CN118133274A - Information security management and monitoring method and system based on big data - Google Patents

Information security management and monitoring method and system based on big data Download PDF

Info

Publication number
CN118133274A
CN118133274A CN202410326118.7A CN202410326118A CN118133274A CN 118133274 A CN118133274 A CN 118133274A CN 202410326118 A CN202410326118 A CN 202410326118A CN 118133274 A CN118133274 A CN 118133274A
Authority
CN
China
Prior art keywords
data
enterprise
storage
security
risk
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202410326118.7A
Other languages
Chinese (zh)
Inventor
王小兵
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Zhizai Information Technology Co ltd
Original Assignee
Guangzhou Zhizai Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Zhizai Information Technology Co ltd filed Critical Guangzhou Zhizai Information Technology Co ltd
Priority to CN202410326118.7A priority Critical patent/CN118133274A/en
Publication of CN118133274A publication Critical patent/CN118133274A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/23Clustering techniques
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/24Classification techniques
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2123/00Data types
    • G06F2123/02Data types in the time domain, e.g. time-series data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Evolutionary Computation (AREA)
  • Evolutionary Biology (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Artificial Intelligence (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Automation & Control Theory (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to the technical field of information security, in particular to an information security management and monitoring method and system based on big data. The method comprises the following steps: performing storage space detection analysis on the enterprise data storage to obtain real-time storage space allocation data; acquiring enterprise target storage data; carrying out storage security risk classification on enterprise target storage data to obtain security risk gradient data; collecting a security audit log of an enterprise data storage to obtain security event log data; performing attack evolution mining analysis on the enterprise data storage according to the security event log data to obtain attack mode prediction data; and carrying out dynamic access control authority planning on the enterprise target storage data according to the security risk gradient data to obtain access control authority configuration data. The invention can improve the information security management capability, monitor and analyze the data flow in real time, quickly discover and deal with security threat and strengthen network security protection.

