASE INTRUSION DETECTION SYSTEM. | |
| CN117371048B (en) | Remote access data processing method, device, equipment and storage medium | |
| Laas-Mikko et al. | Promises, Social, and Ethical Challenges with Biometrics in Remote Identity Onboarding | |
| Panda | Cyber Intrusion Detection, Prevention, and Future IT Strategy | |
| Gund et al. | Secure Banking Application with Image and GPS Location | |
| Zhao | Establishing a sound online learning environment for the security and privacy protection of online training | |
| López et al. | CGAPP: A continuous group authentication privacy-preserving platform for industrial scene |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant |