KR102651594B1 - Content security system for securing multimedia files - Google Patents

Abstract

The present invention relates to a content security system for multimedia file security that receives multimedia files from a recipient and a sender, performs security operations by applying a security policy set to the received multimedia files, and then transmits them to the recipient.

Description

Content security system for securing multimedia files}

The present invention relates to a content security system for multimedia file security. More specifically, the present invention relates to a content security system for multimedia file security, and more specifically, to receive multimedia files from a recipient and a sender, perform security operations by applying a set security policy to the received multimedia files, and then transmit them to the recipient. This relates to a content security system for multimedia file security.

Nowadays, most companies are building in-house networks for work efficiency.

Since the in-house network is frequently used by a large number of users, in addition to the active content required by users, various harmful active content or codes such as maliciously planted viruses or ransomware (hereinafter collectively referred to as 'harmful active content') are stored within the in-house network. It is transmitted at a very rapid rate.

Therefore, companies that have built in-house networks consider various security systems to protect the in-house network from harmful active content.

Active content can spread quickly by being distributed in a multimedia file (e.g. Word file, PDF document, picture file, PPT file, Excel file, image file, etc.) containing information needed by users. Therefore, it is necessary to introduce a security system for multimedia files.

Multimedia files can mainly come from e-mail, website downloads, recording media such as USB memory, and computers connected to the company network (including personal PCs, smartphones, and server computers). Accordingly, various security measures optimized for each reception path of multimedia files have been established. For example, the reception path through email is equipped with email security measures to handle spam mail or emails containing malicious code, the reception path through website downloads is equipped with an antivirus, and the reception path through recording media is equipped with media security measures. Control means are provided. Additionally, a network separation means may be provided in the receiving path between computers.

When active content is embedded in a multimedia file, the antivirus checks whether the active content is harmful through pattern matching of the active content, but this method cannot detect variants or new malicious programs.

In addition, when a multimedia file does not directly contain a malicious program and the user views the multimedia file using a macro, etc., if the malicious program is downloaded and executed by the macro, the harmfulness of the multimedia file is detected based on the pattern. It is difficult to do, and these attacks continuously function as new threats because they take on new forms just by manipulating macro code, so it is difficult to respond with pattern matching alone.

So a tool called SandBox appeared. The sandbox determines whether the active content embedded in the multimedia file operates in a virtual environment in a protected area to determine whether the active content is harmful through its behavior. However, harmful active content developed recently is programmed to operate only in the real environment and not in the virtual environment, so the sandbox has reached a state where it is no longer possible to protect the company network from malicious programs planted in multimedia files. In other words, intelligent malware gradually evolves by determining when a virtual environment is running, stopping its attack actions accordingly to avoid detection, or exploiting vulnerabilities in essential programs (e.g. Java). There is. In addition, since it is a virtual environment and it takes some time to perform operations, the sandbox is not used as a standalone security solution, but only to the extent of complementing existing security solutions.

However, some of the multimedia files (e.g. Excel files, PPT files, etc.) have active content (executable functions included in the multimedia file such as macros, scripts, OLE Objects, etc.) depending on the creator's needs for convenience of viewing or use. , elements, etc.) are installed, but if the active content needed by the user is deleted by CDR, the user will not be able to properly view or use the multimedia file.

And because the multimedia files selectively go through various security means such as antivirus or CDR for each of the various receiving channels of the multimedia files, only incomplete security for the multimedia files is implemented for each receiving channel. Accordingly, as content management and content security management become more complex, security becomes vulnerable, making it highly likely that the company's network will be exposed to intrusions by deadly and harmful active content.

Meanwhile, the above-mentioned background technology is technical information that the inventor possessed for deriving the present invention or acquired in the process of deriving the present invention, and cannot necessarily be said to be known technology disclosed to the general public before filing the application for the present invention. .

Korean Patent No. 10-2262680

One aspect of the present invention provides a content security system for securing multimedia files, which receives multimedia files from a recipient and a sender, performs security operations by applying a set security policy to the received multimedia files, and then transmits them to the recipient.

The technical problem of the present invention is not limited to the technical problem mentioned above, and other technical problems not mentioned will be clearly understood by those skilled in the art from the description below.

A content security system for multimedia file security according to an embodiment of the present invention receives multimedia files from a recipient and a sender, performs security operations by applying a set security policy to the received multimedia files, and then transmits them to the recipient.

The content security system for multimedia file security is

A receiving unit that receives multimedia files and incoming/outgoing information from security means provided on paths coming from various receiving or transmitting sources;

a selection unit for selecting a security task to be applied to the multimedia file according to a security policy set for the multimedia file received by the receiving means;

at least one security unit that performs a security operation selected by the selection means on the corresponding multimedia file;

an executing unit that executes the security means to perform a security operation selected by the selection means on the corresponding multimedia file; and

It includes a sending unit that transmits the multimedia file for which a security operation has been performed by the security means to a security means provided on a path from the various recipients or senders.

