TWI520548B - Information System and Its Method of Confidential Data Based on Packet Analysis - Google Patents
Information System and Its Method of Confidential Data Based on Packet Analysis Download PDFInfo
- Publication number
- TWI520548B TWI520548B TW102142385A TW102142385A TWI520548B TW I520548 B TWI520548 B TW I520548B TW 102142385 A TW102142385 A TW 102142385A TW 102142385 A TW102142385 A TW 102142385A TW I520548 B TWI520548 B TW I520548B
- Authority
- TW
- Taiwan
- Prior art keywords
- policy
- confidential
- network
- comparison
- information
- Prior art date
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Description
本發明係一種機密資料攔阻系統及其方法,尤指一種基於封包分析的機密資料攔阻系統及其方法。 The invention relates to a confidential data blocking system and a method thereof, in particular to a confidential data blocking system based on packet analysis and a method thereof.
近年來隨著個人隱私保護意識抬頭,機密資料保護的需求也逐漸上揚。僅就2011年單筆資料遺失事件的損失為214美元,而因資料外洩造成企業平均損失金額為7,200,000美元。我國新版個資法亦將於近期實施,使得個資防護的需求更加重要。因此,如何提供可確實防護並攔阻機密資料外洩之方法乃本領域亟待解決之技術問題。 In recent years, as the awareness of personal privacy protection has risen, the demand for confidential data protection has gradually increased. The loss of a single data loss in 2011 was only $214, and the average loss due to data leakage was $7,200,000. China's new version of the capital law will also be implemented in the near future, making the need for personal protection more important. Therefore, how to provide a method for reliably protecting and blocking the leakage of confidential information is a technical problem to be solved in the field.
而習知之資料外洩防護技術即DLP(Data Lost Prevention)技術,其係係使用代理伺服器的形式進行連線控管。由於其在網路控管方面通常僅限於使用HTTP(s)、SMTP及部分可支援代理伺服器連線的IM(Instant Messaging)軟體,使得此技術之泛用性有所不足。除使用代理伺服器連線方式進行控管,習知技術更有透過封包監控軟體進行管制作業,譬如wiresharkTM等軟體,然而其功能僅能對封包進行監聽、紀錄之作業,而無法達到攔阻功效,使得機密資料仍有外洩之風險。除此之外,當非惡意的使用者未使用代理伺服器連線的方式外洩機密時,現有網路防護技術多半以電子郵件或類似訊息通知方式進行告知,其亦缺乏立即警告使用者的機制,使得在使用者從外洩機密到受到警告之空窗期,將存在有更多機密洩 漏的可能。 The known data leakage prevention technology, DLP (Data Lost Prevention) technology, uses a proxy server to connect and control. Because its network control is usually limited to using HTTP(s), SMTP, and some IM (Instant Messaging) software that supports proxy server connection, the versatility of this technology is insufficient. In addition to the use of proxy server connection for control, the conventional technology is also controlled by the packet monitoring software, such as wireshark TM software, but its function can only monitor and record the packet, but can not achieve the blocking effect. So that confidential information is still at risk of leakage. In addition, when non-malicious users do not use proxy server connection to leak confidential information, the existing network protection technology is mostly notified by email or similar message notification, and it lacks immediate warning users. The mechanism is such that there will be more leakage of confidentiality during the period from the user's confidentiality to the warning window.
另一方面,為確實攔阻機密資料,習知之產品技術更提供在端點機器安裝軟體方式來保護機密資料,以避免在個人電腦上造成機密之外洩。然而端點防護除影響電腦效能外,每次機器人力更動都需重新進行繁複之設定。又個人電腦機型軟體不一,除支援度上有問題,端點機器也時常有防護死角,使得機密外洩之情事無法有效的杜絕。 On the other hand, in order to reliably block confidential information, the known product technology provides software installation on the endpoint machine to protect confidential information to avoid confidentiality on the personal computer. However, in addition to affecting the performance of the computer, the end point protection needs to be re-configured every time the robot force is changed. In addition, the personal computer model has different software. In addition to the problem of support, the endpoint machine often has a protective corner, so that the secret leakage can not be effectively eliminated.