Description

Information security management and monitoring method and system based on big data
Technical Field
The invention relates to the technical field of information security, in particular to an information security management and monitoring method and system based on big data.
Background
With the rapid development of the internet and the improvement of the informatization degree, the information security problem is increasingly outstanding. The traditional information security management method cannot meet the security requirements of large-scale and high-speed data traffic and complex network environments.
With the rapid development of the internet and the improvement of the informatization degree, people rely more and more on networks to perform various activities including communication, shopping, banking, etc. The number of internet users has grown exponentially and the interconnection of various devices has also led to a dramatic increase in data traffic. The conventional information security management method cannot cope with such large-scale data traffic, so that detection and response of security events become difficult. The rapid development of emerging technologies such as cloud computing and the Internet of things greatly improves the transmission speed of data in a network. The traditional information security management method is difficult to monitor and analyze high-speed data traffic in real time, and cannot discover and deal with security threats in time.
Disclosure of Invention
Accordingly, the present invention is directed to a method and system for information security management and monitoring based on big data, so as to solve at least one of the above-mentioned problems.
In order to achieve the above purpose, an information security management and monitoring method based on big data comprises the following steps:
Step S1: performing storage space detection analysis on the enterprise data storage to obtain real-time storage space allocation data; acquiring enterprise target storage data; carrying out storage security risk classification on enterprise target storage data to obtain security risk gradient data;
step S2: collecting a security audit log of an enterprise data storage to obtain security event log data; performing attack evolution mining analysis on the enterprise data storage according to the security event log data to obtain attack mode prediction data;
step S3: dynamic access control authority planning is carried out on the enterprise target storage data according to the security risk gradient data, and access control authority configuration data are obtained; performing intelligent block storage on the enterprise target storage data according to the access control authority configuration data and the real-time storage space allocation data to obtain an enterprise data block management matrix;
Step S4: performing behavior analysis simulation on the enterprise data storage according to the attack mode prediction data based on the enterprise data block management matrix to obtain virtual attack behavior data; performing intelligent defense strategy optimization iterative operation on the enterprise data storage according to the virtual attack behavior data;
Step S5: the method comprises the steps of performing security situation awareness monitoring on an enterprise data storage, and performing access trace recording on illegal personnel access when illegal personnel access is detected, so as to obtain illegal access behavior data; and sending the illegal access behavior data to all personnel in a preset safety response team member list.
The invention can know the space allocation condition of the enterprise data storage in real time by carrying out storage space detection analysis on the enterprise data storage, and the information comprises the used space, the available space and the like. This helps to improve the utilization efficiency of storage resources and reduce the waste of storage space. By acquiring enterprise target storage data, comprehensive knowledge of enterprise key data can be established, and basic data can be provided for subsequent security risk classification and access control authority planning. And the enterprise target storage data is subjected to storage security risk classification, and the security level of the data can be classified according to the sensitivity, importance and risk level of the data. This helps to determine the security level of the different data and provides guidance for subsequent access control rights planning. By collecting the security audit log of the enterprise data store, log data of security events can be recorded and collected in time. This helps to discover potential security threats and attack behaviors, providing underlying data for subsequent attack pattern predictions and security responses. And carrying out attack evolution mining analysis according to the security event log data, so that the mode and behavior rule of an attacker can be identified, and the possible attack mode is predicted. This helps to take corresponding security defense strategies in advance, reducing security risks and losses. And carrying out dynamic access control authority planning on enterprise target storage data according to the security risk gradient data, and distributing proper access authorities for each user or role according to the security level and access requirements of different data. This helps to increase the security of the data, preventing unauthorized access and accidental disclosure. And according to the access control authority configuration data and the real-time storage space allocation data, performing intelligent block storage on the enterprise target storage data. This helps to improve the storage efficiency and access speed of data while reducing redundant storage of data. And performing behavior analysis simulation on the enterprise data storage based on the enterprise data block management matrix and the attack pattern prediction data. The method is helpful for simulating and evaluating the influence of different attack modes on the enterprise data storage, and provides basis for optimization and iteration of security defense strategies. And performing intelligent defense strategy optimization iterative operation on the enterprise data storage according to the virtual attack behavior data. This helps to continuously improve and boost the effectiveness of the defense strategy and enhance the resistance to attacks. The security situation awareness monitoring is carried out on the enterprise data storage, so that the security situation of the storage can be monitored in real time. This facilitates timely discovery of access actions and security events by illegal personnel for timely adoption of corresponding security response measures. When illegal personnel access is detected, access trace records are carried out on the illegal personnel access. This helps to collect evidence and understand the behavior of the attacker, providing support for security investigation and traceability. And sending the illegal access behavior data to all personnel in a preset safety response group member list. This helps to timely notify personnel and initiate corresponding security response measures to protect the security and confidentiality of the enterprise data. The invention can effectively meet the safety requirements of large-scale and high-speed data flow and complex network environment, improve the detection and response capability of safety events and strengthen the discovery and response capability of safety threats.
Preferably, the present invention also provides a big data based information security management and monitoring system for executing the big data based information security management and monitoring method as described above, the big data based information security management and monitoring system comprising:
The risk classification module is used for carrying out storage space detection analysis on the enterprise data storage to obtain real-time storage space allocation data; acquiring enterprise target storage data; carrying out storage security risk classification on enterprise target storage data to obtain security risk gradient data;
The attack mode prediction module is used for carrying out security audit log acquisition on the enterprise data storage to obtain security event log data; performing attack evolution mining analysis on the enterprise data storage according to the security event log data to obtain attack mode prediction data;
The intelligent block storage module is used for carrying out dynamic access control authority planning on the enterprise target storage data according to the security risk gradient data to obtain access control authority configuration data; performing intelligent block storage on the enterprise target storage data according to the access control authority configuration data and the real-time storage space allocation data to obtain an enterprise data block management matrix;
the defense optimization module is used for performing behavior analysis simulation on the enterprise data storage based on the enterprise data block management matrix according to the attack mode prediction data to obtain virtual attack behavior data; performing intelligent defense strategy optimization iterative operation on the enterprise data storage according to the virtual attack behavior data;
The security situation monitoring and responding module is used for performing security situation sensing monitoring on the enterprise data storage, and performing access trace recording on illegal personnel access when illegal personnel access is detected to obtain illegal access behavior data; and sending the illegal access behavior data to all personnel in a preset safety response team member list.
According to the invention, through the risk classification module, the system can analyze the storage space and classify the security risk of the enterprise data storage, and provide real-time storage space distribution data and security risk gradient data for the enterprise. This helps the enterprise to know the use of storage space and security risk level, so that information security risk management can be performed more effectively. Through the attack mode prediction module, the system can collect security event log data and conduct attack evolution mining analysis to predict potential attack modes. This enables the enterprise to learn about possible attacks in advance and take corresponding precautions to reduce or avoid potential security threats. The intelligent block storage module can conduct dynamic access control authority planning and intelligent block storage on enterprise target storage data according to the security risk gradient data and the real-time storage space distribution data. This helps to optimize the storage structure of data, improve the storage efficiency and the data access speed, and ensure the security and privacy protection of the data. The defense optimization module optimizes iterative operation through behavior analysis simulation and intelligent defense strategies, and can conduct behavior analysis and optimize the defense strategies on the enterprise data storage based on the enterprise data block management matrix and attack mode prediction data. The enterprise can better know the safety state of the system, timely take defending measures and continuously improve the defending capability of the system. The security situation monitoring and responding module can perform security situation sensing monitoring on the enterprise data storage, records illegal access behavior data when illegal personnel access is detected, and sends the illegal access behavior data to all personnel in a preset security response team member list. This helps to discover and deal with illegal accesses in time, protecting the security of enterprise data. In summary, the method and the system can improve the information security management capability of enterprises, predict and prevent attack behaviors, improve the data storage efficiency and security, strengthen the system defense and response capability, monitor and respond illegal access in real time, and comprehensively protect the information security of the enterprises.
Drawings
Other features, objects and advantages of the invention will become more apparent upon reading of the detailed description of a non-limiting implementation, made with reference to the accompanying drawings in which:
fig. 1 is a schematic flow chart of steps of an information security management and monitoring method based on big data according to an embodiment.
Fig. 2 shows a detailed step flow diagram of step S34 of an embodiment.
Fig. 3 shows a detailed step flow diagram of step S345 of an embodiment.
Detailed Description
The following is a clear and complete description of the technical method of the present patent in conjunction with the accompanying drawings, and it is evident that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present invention without making any inventive effort, are intended to fall within the scope of the present invention.
Furthermore, the drawings are merely schematic illustrations of the present invention and are not necessarily drawn to scale. The same reference numerals in the drawings denote the same or similar parts, and thus a repetitive description thereof will be omitted. Some of the block diagrams shown in the figures are functional entities and do not necessarily correspond to physically or logically separate entities. The functional entities may be implemented in software or in one or more hardware modules or integrated circuits or in different networks and/or processor methods and/or microcontroller methods.
It will be understood that, although the terms "first," "second," etc. may be used herein to describe various elements, these elements should not be limited by these terms. These terms are only used to distinguish one element from another element. For example, a first element could be termed a second element, and, similarly, a second element could be termed a first element, without departing from the scope of example embodiments. The term "and/or" as used herein includes any and all combinations of one or more of the associated listed items.
In order to achieve the above objective, referring to fig. 1 to 3, the present invention provides an information security management and monitoring method based on big data, comprising the following steps:
Step S1: performing storage space detection analysis on the enterprise data storage to obtain real-time storage space allocation data; acquiring enterprise target storage data; carrying out storage security risk classification on enterprise target storage data to obtain security risk gradient data;
In particular, for example, a data store of an enterprise may be analyzed using storage space exploration tools or techniques to obtain real-time storage space allocation data. The data may include information of total capacity of the memory, used capacity, free capacity, etc. And determining storage data required to be subjected to storage security analysis according to the requirements and the targets of enterprises. This may include critical data for the enterprise, sensitive data, customer data, etc. And carrying out storage security risk classification on the enterprise target storage data, and classifying the data according to the degree of security risk. This can be evaluated based on factors such as sensitivity of the data, access control settings, encryption level, etc., resulting in security risk gradient data such as high risk data, medium risk data, low risk data, etc.
Step S2: collecting a security audit log of an enterprise data storage to obtain security event log data; performing attack evolution mining analysis on the enterprise data storage according to the security event log data to obtain attack mode prediction data;
Specifically, for example, a security audit log function may be configured and enabled to log data stores of an enterprise. This may include access logs, modification logs, exception event logs, and the like. The security audit log records operations and events to memory, such as file access, rights changes, suspicious behavior, and the like. The collected security event log data is analyzed and parsed to identify potential security events. This may include abnormal access, unauthorized operation, malware activity, etc. And carrying out attack evolution mining analysis according to the security event log data so as to identify an attack mode and a strategy of an attacker. This may be achieved by analyzing patterns of attack, targets, exploit patterns, etc. And generating attack mode prediction data according to the result of the attack evolution mining analysis.
Step S3: dynamic access control authority planning is carried out on the enterprise target storage data according to the security risk gradient data, and access control authority configuration data are obtained; performing intelligent block storage on the enterprise target storage data according to the access control authority configuration data and the real-time storage space allocation data to obtain an enterprise data block management matrix;
Specifically, for example, a dynamic access control policy may be formulated based on security risk gradient data. And distributing proper access rights to different users or roles according to the security risk level of the data. The high risk data may set more stringent access rights while the low risk data may set more relaxed access rights. And generating access control authority configuration data according to the dynamic access control authority planning. Such data includes identity information of the user or character, scope and restrictions of access rights, etc. And according to the real-time storage space allocation data and the access control authority configuration data, performing intelligent block storage on the enterprise target storage data. By dividing the data into blocks and performing block management according to the access rights, the security and efficiency of the data can be improved. This may determine the blocking policy based on factors such as the type of data, importance, and access frequency.
Step S4: performing behavior analysis simulation on the enterprise data storage according to the attack mode prediction data based on the enterprise data block management matrix to obtain virtual attack behavior data; performing intelligent defense strategy optimization iterative operation on the enterprise data storage according to the virtual attack behavior data;
Specifically, for example, behavioral analysis simulation may be performed based on the enterprise data block management matrix and attack pattern prediction data. And simulating the behavior of an attacker, and simulating the attack behavior of the attacker on the enterprise data storage according to the attack mode prediction data. This may include attempting an intrusion, attacking a particular block of data, stealing sensitive data, etc. And generating virtual attack behavior data according to the behavior analysis simulation result. The data record the information of the behavior, the attack target, the attack mode and the like of the simulated attacker. And according to the virtual attack behavior data, performing optimization iteration on the intelligent defense strategy of the enterprise data storage. And according to the result of the simulated attack, evaluating the current defending strategy and adjusting the current defending strategy to improve the defending capability on the potential attack. This may include enhancing access control, enhancing encryption measures, improving intrusion detection systems, etc.
Step S5: the method comprises the steps of performing security situation awareness monitoring on an enterprise data storage, and performing access trace recording on illegal personnel access when illegal personnel access is detected, so as to obtain illegal access behavior data; and sending the illegal access behavior data to all personnel in a preset safety response team member list.