The security department said,

The security requirement score is calculated for each multimedia file using the following equation, and only multimedia files whose calculated security requirement score is higher than a preset standard value are selectively encrypted.

[Equation]

Here, S is the security requirement score, w_p is the first weight set differently for each type of multimedia file, g is the second weight set in proportion to the size of the multimedia file, v_s is the reference value set for each type of multimedia file, and v_k is The size value of the keyword embedding vector set in the multimedia file requiring security requirement calculation, v_a is the average size value of the keyword embedding vectors set in each of the other multimedia files included in the same category as the multimedia file requiring security requirement calculation. , r is the number of files included in the same category as the multimedia file for which security score calculation is required, and tr is the weight set for each recipient terminal that transmitted the multimedia file.

According to one aspect of the present invention described above, the reliability of content security can be improved by performing security operations on multimedia files received through various paths, and security can be improved by selectively performing security operations on multimedia files according to a set security policy. Required resources and time can be reduced.

1 is a diagram illustrating a schematic configuration of a content security system for multimedia file security according to an embodiment of the present invention.

The detailed description of the present invention described below refers to the accompanying drawings, which show by way of example specific embodiments in which the present invention may be practiced. These embodiments are described in sufficient detail to enable those skilled in the art to practice the invention. It should be understood that the various embodiments of the present invention are different from one another but are not necessarily mutually exclusive. For example, specific shapes, structures and characteristics described herein may be implemented in one embodiment without departing from the spirit and scope of the invention. Additionally, it should be understood that the location or arrangement of individual components within each disclosed embodiment may be changed without departing from the spirit and scope of the invention. Accordingly, the detailed description that follows is not intended to be taken in a limiting sense, and the scope of the invention is limited only by the appended claims, together with all equivalents to what those claims assert, if properly described. Similar reference numbers in the drawings refer to identical or similar functions across various aspects.

Hereinafter, preferred embodiments of the present invention will be described in more detail with reference to the drawings.

Figure 1 is a diagram illustrating a schematic configuration of a content security system for multimedia file security according to an embodiment of the present invention.

The content security system for multimedia file security according to the present invention is characterized in that it receives multimedia files from a recipient and a sender, performs security operations by applying a set security policy to the received multimedia files, and then transmits them to the recipient.

To this end, the content security system for multimedia file security according to the present invention is characterized by being implemented in a file management server.

Specifically, the content security system for multimedia file security according to an embodiment of the present invention implemented in a file management server includes a receiving unit 110, a selection unit 120, a security unit 130, an execution unit 140, and a sending unit ( 150).

The receiving unit 110 receives multimedia files and incoming/outgoing information from mail security means, antivirus, media control means, and network separation means provided in the path coming from each of the various receiving destinations.

The selection unit 120 selects a security task to be applied to the multimedia file according to a security policy set for the multimedia file received by the receiving unit 110 and determines processing for the multimedia file.

The security unit performs the security task selected by the selection unit on the corresponding multimedia file.

In one embodiment, the security department calculates a security requirement score for each multimedia file using Equation 1 below.

[Equation 1]

Here, S is the security requirement score, w_1 is the first weight set differentially for each type of multimedia file, w_2 is the second weight set in proportion to the size of the multimedia file, v_s is the reference value set for each category of multimedia file, and v_k is The size value of the keyword embedding vector set in the multimedia file requiring security requirement calculation, v_a is the average size value of the keyword embedding vectors set in each of the other multimedia files included in the same category as the multimedia file requiring security requirement calculation. , r is the number of files included in the same category as the multimedia file for which security score calculation is required, and tr is the weight set for each recipient terminal that transmitted the multimedia file.

The method of expressing words in the form of dense vectors is called word embedding, and this dense vector is also called an embedding vector because it is the result of the word embedding process.

Word embedding methodologies include LSA, Word2Vec, FastText, and Glove. Embedding(), a tool provided by Keras, does not use the methods mentioned above, but converts words into dense vectors with random values and then learns the word vectors in the same way as learning the weights of an artificial neural network. Use the method. Therefore, the embedding vector is expressed as a real value.

In this way, the security department calculates the security requirement score for each multimedia file, encrypts and manages multimedia files whose calculated security requirement scores are higher than a preset standard value, and manages multimedia files with a security requirement score lower than the standard value without a separate encryption process. do. In this way, the resources and time required for security work can be reduced by selectively performing security work on multimedia files according to the set security policy.

The execution unit controls the security means to perform the security task selected by the selection unit on the corresponding multimedia file.

The transmitter transmits the multimedia file for which security work has been performed by the security department to the various recipients or security means provided on the path from the transmitter.