習知技術更提供於網路端對封包進行攔阻,而一般常見的作法是使用防火牆來進行攔阻作業。部分採用防火牆之技術不僅僅看封包表頭,更進一步觀察分析封包內容,並視結果阻擋該封包。如中華民國專利:封包過濾方法及使用該方法之系統SYSTEM AND METHOD FOR PACKET FILTERING(專利號:I312246),即在應用層的角度查看封包,觀看內容是否對應符合其端埠(Port)應有之協定,並決定封包是否可以被傳送。但包含此專利在內,現存防火牆機制尚無法重組該封包對應之連線所傳送的整體資料內容,僅能從單一或少量的封包分析,無法滿足分析機密資料的需求。 The conventional technology provides a network to block the packet, and a common practice is to use a firewall to block the operation. Part of the technology that uses the firewall not only looks at the packet header, but also further analyzes the contents of the packet and blocks the packet depending on the result. For example, the Republic of China patent: packet filtering method and the system using the method SYSTEM AND METHOD FOR PACKET FILTERING (patent number: I312246), that is, viewing the packet from the perspective of the application layer, whether the content of the viewing corresponds to its port (Port) Agreement and decide whether the packet can be delivered. However, including the patent, the existing firewall mechanism can not reorganize the overall data content transmitted by the connection corresponding to the packet, and can only analyze from a single or a small number of packets, and cannot meet the needs of analyzing confidential data.
由此可見,上述習用物品仍有諸多缺失,實非一良善之設計者,而亟待加以改良。本案發明人鑑於上述習用方法所衍生的各項缺點,乃亟思加以改良創新,並經多年苦心孤詣潛心研究後,終於成功研發完成本件基於封包分析的機密資料攔阻方法。 It can be seen that there are still many shortcomings in the above-mentioned household items, which is not a good designer and needs to be improved. In view of the shortcomings derived from the above-mentioned conventional methods, the inventors of the present invention have improved and innovated, and after years of painstaking research, they finally succeeded in researching and developing the confidential data blocking method based on packet analysis.
為解決前揭習知技術之技術問題,本發明之一目的係提供一種機密資料攔阻系統及方法,以便透過封包分析來進行機密資料之攔阻作 業。 In order to solve the technical problem of the prior art, one object of the present invention is to provide a confidential data blocking system and method for intercepting confidential data through packet analysis. industry.
為達上述之目的,本發明係提供一種基於封包分析之機密資料攔阻系統。其包含政策群組派送伺服器、資料分析稽核伺服器以及封包監控交換路由器。政策群組派送伺服器係儲存機密政策資訊,而機密政策資訊係記錄需進行攔阻管制資料之特徵值。資料分析稽核伺服器電性連接政策群組伺服器。而封包監控交換路由器係電性連接資料分析稽核伺服器,封包監控交換路由器更包含了封包分析單元以及網路行為偵測單元。封包分析單元係自內部網路接收複數個網路封包,依據各個網路封包的連線類別來將網路封包設置到複數個網路會談群組其中之一。而網路行為偵測單元則電性連接封包分析單元,並進行一檢測比對。其檢測比對係判斷設置在各個網路會談群組之各個網路封包是否包含內容資訊,並觸發資料分析稽核伺服器進行機密資料比對。而機密資料比對係將前述之網路封包的內容資訊還原為檔案形式與機密政策資訊進行比對。網路行為偵測單元依據機密資料比對結果對所述網路封包進行攔阻管制。 To achieve the above object, the present invention provides a confidential data blocking system based on packet analysis. It includes a policy group dispatch server, a data analysis audit server, and a packet monitoring switch router. The policy group dispatch server stores confidential policy information, while the confidential policy information records the characteristic values of the blocked control data. Data Analysis Audit Server Electrical Connection Policy Group Server. The packet monitoring and switching router is an electrical connection data analysis auditing server, and the packet monitoring switching router further includes a packet analyzing unit and a network behavior detecting unit. The packet analysis unit receives a plurality of network packets from the internal network, and sets the network packet to one of the plurality of network talk groups according to the connection category of each network packet. The network behavior detecting unit is electrically connected to the packet analyzing unit and performs a detection comparison. The detection comparison system determines whether each network packet set in each network talk group contains content information, and triggers the data analysis auditing server to perform confidential information comparison. The confidential information comparison system restores the content information of the aforementioned network packet to the file format and the confidential policy information. The network behavior detecting unit blocks the network packet according to the confidential data comparison result.