Specifically, security situational awareness monitoring may be performed, for example, by monitoring access and activity of enterprise data stores in real time. This may include monitoring the user's login behavior, the time and location of data access, abnormal access patterns, etc. And detecting access behaviors of illegal personnel through a preset security situation awareness monitoring system. This can determine whether or not it is illegally accessed by comparing login information, access rights, behavior patterns, and the like. If the system detects access activity by an illegal person, a subsequent action will be triggered. When illegal personnel access is detected, the access trace record is carried out on the illegal access. This includes recording key information such as the time of illegal access, the source IP address, the destination data accessed, etc. The purpose of the access trace record is for subsequent investigation and evidence collection. And generating illegal access behavior data according to the access trace record. Such data includes details of illegitimate access, such as the identity of the visitor, access time, access behavior, etc. The illegitimate access behaviour data provides a comprehensive understanding of illegitimate access behaviour. And sending the illegal access behavior data to all personnel in a preset safety response group member list. This may be accomplished through a secure notification system, email, or instant messaging tool. The security response team members will receive the alert or notification to take appropriate security measures in time, including further investigation, tracking of attackers, fix vulnerabilities, etc.
The invention can know the space allocation condition of the enterprise data storage in real time by carrying out storage space detection analysis on the enterprise data storage, and the information comprises the used space, the available space and the like. This helps to improve the utilization efficiency of storage resources and reduce the waste of storage space. By acquiring enterprise target storage data, comprehensive knowledge of enterprise key data can be established, and basic data can be provided for subsequent security risk classification and access control authority planning. And the enterprise target storage data is subjected to storage security risk classification, and the security level of the data can be classified according to the sensitivity, importance and risk level of the data. This helps to determine the security level of the different data and provides guidance for subsequent access control rights planning. By collecting the security audit log of the enterprise data store, log data of security events can be recorded and collected in time. This helps to discover potential security threats and attack behaviors, providing underlying data for subsequent attack pattern predictions and security responses. And carrying out attack evolution mining analysis according to the security event log data, so that the mode and behavior rule of an attacker can be identified, and the possible attack mode is predicted. This helps to take corresponding security defense strategies in advance, reducing security risks and losses. And carrying out dynamic access control authority planning on enterprise target storage data according to the security risk gradient data, and distributing proper access authorities for each user or role according to the security level and access requirements of different data. This helps to increase the security of the data, preventing unauthorized access and accidental disclosure. And according to the access control authority configuration data and the real-time storage space allocation data, performing intelligent block storage on the enterprise target storage data. This helps to improve the storage efficiency and access speed of data while reducing redundant storage of data. And performing behavior analysis simulation on the enterprise data storage based on the enterprise data block management matrix and the attack pattern prediction data. The method is helpful for simulating and evaluating the influence of different attack modes on the enterprise data storage, and provides basis for optimization and iteration of security defense strategies. And performing intelligent defense strategy optimization iterative operation on the enterprise data storage according to the virtual attack behavior data. This helps to continuously improve and boost the effectiveness of the defense strategy and enhance the resistance to attacks. The security situation awareness monitoring is carried out on the enterprise data storage, so that the security situation of the storage can be monitored in real time. This facilitates timely discovery of access actions and security events by illegal personnel for timely adoption of corresponding security response measures. When illegal personnel access is detected, access trace records are carried out on the illegal personnel access. This helps to collect evidence and understand the behavior of the attacker, providing support for security investigation and traceability. And sending the illegal access behavior data to all personnel in a preset safety response group member list. This helps to timely notify personnel and initiate corresponding security response measures to protect the security and confidentiality of the enterprise data. The invention can effectively meet the safety requirements of large-scale and high-speed data flow and complex network environment, improve the detection and response capability of safety events and strengthen the discovery and response capability of safety threats.
Preferably, step S1 comprises the steps of:
step S11: carrying out real-time monitoring statistics on an enterprise data storage to obtain storage resource utilization rate data;
In particular, for example, statistics may be monitored in real time for an enterprise data store, and monitoring tools such as Prometheus may be used. Prometaus is deployed on the enterprise's storage server and configured as necessary, including specifying the goals to monitor, setting up data storage paths, etc. In the Prometaus profile, metrics to be monitored, such as memory usage space, read-write speed, I/O requests, etc., are defined. Monitoring index data of the memory is collected periodically and exposed to Prometheus for collection using exporter of Prometheus or custom data collection script. The Prometaus service is started to start collecting and storing monitoring index data.
Step S12: performing storage space allocation calculation on the enterprise data storage according to the storage resource utilization rate data to obtain real-time storage space allocation data;
in particular, for example, automated scripts or specialized storage resource management tools may be used. The storage resource usage data is exported into a computable format, such as a CSV file or database table. The script or programming language (e.g., python) is used to read the storage resource usage data, and data cleansing and preprocessing is performed to ensure the accuracy and consistency of the data. And according to the storage resource allocation strategy and the service requirement of the enterprise, performing storage space allocation calculation by using an algorithm or a rule. This may include allocation according to the needs of different business departments or applications, or prioritization based on factors such as the heat, importance, etc. of the data. And generating real-time storage space allocation data according to the storage space calculation result.
Step S13: acquiring enterprise target storage data;
Specifically, for example, each department and business responsible person related to the enterprise can communicate, and the specific content and range of the target storage data to be acquired are defined. This may include specific files, databases, applications, etc. And determining a data source where the target storage data is located. This may be a file server, database server, cloud storage service, etc. within the enterprise. Ensuring access rights and connection configuration to the data source. And selecting a proper method to extract the target storage data according to the data source type and the access mode. This may include using a database query language (e.g., SQL), API calls, FTP downloads, etc. Appropriate tools are selected to perform the data extraction operation, depending on the requirements of the data source and the extraction method. For example, database management tools, libraries or frameworks of programming languages, specialized ETL (Transform) tools, etc. are used. The extracted data should be validated to ensure accuracy and integrity. The extracted data may be verified by comparing the source data to samples of the extracted data or using a data verification algorithm.
Step S14: carrying out data privacy sensitivity evaluation on the enterprise target storage data to obtain data privacy sensitivity data;
Specifically, for example, various fields and metadata in the target storage data may be analyzed to identify data that may contain sensitive information. This may include personal identification information (e.g., name, address, identification number), financial information, medical health data, etc. A set of evaluation criteria or rules is formulated for determining the sensitivity level of the data. This may include data types, corporate policies, etc. Classifying the target storage data according to the sensitivity evaluation standard, and labeling each data item with a corresponding sensitivity label. For example, data is classified into high sensitivity, medium sensitivity, and low sensitivity levels. The target stored data is scanned and analyzed using a data sensitivity assessment tool or algorithm to determine the sensitivity of the data. This may include methods of sensitive vocabulary matching, statistical analysis, machine learning, etc. And generating data privacy sensitivity data according to the data sensitivity evaluation result. This may be a sensitivity report including information about the sensitivity level, the number and proportion of sensitive fields for each data item.
Step S15: and carrying out storage security risk classification on the enterprise target storage data according to the data privacy sensitivity data to obtain security risk gradient data.
In particular, for example, a set of security risk assessment criteria or rules may be formulated for determining the security risk level of the stored data. This may include sensitivity levels, confidentiality requirements for data, security control measures, and the like. And carrying out security risk classification on the enterprise target storage data according to the security risk assessment standard and the data privacy sensitivity data. Data is classified into different security risk levels, such as high risk, medium risk, and low risk, according to sensitivity level and field tags. And generating security risk gradient data according to the data security risk classification result. This may be a security risk report including information about the security risk level, the number and proportion of risk data for each data item.
The invention can know the resource utilization condition of the enterprise data storage by monitoring and counting the storage resource utilization rate data in real time. The method is beneficial to evaluating the load condition of the memory, optimizing the resource allocation and planning the memory space, and improving the memory efficiency and performance. The storage space may be dynamically allocated by performing storage space allocation calculations based on the storage resource usage data. This helps to rationally utilize storage resources, avoid wasting and shortage of resources, and ensure security and availability of data. The enterprise target storage data is acquired for further analysis and assessment of the security risk of the data. This helps to understand the data storage of the enterprise and provides the underlying data for subsequent security risk assessment and management. By performing a data privacy sensitivity assessment on enterprise target storage data, the sensitivity level of the data may be determined. This helps to identify and protect sensitive data, formulate corresponding security policies and measures, and ensure privacy and compliance of the data. And according to the data privacy sensitivity data, carrying out storage security risk classification on the enterprise target storage data, and evaluating the security risk degree of the data. This helps to take different security measures for different levels of data, prioritizing the protection of high risk data, improving the security and protection capabilities of the data.
Preferably, step S14 comprises the steps of:
step S141: acquiring enterprise personnel security rating data;
In particular, for example, personnel security rating definitions and criteria within an enterprise may be determined. This may include the definition of different security levels, the type of sensitive information involved, and the associated security requirements. And acquiring auxiliary data related to the personnel security rating in cooperation with the human resource department and the security management department of the enterprise. This may include employee profiles, security approval records, post responsibilities, and the like. And acquiring security rating data of enterprise personnel through communication and investigation with related departments and personnel. This may involve interviews with the person himself, questionnaires, approval records, etc. And integrating the acquired security rating data, and carrying out verification and verification of the data.
Step S142: performing personnel context mining and extraction on enterprise target storage data to obtain personnel operation data, wherein the personnel operation data comprises personnel security data, personnel access frequency data and access behavior data;
Specifically, for example, the data source and storage system in which the target storage data is located may be determined. This may be a file server, database server, application log, etc. within the enterprise. A data access log associated with the target storage data is collected. This may include log-in logs, file access logs, database query logs, and the like. Recording and storage of the data access log is ensured. And selecting a proper data context mining algorithm according to the requirements and the data types. This may include association rule mining, sequence pattern mining, cluster analysis, and the like. And analyzing and mining the target storage data and the data access log by applying the selected data context mining algorithm. And extracting personnel operation data, including personnel security data, personnel access frequency data and access behavior data.
Step S143: performing content deep learning extraction on enterprise target storage data to obtain enterprise implicit sensitive data;
specifically, for example, a sample set of enterprise target storage data may be prepared, which may be text data, image data, audio data, or other forms of data. It is ensured that the sample set contains data types and characteristics of interest to the enterprise. And selecting a proper deep learning model according to the data type and the task requirement. For example, for text data, a Recurrent Neural Network (RNN) or a transducer model may be selected for use; for image data, a Convolutional Neural Network (CNN) model may be optionally used. The selected deep learning model is trained using the prepared sample set. The method involves the steps of preprocessing data, constructing a model, adjusting parameters and the like. During the training process, proper loss functions and optimization algorithms are required to be selected, and proper model evaluation and optimization are performed. And extracting the content of the enterprise target storage data by using the trained deep learning model. This may be keyword extraction of text data, object recognition of image data, emotion analysis of audio data, and the like. The extracted data may be considered implicitly sensitive data. Integrating the extracted implicit sensitive data, and cleaning and processing the data.
Step S144: carrying out semantic perception analysis on the enterprise implicit sensitive data to obtain enterprise data privacy semantic feature data;
specifically, for example, an appropriate semantic analysis technique may be selected according to the data type and analysis requirements. This may include Natural Language Processing (NLP) techniques, image recognition techniques, audio processing techniques, and the like. And analyzing the enterprise implicit sensitive data by applying the selected semantic analysis technology. The method can be used for carrying out emotion analysis, theme extraction and entity identification on text data, carrying out content classification and image description generation on image data, carrying out voice emotion analysis on audio data and the like. Words and terms related to privacy are identified and extracted according to privacy policies, privacy agreements, and related criteria of the business. This may include personal identity information, business secrets, financial data, and the like. For example, a vocabulary related to privacy is extracted by a keyword extraction algorithm. And integrating the extracted enterprise data privacy semantic feature data.
Step S145: performing access level evaluation on the enterprise target storage data according to the enterprise personnel security rating data, the operator security data and the personnel access frequency data to obtain enterprise data access level data;
Specifically, for example, enterprise personnel security rating data, operator security data, and personnel access frequency data may be prepared. Such data may include employee security ratings, role and rights information, and employee access frequency to different data types. And formulating an access level standard according to the security policy and the data management requirement of the enterprise. This may be a set of rules and guidelines determined based on the sensitivity of the data, privacy requirements, and accessibility. And carrying out access level assessment on the enterprise target storage data according to the prepared data and the access level standard. This involves determining the access level for each datum based on factors such as personnel rating, operator rating, and access frequency. The access level of each data is recorded and associated with the corresponding data. This may be a data table or database containing data identifiers and corresponding access levels.
Step S146: and carrying out data privacy sensitivity assessment on the enterprise target storage data according to the enterprise data privacy semantic feature data and the enterprise data access grade data to obtain data privacy sensitivity data.
Specifically, for example, data privacy sensitivity criteria may be formulated in accordance with privacy policies, regulatory requirements, and business requirements of an enterprise. This may be a set of rules and guidelines regarding data sensitivity, privacy risk, etc. And carrying out data privacy sensitivity assessment on the enterprise target storage data according to the prepared data and the data privacy sensitivity standard. This involves combining the enterprise data privacy semantic feature data with the enterprise data access level data to determine the privacy sensitivity of each data. The privacy sensitivity of each data is recorded and associated with the corresponding data. This may be a data table or database containing data identifiers and corresponding privacy sensitivities.