Meanwhile, in Equation 1 above, the weight tr set for each recipient terminal that transmitted the multimedia file can be calculated as follows.

[Equation 2]

Here, tr is the weight set for each recipient terminal that transmitted the multimedia file, p is the total number of times the recipient terminal transmitted the multimedia file, m is the number of multimedia files encrypted by the security department among the multimedia files transmitted by the recipient terminal, q is the average rating received from other terminals for multimedia files transmitted by the recipient terminal, and b is a weight set according to the user's credit rating.

For example, when p is 10, m is 5, q is 4, and b is 7, tr is calculated to be a value of about 3.3, and the security department sets the weights differently for each user terminal using the above-mentioned equation 2, The security reliability of multimedia files can be improved.

In some other embodiments, the system according to the present invention may further include a data collection unit that analyzes keywords set for each multimedia file and manages the multimedia files by classifying them by type.

In order to recognize classification data in text form, the data collection unit can construct a neural network that learns learning data using the Word2Vec algorithm and extracts context information about the input data.

The Word2Vec algorithm may include a neural network language model (NNLM). A neural network language model is basically a neural network consisting of an input layer, projection layer, hidden layer, and output layer. Neural network language models are used to vectorize words. Since the neural network language model is a known technology, a more detailed description will be omitted.

The Word2vec algorithm is for text mining and is an algorithm that determines proximity by looking at the front and back relationships between each word. The Word2vec algorithm is an unsupervised learning algorithm. As the name indicates, the Word2vec algorithm can be a quantitative technique that expresses the meaning of words in vector form. The Word2vec algorithm can express each word as a vector in a space of about 200 dimensions. Using the Word2vec algorithm, you can obtain the vector corresponding to the word for each word.

The Word2vec algorithm can enable dramatic improvements in precision in the field of natural language processing compared to other conventional algorithms. Word2vec can learn the meaning of words using the relationships between words and adjacent words in sentences in the input corpus. The Word2vec algorithm is based on an artificial neural network and starts from the premise that words with the same context have close meanings. The Word2vec algorithm learns through text documents, and for one word, other words that appear nearby (about 5 to 10 words before or after it) are taught to the artificial neural network as related words. Because words with related meanings are likely to appear close together in a document, two words may have increasingly closer vectors during repeated learning.

The learning methods of the Word2vec algorithm include the CBOW (Continuous Bag Of Words) method and the skip-gram method. The CBOW method predicts the target word using the context created by surrounding words. The skip-gram method predicts words that may come nearby based on one word. The skip-gram method is known to be more accurate in large datasets.

Therefore, in the embodiment of the present invention, the Word2vec algorithm using the skip-gram method is used. For example, if learning is successfully completed through the Word2vec algorithm, similar words can be located nearby in a high-dimensional space. According to the Word2vec algorithm as described above, the closer the distribution of surrounding words in a learning document is, the more similar the calculated vector values can be, and words with similar calculated vector values can be considered similar. Since the Word2vec algorithm is a known technology, detailed descriptions related to vector value calculation will be omitted.

The data collection unit 210 may input text extracted from image data received from the worker terminal 100 into a neural network to extract an evaluation result vector value representing context information.

The data collection unit 210 may calculate the similarity between the evaluation result vector value and each of the plurality of reference vector values, and extract the reference vector value with the highest similarity to the evaluation result vector value among the plurality of reference vector values. At this time, Euclidean distance, cosine similarity, Tanimoto coefficient, etc. may be adopted as similarity calculation methods.

The data collection unit 210 may extract the word corresponding to the reference vector value with the highest similarity to the evaluation result vector value as the word corresponding to the recognized text.

Additionally, the data collection unit 210 can train an artificial neural network, and can also use a trained artificial neural network. The processor can train or execute an artificial neural network stored in memory, and the memory can store a trained artificial neural network. The electronic device that trains the artificial neural network and the electronic device that uses it may be the same, but may also be separate. Artificial intelligence is a computer system that implements some of the functions of the human brain and can learn, guess, and make decisions on its own. As learning progresses, the probability of extracting an answer may increase. Artificial intelligence can be composed of learning and elemental technologies using it. Artificial intelligence learning is an algorithmic technology that classifies and learns features based on input data, and elemental technologies may be technologies that implement some of the functions of the human brain using learning algorithms.

Artificial intelligence is a technology that makes it easy to approach problems that can have multiple answers probabilistically, and can logically and probabilistically infer the optimal cycle, method, and plan according to any input data. Artificial intelligence's inference technology can include judging input data, optimization predictions, knowledge and probability-based reasoning, and preference-based planning.