為達上述之目的,本發明係提供一種基於封包分析的機密資料攔阻方法,其應用於一種機密資料攔阻系統,並包含下列步驟:首先,自內部網路接收複數個網路封包。接著,依據各個網路封包的連線類別將前述之網路封包設置到複數個網路會談群組其中之一。再者,進行檢測比對,其檢測比對係對設置於在各網路會談群組之各網路封包判斷是否包含內容資訊。接著,再進行機密資料比對,其機密資料比對係將前述之網路封包的內容資訊還原為檔案形式與機密政策資訊進行比對。最後,依據機密資料比對結果對網路封包進行攔阻管制。 To achieve the above objective, the present invention provides a confidential data blocking method based on packet analysis, which is applied to a confidential data blocking system and includes the following steps: First, receiving a plurality of network packets from an internal network. Then, the foregoing network packet is set to one of a plurality of network talk groups according to the connection category of each network packet. Furthermore, a detection comparison is performed, and the detection comparison pair determines whether each of the network packets set in each network talk group includes content information. Then, the confidential data comparison is performed, and the confidential information comparison system restores the content information of the foregoing network packet to the file format and the confidential policy information for comparison. Finally, the network packet is blocked based on the confidential data comparison result.
透過上述之系統與方法來進行配合機密資料分析,管理端可對機密資料外洩事件啟動即時封包攔阻、連線封鎖,以封鎖網路傳送的機密資料。再輔以政策設定,讓網管人員可輕易控管各網段傳送之資料形式及內容以達成機密防護。 Through the above-mentioned system and method for matching confidential data analysis, the management terminal can start the instant packet blocking and connection blocking for the confidential data leakage event to block the confidential information transmitted by the network. Coupled with policy settings, network administrators can easily control the form and content of data transmitted by each network segment to achieve confidential protection.
本發明更提供得以即時警告使用者機密外洩的機制,可令意外洩漏機密的使用者不會在未知的情況下一錯再錯,降低機密外洩事件的損害。 The invention further provides a mechanism for promptly warning the user to secretly leak, so that the user who accidentally leaks the secret will not make a mistake in the unknown situation, thereby reducing the damage of the confidential leakage event.
1‧‧‧機密資料攔阻系統 1‧‧‧Confidential Data Blocking System
10‧‧‧封包監控交換路由器 10‧‧‧ Packet Monitoring Switch Router
11‧‧‧封包分析單元 11‧‧‧Packet Analysis Unit
12‧‧‧網路行為偵測單元 12‧‧‧Network Behavior Detection Unit
20‧‧‧資料分析稽核伺服器 20‧‧‧Data Analysis Audit Server
30‧‧‧政策群組派送伺服器 30‧‧‧policy group delivery server
S101~S104‧‧‧步驟 S101~S104‧‧‧Steps
S201~S209‧‧‧步驟 S201~S209‧‧‧Steps
第1圖為本發明基於封包分析之機密資料攔阻系統之架構示意圖。 FIG. 1 is a schematic structural diagram of a confidential data blocking system based on packet analysis according to the present invention.
第2圖為本發明之封包監控交換路由器之架構方塊圖。 Figure 2 is a block diagram showing the architecture of a packet monitoring switching router of the present invention.
第3圖為本發明之基於封包分析之機密資料攔阻方法。 Figure 3 is a confidential data blocking method based on packet analysis of the present invention.
第4圖為本發明一實施例之實施流程圖。 Figure 4 is a flow chart showing an embodiment of the present invention.
以下將描述具體之實施例以說明本發明之實施態樣,惟其並非用以限制本發明所欲保護之範疇。 The specific embodiments are described below to illustrate the embodiments of the invention, but are not intended to limit the scope of the invention.