The security level and the access authority of personnel in the enterprise can be known by acquiring the enterprise personnel security rating data. This helps to take corresponding security measures for personnel of different security classes, ensuring that the access and use of data meets security requirements. And through personnel context mining and extraction, personnel operation data including personnel security data, personnel access frequency data and access behavior data can be obtained. The method is helpful for knowing the access behavior and frequency of personnel to the target storage data, and provides basis for subsequent privacy sensitivity evaluation and access level evaluation. Implicit sensitive data in enterprise target storage data can be identified and extracted through content deep learning extraction. This helps to discover and protect sensitive data that may exist by the enterprise, enhancing privacy protection and security management of the data. Through semantic perception analysis, further semantic analysis and feature extraction can be performed on the enterprise implicit sensitive data. This helps to understand in depth the privacy implications and sensitivity of the data, providing more accurate data characteristic data for subsequent privacy sensitivity assessment. By performing access level assessment based on the enterprise personnel security rating data, the operator security rating data, and the personnel access frequency data, the access level of the different data may be determined. This helps to limit and manage access rights to the data, ensures that the data is only accessed by authorized personnel, and enhances confidentiality and security of the data. The sensitivity level of the data may be assessed by performing a data privacy sensitivity assessment based on the enterprise data privacy semantic feature data and the enterprise data access level data. This helps determine the protection requirements and measures of sensitive data, enhancing the privacy protection and compliance of the data.
Preferably, step S15 comprises the steps of:
step S151: performing sensitivity level classification on the data privacy sensitivity data according to a preset privacy risk level standard to obtain privacy risk level data, wherein the privacy risk level data is at least one of low risk data, medium risk data and high risk data;
Specifically, for example, a set of privacy risk level criteria may be formulated, including an assessment index for different data types and sensitivities. For example, the amount of personal identity information contained in the contract, the degree of business confidentiality in the project file, salary and compliance requirements in the employee information, and the like. And using a defined standard, namely a preset privacy risk level standard, classifying the data privacy sensitivity data according to a defined evaluation index, for example, assuming that the interval of sensitivity is [0,1], the data of sensitivity in the interval [0,0.3] is low risk data, the data of sensitivity in the interval (0.3, 0.6) is low risk data, the data of sensitivity in the interval (0.6,1) is low risk data, and judging in which interval the data privacy sensitivity data is, so as to obtain the privacy risk level data corresponding to the data privacy sensitivity data.
Step S152: carrying out quantitative evaluation on the data leakage risk value of the enterprise target storage data to obtain quantitative data of the data leakage risk value; comparing the quantized data of the data leakage risk value with a preset data leakage critical risk value;
Specifically, for example, a set of data leakage risk assessment indicators may be defined, including factors such as data sensitivity, likely reputation loss, regulatory compliance, and the like. These indicators will be used to quantify the value of assessing the risk of data leakage. Using the defined evaluation index, the company performs quantitative evaluation of the data leakage risk value on the collected data. Evaluating potential loss of data leakage may be to corporate reputation. Considering the type of data leaked and the size of the leakage, the customer trust loss and negative media exposure that may result, etc. The risk of regulatory compliance and potential fines that may result from leaking data is assessed. Taking into account the requirements in terms of data protection regulations and contractual agreements. And carrying out quantitative evaluation on the data leakage risk value of each data type according to the evaluation index. Quantitative or qualitative methods may be used to convert the results of the different assessment indicators into risk value quantitative data. And comparing the quantized data of the data leakage risk value with a preset data leakage critical risk value. The company can determine a preset critical risk value of data leakage according to the situation and risk tolerance, namely an acceptable maximum risk value.
Step S153: when the data leakage risk value quantification data is larger than or equal to a preset data leakage critical risk value, and the privacy risk level data is low risk data or medium risk data, upgrading the privacy risk level data into high risk data;
Specifically, for example, for each privacy risk level data, its current risk level is checked. And comparing the quantized data of the data leakage risk value with a preset data leakage critical risk value, and judging whether the judging condition is met. And if the judging condition is met, upgrading the current low risk data or medium risk data into high risk data.
Step S154: when the quantized data of the data leakage risk value is smaller than the preset critical risk value of the data leakage, the privacy risk level data is kept unchanged;
Specifically, for example, the data leakage risk value quantified data may be compared with a preset data leakage critical risk value to determine whether the determination condition is satisfied. If the judging condition is met, no operation is needed, and the privacy risk level data is kept unchanged.
Step S155: and carrying out storage security risk classification on the enterprise target storage data according to the updated privacy risk level data or the privacy risk level data to obtain security risk gradient data.
Specifically, for example, the privacy risk level data is upgraded to high risk data, or remains unchanged. And storing security risk classification for each data set according to the updated privacy risk level data or the privacy risk level data. Security risk ratings may be defined according to company internal regulations or industry standards, such as low risk, medium risk, and high risk. And associating each data set with the updated privacy risk level data or the privacy risk level data to determine the corresponding privacy risk level. And distributing each data set to a corresponding storage security risk level according to the specification of a company or industry standard to obtain security risk gradient data.
The data privacy sensitivity data are classified into different privacy risk levels by classifying the data privacy sensitivity data. This helps to classify and manage data, and corresponding security control and protection measures are taken for data of different risk levels. By carrying out quantitative evaluation on the data leakage risk value of the enterprise target storage data, the risk degree of data leakage can be quantified. The data leakage risk value is compared with the preset data leakage critical risk value, so that whether the data leakage risk exceeds the preset critical value or not is facilitated to be determined, and therefore the safety of the data is judged. And when the data leakage risk value quantified data exceeds a preset critical value and the privacy risk level data is low risk or medium risk, upgrading the privacy risk level data into high risk data. This helps to identify and process potentially high risk data in a timely manner, improving the security and privacy level of the data. When the data leakage risk value quantification data does not exceed a preset critical value, the privacy risk level data is kept unchanged. This helps to avoid unnecessary upgrades to the lower risk data, saves resources and effort, and ensures the focus and protection of high risk data. And carrying out storage security risk classification on the enterprise target storage data according to the updated privacy risk level data or the privacy risk level data. The method is favorable for subdividing and classifying the data, determining the safety risk degree of the stored data and providing basis for the establishment of safety control and protection measures.
Preferably, step S2 comprises the steps of:
step S21: collecting a security audit log of an enterprise data storage to obtain security event log data;
Specifically, for example, it may be assumed that a company owns a plurality of data stores including databases, file servers, cloud storage, and the like. A suitable security audit log collection tool is selected to monitor and record security events for the data store. These tools may be commercial products or open source solutions such as SIEM (security information and event management) systems, log management tools, etc. The data store is configured to ensure that critical security events are logged and collected according to the requirements and functions of the selected security audit log collection tool. Configuration may include enabling audit log functions, defining log levels, selecting event types to monitor, and the like. The security audit log collection tool will begin monitoring and recording security events occurring on the data store. These events may include login attempts, file accesses, system configuration changes, etc. The security event log data will be collected and stored in an audit log database or log file.
Step S22: carrying out historical attack target file analysis on the security event log data to obtain historical attacked file data;
Specifically, for example, historical security event log data may be obtained from a security audit log collection tool or log storage system. The data may be stored in log files, database records, or other formats. The security event log data is cleaned and preprocessed to remove extraneous log entries, format data, and retain information related to the attack activity. The cleaning process may be accomplished using a log analysis tool, a programming script, or a data cleaning tool. And identifying and extracting target file information related to the attack activities according to the historical security event log data. These target files may be files under attack, tampered or deleted files, malicious files, etc. And recording the historical attack target file data obtained by analysis from the security event log data. The record may include information on file path, file name, attack type, attack time, etc.
Step S23: performing influence diffusion deep learning on the historical attacked file data to obtain a historical risk propagation rule map;
Specifically, for example, the history attacked file data obtained from step S22 is used as input data. Such data includes information about the files under attack, such as file path, file name, type of attack, time of attack, etc. A suitable impact diffusion depth learning model may be selected to analyze the historical attacked file data. These models may be deep learning based graph neural network models such as graph roll-up network (GCN), graph annotation force network (GAT), etc. Preprocessing the historical attacked file data to construct an input format suitable for the deep learning model. Preprocessing may include converting file data into graph structures, encoding file attributes, constructing connection relationships between files, and so forth. And training the diffusion-affected deep learning model by using the preprocessed historical attacked file data as a training set. In the training process, the model learns the relation among files and the risk propagation rule. And predicting and deducing the historical attacked file data by using the trained influence diffusion deep learning model to obtain a historical risk propagation rule map. The atlas may represent the influence relationship between different documents, the risk propagation path, and the risk level of the documents.
Step S24: performing historical attack behavior transformation analysis on the security event log data to obtain a historical attack evolution track map;
Specifically, for example, the security event log data obtained from step S21 is used as input data. Such data includes information about security events that have occurred, such as event type, event time, attacker IP address, attack pattern, etc. An appropriate attack-behavior-transition-analysis model may be selected to analyze the historical security event log data. These models may be models based on machine learning or statistical analysis, such as cluster analysis, time series models, and the like. And training an attack behavior transition analysis model by using the security event log data as a training set. The model will learn the evolution and change patterns of the attack behavior. And analyzing and predicting the historical security event log data by using a trained attack behavior transformation analysis model to obtain a historical attack evolution track map. The atlas can show the relation, evolution rule and strategy change of the attacker among different attack behaviors.
Step S25: carrying out time sequence association mining on the historical risk propagation rule patterns and the historical attack evolution track patterns to obtain security event knowledge patterns;
specifically, for example, a suitable time-series associative mining algorithm may be selected to analyze the relationship between the historical risk propagation law pattern and the historical attack evolution trace pattern. These algorithms may be graph data mining-based methods, such as graph neural network-based time-series associative mining models. Preprocessing a historical risk propagation rule map and a historical attack evolution track map to construct an input format suitable for a time sequence association mining algorithm. Preprocessing may include encoding of graph data, node feature extraction, time series alignment, and the like. And training a time sequence association mining model by using the preprocessed historical risk propagation rule spectrum and the historical attack evolution track spectrum as training sets. The model will learn the time sequence association law between the atlases and the evolution mode of the event. And analyzing and predicting the historical risk propagation rule patterns and the historical attack evolution track patterns by using the trained time sequence association mining model to obtain the security event knowledge patterns. The atlas may show the relevance, timing relationship, and importance of events between different events.
Step S26: and carrying out attack evolution mining analysis on the enterprise data storage according to the security event knowledge graph to obtain attack mode prediction data.
Specifically, for example, a suitable attack evolution mining algorithm may be selected to analyze the security event knowledge graph to discover the evolution pattern and law of attack. These algorithms may be methods based on graph data mining and timing analysis, such as evolution prediction models based on graph neural networks. And training an attack evolution mining model by using the security event knowledge graph as a training set. The model will learn the evolution patterns and rules between security events, as well as the attack patterns associated with the enterprise data store. And analyzing and predicting the enterprise data storage by using the trained attack evolution mining model to obtain attack mode prediction data. These data may reveal policies and methods that an attacker may take to predict future attack patterns that may occur.
The invention can acquire the security event log data containing the security event information by collecting the security audit log of the enterprise data storage. This helps the enterprise monitor and record the occurrence of various security events, providing a data base for subsequent analysis and response. By performing historical attack target file analysis on the security event log data, file data with historical attack can be identified and extracted. The method is helpful for enterprises to know the targets of attackers and the key field of attack, and provides guidance for formulating corresponding security policies and protection measures. By performing influence diffusion deep learning on the history attacked file data, the history risk propagation law can be analyzed and learned. This helps enterprises to understand the propagation paths, the scope of influence and the diffusion modes of attacks, and provides references and bases for predicting and preventing future attacks. By carrying out historical attack behavior transition analysis on the security event log data, the evolution and change trend of the attack behavior can be revealed. This helps enterprises understand the evolution of the policies and means of the attacker, providing guidance and revenues for identifying new attacks and timely coping. And (3) establishing a security event knowledge graph by carrying out time sequence association mining on the historical risk propagation rule graph and the historical attack evolution track graph. This helps the enterprise understand the association and evolution process between attack events, provides prediction and prevention capabilities for future attacks, and provides references for security decisions and responses. By performing an attack evolutionary mining analysis on the enterprise data store based on the security event knowledge graph, possible attack patterns can be predicted and identified. This helps enterprises discover and cope with new attacks early, improves the security protection ability, and protects the security of the data and information assets of the enterprises.
Preferably, step S3 comprises the steps of:
Step S31: acquiring professional literacy evaluation data of enterprise personnel;
In particular, for example, professional literacy assessment criteria can be determined that are appropriate for an enterprise, including literacy indicators in terms of technology, expertise, communication capabilities, team cooperation, and the like, related to the enterprise business. Suitable occupational literacy assessment methods are selected, such as interviews, questionnaires, pen trials, and the like. And selecting a proper assessment method to obtain professional literacy assessment data of the personnel according to the requirements and the scale of the enterprise. And evaluating enterprise personnel according to the determined occupational literacy evaluation standard and method, and collecting evaluation data. Assessment may be performed by interview, questionnaire, or other suitable means to obtain a person's score or feedback on different literacy indicators. The collected occupational literacy assessment data is collated and analyzed. Data analysis tools or software can be used to make statistics and visualizations of the data to better understand the professional literacy level and characteristics of the personnel. And feeding back the occupational literacy assessment result to corresponding personnel, and making a training plan, personnel adjustment or other measures according to the assessment result so as to improve the occupational literacy level of the personnel and provide references for talent management and development of enterprises.
Step S32: carrying out risk classification on the enterprise target storage data according to the security risk gradient data to obtain classified enterprise target storage data;