Artificial neural network is one of the learning algorithms in the machine learning field and is a program that implements the connection between neurons and synapses in the brain. Artificial neural networks can be created through a program to create a neural network structure and then learn it to have the desired function. Although there may be errors, it is possible to learn based on huge data and output appropriate output data with input data. It has the advantage of being able to obtain output data with statistically good results and being similar to human reasoning.

The data collection unit 210 can build a query/metric dataset required for learning using an artificial intelligence algorithm built on big data, and may include a number of artificial neural networks that have been trained in advance for this purpose.

In this embodiment, the relay server may include a number of pre-trained artificial neural networks to perform machine learning algorithms. With machine learning, you can output output data based on input data and use the results to learn on your own, which can improve your own data processing ability. Artificial neural networks can extract features based on input data, infer regularities, and output result data. As this process accumulates, the reliability of the result data increases.

In this embodiment, the artificial neural network may be an algorithm that outputs text data from at least one of the feature data of the shape, length, number, and elevation difference of an object recognized as text. Artificial neural networks can infer the best output data using big data as input data or after going through a processing process to organize unnecessary data.

ve Bayes Classifier, Hidden Markov Model, K-Means Clustering 등이 사용될 수 있다.Depending on the type of learning, artificial intelligence machine learning models include Super Viser Learning, UnSuper Viser Learning, Semisupervised Learning, and Reinforcement Learning. And machine learning algorithms include Decision Tree, K-Nearest Nearest Bor, Artificial Neural Network, Support Vector Machine, Ensemble Learning, Gradient Descent, Na

ve Bayes Classifier, Hidden Markov Model, K-Means Clustering, etc. can be used.

The artificial neural network may be pre-trained on various input values that may be included in the input data. An artificial neural network may be an artificial neural network that is learned according to reinforcement learning, one of the learning methods. Reinforcement learning is a method of gradually increasing the probability of obtaining the correct result by setting rewards and limits. Artificial neural networks can also be modeled based on Convelutional Neural Networks (CNNs) or Recurrent Neural Networks (RNNs).

In this way, the data collection unit can extract measurement data from the inspection results collected in the form of images during the facility inspection process using big data and artificial neural networks.

As such, the technology according to the present invention may be implemented as an application or in the form of program instructions that can be executed through various computer components and recorded on a computer-readable recording medium. The computer-readable recording medium may include program instructions, data files, data structures, etc., singly or in combination.

The program instructions recorded on the computer-readable recording medium may be those specifically designed and configured for the present invention, or may be known and usable by those skilled in the computer software field.

Examples of computer-readable recording media include magnetic media such as hard disks, floppy disks and magnetic tapes, optical recording media such as CD-ROMs and DVDs, and magneto-optical media such as floptical disks. media), and hardware devices specifically configured to store and perform program instructions, such as ROM, RAM, flash memory, etc.

Examples of program instructions include not only machine language code such as that created by a compiler, but also high-level language code that can be executed by a computer using an interpreter or the like. The hardware device may be configured to operate as one or more software modules to perform processing according to the invention and vice versa.

Although the above has been described with reference to embodiments, those skilled in the art will understand that various modifications and changes can be made to the present invention without departing from the spirit and space of the present invention as set forth in the following patent claims. You will be able to.

110: receiving unit
120: selection part
130: Security Department
140: Execution department
150: Transmitter unit

Claims (3)

In the content security system for multimedia file security, which receives multimedia files from a recipient and a sender, performs security operations by applying a set security policy to the received multimedia files, and then transmits them to the recipient,
The content security system for multimedia file security,
A receiving unit that receives multimedia files and incoming/outgoing information from security means provided on paths coming from various receiving or transmitting means;
a selection unit that selects a security task to be applied to the multimedia file according to a security policy set for the multimedia file received by the receiving unit;
at least one security unit that performs a security operation selected by the selection unit on the corresponding multimedia file;
an execution unit that executes the security means to perform the security task selected by the selection unit on the corresponding multimedia file; and
It includes a sending unit that transmits the multimedia file for which a security operation has been performed by the security unit to a security means provided on a path from the various receiving or sending sources.
The security department said,
A content security system for multimedia file security that calculates the security requirement score for each multimedia file using the following equation, and selectively encrypts only multimedia files whose calculated security requirement score is higher than a preset standard value.

[Equation]

Here, S is the security requirement score, w_1 is the first weight set differentially for each type of multimedia file, w_2 is the second weight set in proportion to the size of the multimedia file, v_s is the reference value set for each category of multimedia file, and v_k is The size value of the keyword embedding vector set in the multimedia file requiring security requirement calculation, v_a is the average size value of the keyword embedding vectors set in each of the other multimedia files included in the same category as the multimedia file requiring security requirement calculation. , r is the number of files included in the same category as the multimedia file for which security score calculation is required, and tr is the weight set for each recipient terminal that transmitted the multimedia file.

delete delete