請參閱第1圖,其係為本發明之基於封包分析之機密資料攔阻系統。機密資料攔阻系統1包含封包監控交換路由器10、資料分析稽核伺服器20以及政策群組派送伺服器30,上述路由器、各伺服器皆採用ASUSTM之機架式伺服器。政策群組派送伺服器30係儲存一機密政策資訊,而機密政策資訊係記錄需進行攔阻管制資料之特徵值,其機密政策資訊共分為五大類,分別為:關鍵字政策、檔案指紋政策、檔案相似度比對政策、部分 文件比對政策以及個資樣版政策。特徵值內容依據政策類別各有不同,關鍵字政策之特徵值為字詞的集合;檔案指紋政策之特徵值為被定義為機密之檔案的雜湊值;檔案相似度比對政策之特徵值為被定義為機密之檔案中的常用字詞及其權重;部分文件比對政策之特徵值為一段被定義為機密之文字的校驗碼;個資樣板政策與前四類政策較為不同,未有特徵值的概念,主要為定義個資欄位管制資訊,該些個資欄位如下:姓名、身分證字號、住址、電話以及生日,個資樣板政策可定義要將那些欄位列入管制。資料分析稽核伺服器20係電性連接政策群組派送伺服器30,以存取其機密政策資訊。封包監控交換路由器10係電性連接資料分析稽核伺服器20,請共同參閱第2圖,且封包監控交換路由器10更包含封包分析單元11以及網路行為偵測單元12。封包分析單元11係自使用者之操作環境之內部網路接收複數個網路封包,並依據各個網路封包之一連線類別將各個網路封包設置到複數個網路會談(session)群組其中之一。而網路行為偵測單元12係電性連接封包分析單元11,且網路行為偵測單元12更進行一檢測比對,其檢測比對係判斷設置在各個網路會談群組之各網路封包是否包含一內容資訊,並觸發資料分析稽核伺服器20進行機密資料比對,其內容資訊係描述各網路封包所含之內容是否得以組合成完整之內文。前述之機密資料比對係將複數個網路封包之各內容資訊 還原為檔案形式與機密政策資訊進行比對,而網路行為偵測單元12更依據機密資料比對結果對各個網路封包進行攔阻管制。 Please refer to FIG. 1 , which is a confidential data blocking system based on packet analysis of the present invention. The confidential data blocking system 1 includes a packet monitoring switching router 10, a data analysis auditing server 20, and a policy group dispatching server 30. The router and each server use an ASUSTM rack server. The policy group dispatch server 30 stores a confidential policy information, and the confidential policy information records the characteristic values of the blocked control data. The confidential policy information is divided into five categories: keyword policy, file fingerprint policy, Archive similarity comparison policy, part Document comparison policy and individual sample policy. The content of the feature value varies according to the policy category. The feature value of the keyword policy is the set of words; the feature value of the file fingerprint policy is the hash value of the file defined as confidential; the feature value of the file similarity comparison policy is The common words and their weights in the archives defined as confidential; the characteristic values of some of the document comparison policies are the check codes of a text defined as confidential; the individual sample policy is different from the first four types of policies, and there are no features. The concept of value is mainly to define the information on the control of individual funds. The fields are as follows: name, identity card size, address, telephone number and birthday. The model policy can define those fields to be included in the regulation. The data analysis auditing server 20 is electrically connected to the policy group dispatch server 30 to access its confidential policy information. The packet monitoring and switching router 10 is electrically connected to the data analysis auditing server 20. Please refer to FIG. 2 together, and the packet monitoring switching router 10 further includes a packet analyzing unit 11 and a network behavior detecting unit 12. The packet analysis unit 11 receives a plurality of network packets from the internal network of the user's operating environment, and sets each network packet to a plurality of network session groups according to a connection category of each network packet. one of them. The network behavior detecting unit 12 is electrically connected to the packet analyzing unit 11, and the network behavior detecting unit 12 further performs a detecting comparison, and the detecting comparison system determines the network set in each network meeting group. Whether the packet contains a content information, and triggers the data analysis auditing server 20 to perform confidential data comparison, and the content information describes whether the content contained in each network packet is combined into a complete text. The foregoing confidential information comparison device restores the content information of the plurality of network packets to the file format and the confidential policy information, and the network behavior detecting unit 12 performs the network packet according to the confidential data comparison result. Block control.
前述之網路行為偵測單元12進行之檢測比對係根據該網路會談群組之協定(可能為SMTP協定或HTTP協定等...)進行封包內容之解析,內容資訊在封包中的位置皆因協定差異而不同,故必須依據各協定之 定義來定位出內容資訊的起始處以及結尾處,並將該內容資訊同步寫至一檔案中。如:員工A於企業內部發送一封信件予協力廠商,此信件包含一內文及一PDF附加檔案,當封包分析單元11接收到該網路封包時會創建一SMTP之網路會談群組,網路行為偵測單元12即依據SMTP協定之定義分別定位出信件內文的起始處及結尾處,並將信件內文寫至一文字檔(TXT)中;解析附加檔案檔名,定位附加檔案的起始處及結尾處,並依據上述資訊將該檔案還原為PDF檔。爾後觸發資料分析稽核伺服器20進行該二檔案之機密資料比對。 The detection comparison performed by the network behavior detecting unit 12 described above is based on the agreement of the network talk group (possibly SMTP protocol or HTTP protocol, etc.), and the content information is located in the packet. All are different due to differences in the agreement, so they must be based on the agreements. Define to locate the beginning and end of the content information, and write the content information to a file synchronously. For example, employee A sends a letter to the co-operator within the enterprise. The letter contains a text and a PDF attached file. When the packet analysis unit 11 receives the network packet, an SMTP network talk group is created. The network behavior detecting unit 12 respectively locates the beginning and the end of the letter body according to the definition of the SMTP protocol, and writes the text of the letter into a text file (TXT); parses the file name and locates the additional file. At the beginning and end of the page, and restore the file to a PDF file based on the above information. The trigger data analysis auditing server 20 then performs the confidential data comparison of the two files.