Specifically, for example, a suitable risk peer classification method may be selected, such as a risk assessment model-based, a machine learning-based classification algorithm, or the like. And selecting a proper method to classify the risk level of the target storage data according to the requirements and the data scale of the enterprise. And analyzing and classifying the collected security risk gradient data by using a selected risk peer classification method. Different target storage data are classified into different risk levels according to risk peer classification criteria, such as high risk, medium risk, low risk, and the like.
Step S33: dynamic access control authority planning is carried out on the enterprise target storage data according to the enterprise personnel occupation literacy evaluation data and the hierarchical enterprise target storage data, so that access control authority configuration data are obtained;
Specifically, for example, the enterprise personnel career literacy assessment data can be associated with access control rights. And determining the access rights of the personnel to the target storage data of different levels according to the professional literacy level of the personnel. For example, a person with a high literacy may gain a higher level of access, while a person with a lower literacy may gain only a lower level of access. And determining corresponding access control rights according to the risk level of the target storage data of the hierarchical enterprise. The high risk data should have more stringent access control rights, while the low risk data may have more relaxed rights. And associating the target storage data of the hierarchical enterprise with the corresponding access control authority to ensure that the access of the data meets the safety requirement. And carrying out dynamic access control authority planning according to the association of the enterprise personnel occupation literacy evaluation data and the hierarchical enterprise target storage data. And determining the access rights of each person to different data levels according to the literacy level of the person and the risk level of the target storage data. This planning should take into account the actual needs of the enterprise to ensure that access control to the data is both secure and efficient. And generating access control authority configuration data according to the dynamic access control authority planning. The configuration data should include a detailed description of each person or character's access rights to different data levels. These configuration data may be used to implement access control policies and ensure that only authorized personnel may access the corresponding level of targeted storage data.
Step S34: and performing intelligent block storage on the enterprise target storage data according to the hierarchical enterprise target storage data, the access control authority configuration data and the real-time storage space allocation data to obtain an enterprise data block management matrix.
Specifically, for example, hierarchical enterprise target storage data may be associated with access control rights configuration data. And determining which data can be accessed by which personnel according to the risk level and the access authority of the data. Real-time storage allocation data associated with the enterprise target storage data is collected. Such data may include information such as capacity of storage space, usage, performance metrics, etc., as well as locations and distribution of different data blocks. And performing intelligent block storage on the enterprise target storage data according to the hierarchical enterprise target storage data, the access control authority configuration data and the real-time storage space allocation data by using an intelligent block storage algorithm or an intelligent block storage model. The algorithm can divide the data into proper blocks according to the characteristics and access modes of the data and reasonably allocate the data into the storage space. And generating an enterprise data block management matrix according to the result of the intelligent block storage algorithm. The matrix records information such as the position, the size, the access authority and the like of the data blocks so as to facilitate subsequent data access and management.
According to the invention, the literacy of the skill level, the professional knowledge, the safety consciousness and other aspects of the enterprise staff can be estimated and known by acquiring the professional literacy evaluation data of the enterprise staff. The method helps enterprises to determine the security sensitivity and risk awareness degree of staff, and provides basis for subsequent security training and awareness improvement. By classifying the enterprise target storage data according to the security risk gradient data in a risk level manner, the enterprise target storage data can be classified and divided according to the risk level. This helps the enterprise identify and differentiate the importance and sensitivity of the stored data, providing a basis for subsequent access control and data management. By dynamically accessing and controlling authority planning on the enterprise target storage data according to the enterprise personnel occupation literacy assessment data and the hierarchical enterprise target storage data, the access authority can be reasonably configured according to the personnel literacy and the risk level of the data. This helps to ensure that only authorized personnel can access the corresponding data, improving the security and confidentiality of the data. By intelligently storing the enterprise target storage data in blocks according to the hierarchical enterprise target storage data, the access control authority configuration data and the real-time storage space allocation data, the data can be divided into appropriate blocks and managed. This helps to improve the storage efficiency, access speed, and management flexibility of data while reducing waste and redundancy of storage space.
Preferably, step S34 includes the steps of:
step S341: acquiring resource configuration parameters of an enterprise server;
Specifically, for example, configuration information for enterprise servers may be collected, including server model, CPU type and number, memory capacity, hard disk type and capacity, network bandwidth, and the like. Such information may be obtained by looking at the hardware specifications of the server, operating system configuration, or communicating with the IT team. Or use a system performance monitoring tool to obtain more detailed server resource configuration parameters. These tools may provide real-time server performance monitoring data including CPU usage, memory usage, disk IO speed, network bandwidth utilization, etc. The real-time running state and the resource utilization condition of the server can be obtained through the monitoring tool.
Step S342: I/O performance evaluation is carried out on the enterprise storage server according to the resource allocation parameters of the enterprise server and the real-time storage space allocation data, so that storage I/O reference data are obtained;
In particular, for example, enterprise server resource configuration parameters may be associated with storage space allocation data. And determining a storage server to be evaluated according to the use condition of the storage space and the position of the data block to be accessed. An appropriate I/O performance assessment tool is selected to perform performance assessment on the storage server. These tools can simulate different I/O loads and provide relevant performance metrics such as throughput, response time, IOPS, etc. Common assessment tools include FIO, iometer, and the like. And performing I/O performance evaluation on the storage server according to the selected evaluation tool and the evaluation requirement. And setting evaluation parameters such as load type, concurrency number, data block size and the like according to actual conditions. And executing an evaluation process and recording an evaluation result. And generating memory I/O reference data according to the result of the I/O performance evaluation. Such data may include performance metrics such as throughput, response time, IOPS, etc. of the memory, as well as performance of the memory under different loading conditions.
Step S343: carrying out thermal data identification on the target storage data of the classified enterprises to obtain a data heat distribution map;
Specifically, for example, information about the enterprise target storage data may be collected, including data type, access frequency, access time stamp, and the like. Such information may be obtained through access logs, monitoring tools, or communication with business departments. Classifying and grading the data according to the collected data information. Data can be generally classified into hot data (frequently accessed data) and cold data (less accessed data) according to the frequency of use of the data. Algorithms or rules may be used to automatically classify, or manual classification may be performed according to business requirements. Based on the results of the data classification and ranking, thermal data is identified. Thermal data typically has a high access frequency and importance, which plays a critical role in business operation. Thermal data may be identified using data analysis tools and algorithms, such as access frequency based analysis, machine learning models, and the like. And generating a data heat distribution map according to the result of the heat data identification. The map may visually show the degree of heat of different data, for example using a thermodynamic diagram or a histogram. The map can help enterprises to know the heat distribution condition of stored data and provide references for subsequent data management and optimization.
Step S344: performing peer data quantity estimation on target storage data of the hierarchical enterprise to obtain peer data quantity prediction data;
In particular, for example, information about the enterprise target storage data may be collected, including data type, data size, storage location, and the like. Such information may be obtained through management tools of the storage system, storage reports, or communication with business departments. Classifying and grading the data according to the collected data information. The data can be classified according to the type of the data, the service requirement, the access mode and other factors. For example, data may be classified into core traffic data, auxiliary traffic data, history data, and the like. An estimate of the amount of data is made for each data level. The method can be estimated according to historical data and business requirements, and factors such as the growth trend of the data, the storage period, the data generation rate and the like are considered. The data volume estimation may be performed using statistical methods, regression analysis, or estimation models based on business rules. And generating the data quantity prediction data of the same level according to the data quantity estimation result. The forecast data may include the amount of data and the trend of growth for each data level. The prediction data may be presented in the form of tables, charts, or reports for subsequent storage planning and resource provisioning.
Step S345: heterogeneous storage resource arrangement selection is carried out on target storage data of the hierarchical enterprise according to the data heat distribution map, the memory I/O reference data and the peer data quantity prediction data, so that a hierarchical storage resource allocation scheme is obtained;
Specifically, for example, the heat of the stored data may be analyzed according to a data heat distribution map. Based on the heat distribution, it is determined which data belongs to hot data, cold data or warm data (access frequency is intermediate between hot data and cold data). Performance indicators of different storage resources, such as throughput, response time, IOPS, etc., are analyzed based on the storage I/O reference data. Knowing the performance characteristics and limitations of the different storage resources. And predicting the data according to the data quantity of the same level, and predicting the storage requirements of different data levels. The data amount of each level is expected in consideration of factors such as the increasing trend of data, the storage period, the data generation rate, and the like. And selecting heterogeneous storage resources suitable for different data levels according to analysis results such as data heat, memory I/O performance, peer data volume and the like. May include high performance memory (e.g., solid state disk), capacity memory (e.g., disk array), cloud storage, and the like. And according to the service requirements and the characteristics of the storage resources, scheduling and selecting the storage resources. And generating a hierarchical storage resource allocation scheme according to the heterogeneous storage resource selection result. The scheme may include details of the type, amount, capacity allocation, etc. of storage resources. Ensuring that each data level has the appropriate storage resource support to meet the business and performance requirements.
Step S346: and performing intelligent block storage on the enterprise target storage data according to the access control authority configuration data and the hierarchical storage resource allocation scheme to obtain an enterprise data block management matrix.
Specifically, for example, a data blocking policy may be designed according to access control rights configuration data and a tiered storage resource allocation scheme. And storing the data blocks to corresponding storage resources according to the access rights and the access modes of the data. The partitioning strategy design can be performed according to factors such as data size, type, access frequency and the like. And according to the designed data partitioning strategy, the enterprise target storage data is intelligently partitioned and stored. And storing the data to the corresponding storage resources in a block mode according to the data block strategy. And ensuring the security, availability and performance requirements of the data. And generating an enterprise data block management matrix according to the intelligent block storage result. The matrix may record information such as storage location, access rights, size, etc. of each data block. The method is beneficial to tracking and managing the blocking condition of the enterprise storage data, and improves the data access efficiency and management effect.
The invention can know the information such as hardware specification, performance parameter and storage capacity of the enterprise server by acquiring the resource allocation parameter of the enterprise server. This helps to evaluate the capabilities and limitations of the server, providing a basis for subsequent performance evaluation and resource allocation. The input/output performance of the memory may be measured by performing an I/O performance assessment on the storage server based on the enterprise server resource configuration parameters and the real-time storage space allocation data. The method is helpful for knowing the read-write speed, response time and processing capacity of the memory, and provides basis for subsequent memory resource arrangement and performance optimization. By performing hot data identification on the hierarchical enterprise target storage data, the heat of the data, namely the access frequency and importance of the data, can be determined. This helps to know which data is accessed frequently and requires a quick response, providing guidance for subsequent storage resource allocation and data management. By performing peer data volume estimation on the hierarchical enterprise target storage data, the amount and growth trend of the same level of data can be predicted. The method is helpful for knowing the scale and the storage requirement of different levels of data, and provides basis for subsequent storage resource allocation and capacity planning. By carrying out heterogeneous storage resource arrangement selection on target storage data of a hierarchical enterprise according to a data heat distribution map, storage I/O reference data and peer data quantity prediction data, data with different heat and access requirements can be reasonably distributed to different types of storage resources. This helps to improve storage efficiency and performance, optimizing storage resource utilization and cost effectiveness. By intelligently storing the enterprise target storage data in blocks according to the access control authority configuration data and the hierarchical storage resource allocation scheme, the data can be divided into blocks and managed according to the access requirements and authorities of the blocks. This helps to improve the access efficiency, security and manageability of data, providing a flexible data storage management policy for the enterprise.
Preferably, step S345 includes the steps of:
Step S3451: performing peer heat stratification on the hierarchical enterprise target storage data based on the data heat distribution map to obtain a peer heat stratified enterprise data set;
Specifically, for example, the heat distribution condition of the enterprise target storage data can be known according to the data heat distribution map. The map can display information such as access frequency, access times, access time length and the like of different data. And carrying out peer-level heat stratification on the enterprise target storage data according to the analysis result of the data heat distribution map. The data are classified into high heat, medium heat and low heat levels according to heat index of the data. And combining the data with the same heat level into a same-level heat layered enterprise data set according to the result of the same-level heat layering. Each data set contains data of the same heat level, so that the subsequent capacity planning and data volume prediction are convenient.
Step S3452: carrying out capacity planning on each heat level of the same-level heat layered enterprise data set according to the same-level data quantity prediction data to obtain each heat level data quantity prediction data;
specifically, for example, analysis of data volume predictions may be performed for peer heat hierarchical enterprise data sets. The total data volume and data growth trend of each peer heat stratification data set is known. And carrying out capacity planning on the data volume of each heat layer according to the data volume prediction data of the same level. And predicting the data quantity of each heat level according to the data growth trend and the storage period of different heat levels. And generating data quantity prediction data of each heat layer according to the result of capacity planning. The data volume prediction data may reflect the data volume size of each hotlevel for subsequent storage resource allocation and data management decisions.
Step S3453: performing I/O performance requirement estimation on the data quantity prediction data of each heat level according to the memory I/O reference data to obtain I/O performance requirement data of each heat level;
Specifically, for example, the data amount size of each heat layer may be analyzed from the heat layer data amount prediction data. The I/O performance requirements for each thermal layer are estimated based on the memory I/O reference data and the thermal layer data amount prediction data. By comparing the amount of data to the I/O performance metrics of the memory, the I/O performance requirements of each thermal layer can be estimated. And generating I/O performance requirement data of each heat layer according to the I/O performance requirement estimation result. These data may reflect the level of demand for memory input/output performance for each thermal layer.