前述之其中該連線類別係包含一埠號資訊、一來源網際網路協議(Internet Protocol,簡稱:IP)資訊、一網路封包序列號碼資訊或一網路協定資訊(諸如HTTP、FTP協定等)。且攔阻管制係對該些網路封包進行延遲傳送、丟棄處置、阻擋傳送、傳送警告資訊至該些網路封包之使用端。 In the foregoing, the connection category includes a nickname information, a source Internet Protocol (IP) information, a network packet sequence number information, or a network protocol information (such as HTTP, FTP protocol, etc.). ). And the blocking control system delays the transmission, discards the handling, blocks the transmission, and transmits the warning information to the use ends of the network packets.
請接著參閱第3圖,其為本發明之基於封包分析之機密資料攔阻方法,其方法應用於一種機密資料攔阻系統且包含下列步驟: Please refer to FIG. 3, which is a confidential data blocking method based on packet analysis according to the present invention. The method is applied to a confidential data blocking system and includes the following steps:
步驟S101:自內部網路接收複數個網路封包。 Step S101: Receive a plurality of network packets from the internal network.
步驟S102:依據各個網路封包之一連線類別將前述網路封包設置到複數個網路會談群組其中之一。 Step S102: The foregoing network packet is set to one of a plurality of network talk groups according to a connection category of each network packet.
步驟S103:進行一檢測比對,檢測比對係對設置於在各個網路會談群組之各網路封包判斷是否包含一內容資訊。 Step S103: Perform a detection comparison, and determine whether the comparison pair is set in each network packet of each network talk group to determine whether a content information is included.
步驟S104:依據檢測比對之比對結果進行一機密資料比對,其機密資料比對係將前述網路封包之內容資訊還原為檔案形式與該機密政策資訊進行比對。 Step S104: Perform a confidential data comparison according to the comparison result of the detection comparison, and the confidential data comparison system restores the content information of the network packet to an archive form and compares the confidential policy information.
步驟S105:依據機密資料比對結果對網路封包進行一攔阻管制。 Step S105: Perform a blocking control on the network packet according to the comparison result of the confidential data.
上述方法之連線類別係包含一埠號資訊、一來源網際網路協議資訊、一網路封包序列號碼資訊或一網路協定資訊。而攔阻管制係對該些網路封包進行延遲傳送、丟棄處置、阻擋傳送、傳送警告資訊至該些網路封包之使用端。 The connection category of the above method includes a nickname information, a source internet protocol information, a network packet sequence number information, or a network protocol information. The interception control system delays transmission, discards, blocks transmission, and transmits warning information to the use ends of the network packets.
請共同參閱第1圖至第3圖,其為本發明之一實施例。請接著參考第3圖,其實施流圖如下所示: Please refer to FIG. 1 to FIG. 3 together, which is an embodiment of the present invention. Please refer to Figure 3 below for an implementation flow diagram as follows:
S201:當封包監控交換路由器10接收複數個網路封包後,封包分析單元11對封包之連線類別進行分析,其封包分析單元11係分析網路封包之表頭資訊。 S201: After the packet monitoring switching router 10 receives the plurality of network packets, the packet analyzing unit 11 analyzes the connection category of the packet, and the packet analyzing unit 11 analyzes the header information of the network packet.
S202:將每個網路封包依據所屬之網路會談群組進行分類,諸如:第1網路會談群組、第2網路會談群組、第3網路會談群組…等。 S202: classify each network packet according to the network meeting group to which it belongs, such as: a first network meeting group, a second network meeting group, a third network meeting group, and the like.