Step S3454: constructing a storage resource arrangement model based on an intelligent agent, inputting data quantity prediction data of each hot layer and I/O performance requirement data of each hot layer into the storage resource arrangement model based on the intelligent agent to carry out heterogeneous storage resource self-adaption matching and distribution, and obtaining a heterogeneous storage resource distribution strategy; forming an initial hierarchical storage resource allocation scheme by using the heterogeneous storage resource allocation strategy;
Specifically, for example, each storage layer may be considered as an agent, and the heterogeneous storage resource pool is used as an operating environment of the agent. And then, designing a state space, and comprehensively considering multidimensional factors such as a data heat layer, available storage resource types, residual storage space, I/O loads and the like as a state representation of the intelligent agent. Meanwhile, a behavior space is defined for the agent, such as distributing SSD storage for a hot data layer, distributing cloud storage for a warm data layer, and the like. The framework also needs to design a reward function throughout the whole process for guiding the agent to act towards the optimal target, for example giving a positive reward when read-write delay is small and storage cost is low, and conversely giving a negative penalty. Based on the state space, the behavior space and the reward function, each agent respectively builds a strategy model by using a deep reinforcement learning algorithm such as a Deep Q Network (DQN), and outputs probability distribution of various behaviors selected in the current state. And finally, each agent interactively selects behaviors according to the current state, simulates a multi-round training process, and gradually converges a strategy model under the guidance of a reward function to obtain an optimal heterogeneous storage resource allocation strategy. And then, taking the predicted data of the data quantity of each heat level and the I/O performance requirement data of each heat level as inputs, and providing the data quantity predicted data and the I/O performance requirement data of each heat level for a storage resource arrangement model based on the intelligent agent. And carrying out self-adaptive matching and distribution of heterogeneous storage resources by using the input data quantity prediction data and the I/O performance demand data based on the storage resource arrangement model of the intelligent agent. The model can consider factors such as the type, capacity, performance and the like of the storage resources, and match and allocate the storage resources in an optimal manner so as to meet the requirements of each heat level. And generating a heterogeneous storage resource allocation strategy according to the matching and allocation result based on the storage resource arrangement model of the intelligent agent. The policy describes the type, capacity, and configuration of storage resources required for each hotlevel, and the association between storage resources. The heterogeneous storage resource allocation policy is converted into an initial tiered storage resource allocation scheme. The scheme details the storage resource allocation scheme of each hotness layer, including information of the storage type, capacity, position and the like.
Step S3455: virtual intelligent block storage is carried out on the enterprise target storage data according to the initial hierarchical storage resource allocation scheme, and a virtual enterprise data block management matrix is obtained;
Specifically, for example, the initial hierarchical storage resource allocation scheme may be analyzed to learn the storage resource allocation condition of each hotlevel, including the storage type, capacity, location, and the like. And designing a virtual intelligent block storage scheme, wherein the scheme stores the enterprise target storage data in blocks according to an initial hierarchical storage resource allocation scheme. The block storage can be divided according to the characteristics and the heat of the data, and the data blocks with different heat layers are stored on corresponding storage resources. And performing actual block storage operation on the enterprise target storage data according to the designed virtual intelligent block storage scheme. This may involve partitioning the data according to a predefined block size and mapping each data block onto a corresponding storage resource. And generating a virtual enterprise data block management matrix according to the actual block storage result. The matrix describes the hotness layer and storage resources to which each data block belongs, and the association between the data blocks.
Step S3456: performing data pressure simulation calculation on the enterprise storage server based on the virtual enterprise data block management matrix to obtain server pressure response simulation data;
Specifically, for example, the virtual enterprise data block management matrix may be analyzed to understand the heat level and storage resources to which each data block belongs, and the association relationship between the data blocks. A data pressure simulation computing scheme is designed, which simulates the pressure applied to an enterprise storage server in processing data based on a virtual enterprise data block management matrix. The pressure may include the frequency, concurrency, etc. of data read-write requests. And according to the designed data pressure simulation calculation scheme, performing actual data pressure simulation calculation on the enterprise storage server. This may involve simulating the generation and transmission of data read-write requests, as well as simulating the response behavior of the server. Based on the result of the data pressure simulation calculation, server pressure response simulation data is generated. These data may reflect the response behavior of the server, such as read-write latency, throughput, etc., at different data pressures. Or using a server pressure response prediction calculation formula to perform data pressure simulation calculation;
step S3457: comparing the server pressure response simulation data with a preset server pressure threshold, and returning to the step S354 for rearrangement when the server pressure response simulation data is greater than or equal to the preset server pressure threshold;
Specifically, for example, a preset server pressure threshold may be set according to actual requirements and system performance requirements. This threshold may be adjusted according to traffic requirements and hardware capabilities. And comparing the acquired server pressure response simulation data with a preset server pressure threshold. If the server pressure response simulation data is greater than or equal to a preset server pressure threshold, the server pressure exceeds the range that the system can withstand. And returning to the step S354 to re-arrange the layered storage resources when the server pressure response simulation data is greater than or equal to a preset server pressure threshold. This may involve re-evaluating the data for warmth and optimizing the block storage policy to better accommodate the server's pressure.
Step S3458: and when the server pressure response simulation data is smaller than a preset server pressure threshold value, taking the initial hierarchical storage resource allocation scheme as a hierarchical storage resource allocation scheme.
Specifically, for example, the acquired server pressure response simulation data may be compared with a preset server pressure threshold. If the server pressure response simulation data is less than the preset server pressure threshold, the server pressure response simulation data indicates that the server pressure is within an acceptable range. And taking the initial hierarchical storage resource allocation scheme as a final hierarchical storage resource allocation scheme. This means that the initial protocol is suitable at the current pressure and no rearrangement is required.
According to the method, the data can be layered according to the heat degree by carrying out peer heat degree layering on the target storage data of the hierarchical enterprise based on the data heat degree distribution map, and the frequently accessed hot data and the infrequently accessed cold data can be distinguished. This helps to better understand the access patterns and requirements of the data, providing a basis for subsequent capacity planning and performance requirement estimation. The capacity requirement of the data in each heat level can be predicted by planning the capacity of each heat level of the same-level heat level hierarchical enterprise data set according to the predicted data of the same-level data amount. The method is helpful for knowing the data scale of different heat layers and provides basis for subsequent storage resource allocation and capacity planning. By performing I/O performance requirement estimation on each hot layer data amount prediction data according to memory I/O reference data, I/O access requirements of different hot layer data can be estimated. The method is helpful for knowing the read-write load and performance requirements of the data of different heat layers, and provides basis for subsequent storage resource arrangement and performance optimization. By constructing a storage resource arrangement model based on an intelligent agent and combining data quantity prediction data of each hot layer and I/O performance requirement data of each hot layer, self-adaptive matching and distribution of heterogeneous storage resources can be performed. This helps to distribute the data of different heat levels to the appropriate storage resources according to the characteristics and requirements of the data, achieving better performance and resource utilization efficiency. By virtually intelligent block storage of enterprise target storage data according to an initial hierarchical storage resource allocation scheme, the data can be divided into blocks and managed according to the characteristics and requirements of the blocks. This helps to improve the access efficiency, security and manageability of data, providing a flexible data storage management policy for the enterprise. By performing data pressure simulation calculation on the enterprise storage server based on the virtual enterprise data block management matrix, access conditions of different data blocks can be simulated, and pressure response capability of the server can be evaluated. This helps to understand the performance of the storage system under actual workload, providing basis for subsequent performance optimization and resource adjustment. The load condition of the server can be detected and judged by comparing the server pressure response simulation data with a preset server pressure threshold value. When the server pressure response simulation data is greater than or equal to a preset server pressure threshold value, the server pressure response simulation data indicates that the load of the server is too high, and arrangement and allocation of storage resources are required to be carried out again so as to avoid performance degradation and system failure. And when the server pressure response simulation data is smaller than a preset server pressure threshold value, the server load is indicated to be within an acceptable range. At this time, the initial hierarchical storage resource allocation scheme is used as a hierarchical storage resource allocation scheme, so that the existing storage resource allocation can be maintained, unnecessary resource reallocation is avoided, and the resource utilization efficiency is improved.
Preferably, in step S3456, the data pressure simulation calculation is performed on the enterprise storage server through a server pressure response prediction calculation formula based on the virtual enterprise data block management matrix, where the server pressure response prediction calculation formula is as follows:
wherein P is a predicted value of server pressure response, T is a time length from the beginning of observation to the current time, T is time, V is total data processed in the time T, R is the number of requests received in unit time, C is the utilization rate of a CPU of the server, M is the utilization rate of a memory of the server, N is the utilization rate of a network bandwidth of the server, e is a base of natural logarithm, L is a load balancing coefficient, and Δt is a time difference of two continuous observations.
The invention constructs a server pressure response prediction calculation formula, in which, the calculation formula is formed by Considering the total amount of data V processed during time T and the number of requests R received per unit time, and the cumulative impact of the periodic changes in server CPU utilization C and server memory utilization M on server pressure, this integration can provide an overall impact assessment over a period of time, which is critical to understanding and predicting the performance of the server during continuous operation. It can help quantify the maximum pressure that the server may encounter in a particular time and provide an early warning for possible performance bottlenecks. Through the accumulated effect evaluation of the integral items, the information security system can be helped to monitor the performance of the server in real time, and the continuity of data processing and network communication is ensured. The attenuation of the utilization rate N of the network bandwidth of the server along with the time deltat and the influence of the load balancing coefficient L on the attenuation speed are reflected by N.e -L·Δt. The exponential decay term can predict changes in network bandwidth usage, which is useful for dynamically allocating network resources to cope with high speed data traffic. Exponential decay can simulate the real world decay process and can help understand how network bandwidth usage has a diminishing impact on server pressure over time. This is very useful for long-term planning of network resources of servers, especially when predicting high traffic events and avoiding network congestion. The formula provides a comprehensive perspective to predict the pressure response of the server. It combines a number of dynamically changing parameters and their cumulative effects over time to help understand the dynamic changes in server performance under different operating conditions. Such predictions are of great significance for resource planning and performance optimization of the server, and can help administrators formulate more efficient resource allocation policies to cope with different workloads and usage scenarios. Such a model is very beneficial for maintaining stable operation of the server and improving efficiency, and it can reduce the risk of unexpected downtime, ensure continuity of service and user satisfaction. The formula can predict the performance of the server under different workloads, provide early warning for information security management and help identify potential security risks.
Preferably, the present invention also provides a big data based information security management and monitoring system for executing the big data based information security management and monitoring method as described above, the big data based information security management and monitoring system comprising:
The risk classification module is used for carrying out storage space detection analysis on the enterprise data storage to obtain real-time storage space allocation data; acquiring enterprise target storage data; carrying out storage security risk classification on enterprise target storage data to obtain security risk gradient data;
The attack mode prediction module is used for carrying out security audit log acquisition on the enterprise data storage to obtain security event log data; performing attack evolution mining analysis on the enterprise data storage according to the security event log data to obtain attack mode prediction data;
The intelligent block storage module is used for carrying out dynamic access control authority planning on the enterprise target storage data according to the security risk gradient data to obtain access control authority configuration data; performing intelligent block storage on the enterprise target storage data according to the access control authority configuration data and the real-time storage space allocation data to obtain an enterprise data block management matrix;
the defense optimization module is used for performing behavior analysis simulation on the enterprise data storage based on the enterprise data block management matrix according to the attack mode prediction data to obtain virtual attack behavior data; performing intelligent defense strategy optimization iterative operation on the enterprise data storage according to the virtual attack behavior data;
The security situation monitoring and responding module is used for performing security situation sensing monitoring on the enterprise data storage, and performing access trace recording on illegal personnel access when illegal personnel access is detected to obtain illegal access behavior data; and sending the illegal access behavior data to all personnel in a preset safety response team member list.
According to the invention, through the risk classification module, the system can analyze the storage space and classify the security risk of the enterprise data storage, and provide real-time storage space distribution data and security risk gradient data for the enterprise. This helps the enterprise to know the use of storage space and security risk level, so that information security risk management can be performed more effectively. Through the attack mode prediction module, the system can collect security event log data and conduct attack evolution mining analysis to predict potential attack modes. This enables the enterprise to learn about possible attacks in advance and take corresponding precautions to reduce or avoid potential security threats. The intelligent block storage module can conduct dynamic access control authority planning and intelligent block storage on enterprise target storage data according to the security risk gradient data and the real-time storage space distribution data. This helps to optimize the storage structure of data, improve the storage efficiency and the data access speed, and ensure the security and privacy protection of the data. The defense optimization module optimizes iterative operation through behavior analysis simulation and intelligent defense strategies, and can conduct behavior analysis and optimize the defense strategies on the enterprise data storage based on the enterprise data block management matrix and attack mode prediction data. The enterprise can better know the safety state of the system, timely take defending measures and continuously improve the defending capability of the system. The security situation monitoring and responding module can perform security situation sensing monitoring on the enterprise data storage, records illegal access behavior data when illegal personnel access is detected, and sends the illegal access behavior data to all personnel in a preset security response team member list. This helps to discover and deal with illegal accesses in time, protecting the security of enterprise data. In summary, the method and the system can improve the information security management capability of enterprises, predict and prevent attack behaviors, improve the data storage efficiency and security, strengthen the system defense and response capability, monitor and respond illegal access in real time, and comprehensively protect the information security of the enterprises.
The present embodiments are, therefore, to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein.
The foregoing is only a specific embodiment of the invention to enable those skilled in the art to understand or practice the invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (10)

1. The information security management and monitoring method based on big data is characterized by comprising the following steps:
Step S1: performing storage space detection analysis on the enterprise data storage to obtain real-time storage space allocation data; acquiring enterprise target storage data; carrying out storage security risk classification on enterprise target storage data to obtain security risk gradient data;
step S2: collecting a security audit log of an enterprise data storage to obtain security event log data; performing attack evolution mining analysis on the enterprise data storage according to the security event log data to obtain attack mode prediction data;
step S3: dynamic access control authority planning is carried out on the enterprise target storage data according to the security risk gradient data, and access control authority configuration data are obtained; performing intelligent block storage on the enterprise target storage data according to the access control authority configuration data and the real-time storage space allocation data to obtain an enterprise data block management matrix;
Step S4: performing behavior analysis simulation on the enterprise data storage according to the attack mode prediction data based on the enterprise data block management matrix to obtain virtual attack behavior data; performing intelligent defense strategy optimization iterative operation on the enterprise data storage according to the virtual attack behavior data;
Step S5: the method comprises the steps of performing security situation awareness monitoring on an enterprise data storage, and performing access trace recording on illegal personnel access when illegal personnel access is detected, so as to obtain illegal access behavior data; and sending the illegal access behavior data to all personnel in a preset safety response team member list.
2. The big data based information security management and monitoring method according to claim 1, wherein the step S1 comprises the steps of:
step S11: carrying out real-time monitoring statistics on an enterprise data storage to obtain storage resource utilization rate data;
step S12: performing storage space allocation calculation on the enterprise data storage according to the storage resource utilization rate data to obtain real-time storage space allocation data;
step S13: acquiring enterprise target storage data;
step S14: carrying out data privacy sensitivity evaluation on the enterprise target storage data to obtain data privacy sensitivity data;
Step S15: and carrying out storage security risk classification on the enterprise target storage data according to the data privacy sensitivity data to obtain security risk gradient data.
3. The big data based information security management and monitoring method according to claim 2, wherein step S14 comprises the steps of:
step S141: acquiring enterprise personnel security rating data;
step S142: performing personnel context mining and extraction on enterprise target storage data to obtain personnel operation data, wherein the personnel operation data comprises personnel security data, personnel access frequency data and access behavior data;
step S143: performing content deep learning extraction on enterprise target storage data to obtain enterprise implicit sensitive data;
step S144: carrying out semantic perception analysis on the enterprise implicit sensitive data to obtain enterprise data privacy semantic feature data;
Step S145: performing access level evaluation on the enterprise target storage data according to the enterprise personnel security rating data, the operator security data and the personnel access frequency data to obtain enterprise data access level data;
Step S146: and carrying out data privacy sensitivity assessment on the enterprise target storage data according to the enterprise data privacy semantic feature data and the enterprise data access grade data to obtain data privacy sensitivity data.
4. The big data based information security management and monitoring method according to claim 2, wherein step S15 comprises the steps of:
step S151: performing sensitivity level classification on the data privacy sensitivity data according to a preset privacy risk level standard to obtain privacy risk level data, wherein the privacy risk level data is at least one of low risk data, medium risk data and high risk data;
step S152: carrying out quantitative evaluation on the data leakage risk value of the enterprise target storage data to obtain quantitative data of the data leakage risk value; comparing the quantized data of the data leakage risk value with a preset data leakage critical risk value;
step S153: when the data leakage risk value quantification data is larger than or equal to a preset data leakage critical risk value, and the privacy risk level data is low risk data or medium risk data, upgrading the privacy risk level data into high risk data;
Step S154: when the quantized data of the data leakage risk value is smaller than the preset critical risk value of the data leakage, the privacy risk level data is kept unchanged;
Step S155: and carrying out storage security risk classification on the enterprise target storage data according to the updated privacy risk level data or the privacy risk level data to obtain security risk gradient data.
5. The big data based information security management and monitoring method according to claim 1, wherein the step S2 comprises the steps of:
step S21: collecting a security audit log of an enterprise data storage to obtain security event log data;
step S22: carrying out historical attack target file analysis on the security event log data to obtain historical attacked file data;
step S23: performing influence diffusion deep learning on the historical attacked file data to obtain a historical risk propagation rule map;
step S24: performing historical attack behavior transformation analysis on the security event log data to obtain a historical attack evolution track map;
Step S25: carrying out time sequence association mining on the historical risk propagation rule patterns and the historical attack evolution track patterns to obtain security event knowledge patterns;
step S26: and carrying out attack evolution mining analysis on the enterprise data storage according to the security event knowledge graph to obtain attack mode prediction data.
6. The big data based information security management and monitoring method according to claim 1, wherein the step S3 comprises the steps of:
Step S31: acquiring professional literacy evaluation data of enterprise personnel;
Step S32: carrying out risk classification on the enterprise target storage data according to the security risk gradient data to obtain classified enterprise target storage data;
Step S33: dynamic access control authority planning is carried out on the enterprise target storage data according to the enterprise personnel occupation literacy evaluation data and the hierarchical enterprise target storage data, so that access control authority configuration data are obtained;
Step S34: and performing intelligent block storage on the enterprise target storage data according to the hierarchical enterprise target storage data, the access control authority configuration data and the real-time storage space allocation data to obtain an enterprise data block management matrix.
7. The method for managing and monitoring information security based on big data according to claim 6, wherein the step S34 comprises the steps of:
step S341: acquiring resource configuration parameters of an enterprise server;
Step S342: I/O performance evaluation is carried out on the enterprise storage server according to the resource allocation parameters of the enterprise server and the real-time storage space allocation data, so that storage I/O reference data are obtained;
Step S343: carrying out thermal data identification on the target storage data of the classified enterprises to obtain a data heat distribution map;
Step S344: performing peer data quantity estimation on target storage data of the hierarchical enterprise to obtain peer data quantity prediction data;
step S345: heterogeneous storage resource arrangement selection is carried out on target storage data of the hierarchical enterprise according to the data heat distribution map, the memory I/O reference data and the peer data quantity prediction data, so that a hierarchical storage resource allocation scheme is obtained;
step S346: and performing intelligent block storage on the enterprise target storage data according to the access control authority configuration data and the hierarchical storage resource allocation scheme to obtain an enterprise data block management matrix.
8. The method for managing and monitoring information security based on big data according to claim 7, wherein the step S345 comprises the steps of:
Step S3451: performing peer heat stratification on the hierarchical enterprise target storage data based on the data heat distribution map to obtain a peer heat stratified enterprise data set;
Step S3452: carrying out capacity planning on each heat level of the same-level heat layered enterprise data set according to the same-level data quantity prediction data to obtain each heat level data quantity prediction data;
step S3453: performing I/O performance requirement estimation on the data quantity prediction data of each heat level according to the memory I/O reference data to obtain I/O performance requirement data of each heat level;
Step S3454: constructing a storage resource arrangement model based on an intelligent agent, inputting data quantity prediction data of each hot layer and I/O performance requirement data of each hot layer into the storage resource arrangement model based on the intelligent agent to carry out heterogeneous storage resource self-adaption matching and distribution, and obtaining a heterogeneous storage resource distribution strategy; forming an initial hierarchical storage resource allocation scheme by using the heterogeneous storage resource allocation strategy;
step S3455: virtual intelligent block storage is carried out on the enterprise target storage data according to the initial hierarchical storage resource allocation scheme, and a virtual enterprise data block management matrix is obtained;
step S3456: performing data pressure simulation calculation on the enterprise storage server based on the virtual enterprise data block management matrix to obtain server pressure response simulation data;
step S3457: comparing the server pressure response simulation data with a preset server pressure threshold, and returning to the step S354 for rearrangement when the server pressure response simulation data is greater than or equal to the preset server pressure threshold;
step S3458: and when the server pressure response simulation data is smaller than a preset server pressure threshold value, taking the initial hierarchical storage resource allocation scheme as a hierarchical storage resource allocation scheme.
9. The method for information security management and monitoring based on big data according to claim 8, wherein in step S3456, the data pressure simulation calculation is performed on the enterprise storage server based on the virtual enterprise data block management matrix through a server pressure response prediction calculation formula, where the server pressure response prediction calculation formula is as follows:
wherein P is a predicted value of server pressure response, T is a time length from the beginning of observation to the current time, T is time, V is total data processed in the time T, R is the number of requests received in unit time, C is the utilization rate of a CPU of the server, M is the utilization rate of a memory of the server, N is the utilization rate of a network bandwidth of the server, e is a base of natural logarithm, L is a load balancing coefficient, and Δt is a time difference of two continuous observations.
10. A big data based information security management and monitoring system for performing the big data based information security management and monitoring method of claim 1, the big data based information security management and monitoring system comprising:
The risk classification module is used for carrying out storage space detection analysis on the enterprise data storage to obtain real-time storage space allocation data; acquiring enterprise target storage data; carrying out storage security risk classification on enterprise target storage data to obtain security risk gradient data;
The attack mode prediction module is used for carrying out security audit log acquisition on the enterprise data storage to obtain security event log data; performing attack evolution mining analysis on the enterprise data storage according to the security event log data to obtain attack mode prediction data;
The intelligent block storage module is used for carrying out dynamic access control authority planning on the enterprise target storage data according to the security risk gradient data to obtain access control authority configuration data; performing intelligent block storage on the enterprise target storage data according to the access control authority configuration data and the real-time storage space allocation data to obtain an enterprise data block management matrix;
the defense optimization module is used for performing behavior analysis simulation on the enterprise data storage based on the enterprise data block management matrix according to the attack mode prediction data to obtain virtual attack behavior data; performing intelligent defense strategy optimization iterative operation on the enterprise data storage according to the virtual attack behavior data;
The security situation monitoring and responding module is used for performing security situation sensing monitoring on the enterprise data storage, and performing access trace recording on illegal personnel access when illegal personnel access is detected to obtain illegal access behavior data; and sending the illegal access behavior data to all personnel in a preset safety response team member list.
CN202410326118.7A 2024-03-21 2024-03-21 Information security management and monitoring method and system based on big data Withdrawn CN118133274A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410326118.7A CN118133274A (en) 2024-03-21 2024-03-21 Information security management and monitoring method and system based on big data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410326118.7A CN118133274A (en) 2024-03-21 2024-03-21 Information security management and monitoring method and system based on big data

Publications (1)

Publication Number Publication Date
CN118133274A true CN118133274A (en) 2024-06-04

Family

ID=91240327

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410326118.7A Withdrawn CN118133274A (en) 2024-03-21 2024-03-21 Information security management and monitoring method and system based on big data

Country Status (1)

Country Link
CN (1) CN118133274A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN118656870A (en) * 2024-08-16 2024-09-17 深圳建安润星安全技术有限公司 Enterprise sensitive data security access management method and system

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN118656870A (en) * 2024-08-16 2024-09-17 深圳建安润星安全技术有限公司 Enterprise sensitive data security access management method and system

Similar Documents

Publication Publication Date Title
US11695828B2 (en) System and method for peer group detection, visualization and analysis in identity management artificial intelligence systems using cluster based analysis of network identity graphs
US11818136B2 (en) System and method for intelligent agents for decision support in network identity graph based identity management artificial intelligence systems
US12041056B2 (en) System and method for role mining in identity management artificial intelligence systems using cluster based analysis of network identity graphs
US11962597B2 (en) System and method for outlier and anomaly detection in identity management artificial intelligence systems using cluster based analysis of network identity graphs
Templ et al. Statistical disclosure control for micro-data using the R package sdcMicro
US11196775B1 (en) System and method for predictive modeling for entitlement diffusion and role evolution in identity management artificial intelligence systems using network identity graphs
US20210136120A1 (en) Universal computing asset registry
US11671435B2 (en) Process for automated investigation of flagged users based upon previously collected data and automated observation on a go-forward basis
CN118133274A (en) Information security management and monitoring method and system based on big data
CN109388949B (en) Data security centralized management and control method and system
Wall et al. A Bayesian approach to insider threat detection
Folino et al. An ensemble-based framework for user behaviour anomaly detection and classification for cybersecurity
Afshar et al. Incorporating behavior in attribute based access control model using machine learning
CN111865899A (en) Threat-driven cooperative acquisition method and device
Gupta et al. FedMUP: Federated learning driven malicious user prediction model for secure data distribution in cloud environments
Barb et al. A statistical study of the relevance of lines of code measures in software projects
KR20040104853A (en) Risk analysis system for information assets
Savenkov et al. Methods of machine learning in system abnormal behavior detection
Dey et al. Daemon: dynamic auto-encoders for contextualised anomaly detection applied to security monitoring
Beaver et al. An approach to the automated determination of host information value
CN118536093B (en) Data security tracing method, system and device based on artificial intelligence
US12107869B1 (en) Automated quantified assessment, recommendations and mitigation actions for enterprise level security operations
Mittelstadt et al. Assessing Provenance and Bias in Big Data
Zhu et al. Establishment of response evaluation model and empirical study of risk in enterprise threat intelligence
CN118656870A (en) Enterprise sensitive data security access management method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20240604