S203:判斷每個網路會談群組分析其中是否有內容資訊或有檔案進行外傳之行為,若無,則讓網路封包通過並跳至S209,若有則接續執行S204。 S203: Determine each network talk group to analyze whether there is content information or a file for outgoing behavior. If not, let the network packet pass and jump to S209, and if yes, continue to execute S204.
S204:分析每個網路會談群組內容資訊是否能組成一份文字資訊或檔案。 S204: Analyze whether each network meeting group content information can form a text message or file.
S205:若無法組合文字資訊或檔案則讓網路封包通過,並跳到S209,若可組合成文字資訊則接續執行S206。 S205: If the text information or the file cannot be combined, the network packet is passed, and the process jumps to S209. If the text information can be combined, the S206 is executed.
S206:網路行為偵測單元12會於傳輸行為結束前,預先將網路封包之內容進行還原分析,將網路封包之內容重組還原成一份文字資訊或者是檔案,並觸發資料分析稽核伺服器20進行機密資料分析比對。 S206: The network behavior detecting unit 12 pre-restores the content of the network packet before the end of the transmission behavior, recombines the content of the network packet into a text message or a file, and triggers the data analysis auditing server. 20 Conduct confidential data analysis comparison.
S207:依照資料分析稽核伺服器20內部所定義之機密政策資訊,對文字資訊或檔案進行特徵比對,並依據分析之結果決定此網路封包是否為不可傳 送之機密資料。 S207: According to the confidentiality policy information defined in the auditing server 20, perform feature comparison on the text information or the file, and determine whether the network packet is untransferable according to the analysis result. Send confidential information.
S208:若此網路封包內含為管制傳送之機密資料,則對進行網路封包進行丟棄處理、延遲傳送、阻檔傳送、傳送警告資訊或阻檔發送此網路封包之IP。 S208: If the network packet includes the confidential information for the controlled transmission, the network packet is discarded, delayed, blocked, transmitted, or blocked to send the IP of the network packet.
S209:當下一批網路封包進入封包監控交換路由器10後,封包分析單元將接收到的網路封包之連線類別與現在之網路會談群組匹配之連線類別進行比對,若符合現在之網路會談群組則跳至S203重覆執行,若不符合則跳至S201重覆執行,以建立新的網路會談群組。 S209: After the next batch of network packets enters the packet monitoring switching router 10, the packet analysis unit compares the received network packet connection category with the current network negotiation group matching connection category, if it meets the current The network talk group then jumps to S203 for repeated execution. If not, it jumps to S201 to execute repeatedly to establish a new network talk group.
本發明所提供之基於封包分析的機密資料攔阻系統及方法,與習用技術相互比較時,更具有下列之優點: The confidential data blocking system and method based on packet analysis provided by the present invention have the following advantages when compared with the conventional technology:
(1).本發明可在連線尚未結束前便根據封包內容預判重組被傳送之資訊,提供不同於代理伺服器的一種網路防護機制進行機密資料攔阻。 (1) The present invention can pre-recognize the transmitted information according to the contents of the packet before the connection is completed, and provides a network protection mechanism different from the proxy server for the confidential data blocking.
(2).不同於一般僅能監控側錄網路流量的防護機制,本發明可於封包還未傳送至目的地之前便偵測到此事件,可根據管理者的決定及時判定該資料可被傳送或封鎖。 (2) Unlike the protection mechanism that can only monitor the traffic of the recorded network, the present invention can detect the event before the packet has been transmitted to the destination, and can timely determine that the data can be Transfer or block.
(3).本發明監控到機密外洩事件時,可由封包監控交換路由器立即給予使用者端的應用程式機密外洩警告,如使用者以OutlookTM等郵件軟體寄送機密,封包監控交換路由器會直接回送偽造的警告封包;OutlookTM便會當成直接由電子郵件伺服器(Email Server)回覆的警告信令使用者在機密外洩的瞬間收到警告,而非還須等一般防護機制以別的方式通知使用者。 (3) When the present invention monitors the confidential leakage event, the packet monitoring and switching router can immediately give the user's application confidential leakage warning. If the user sends the confidentiality by using the email software such as OutlookTM, the packet monitoring switching router will directly send back the packet. Forged warning packets; OutlookTM will be used as a warning signaling user replied directly by the email server (Email Server) to receive a warning when the secret is leaked, rather than waiting for the general protection mechanism to notify the user otherwise. By.
綜上所述,本案相較於習知技術更包含上述多項功效,應已充分符合新穎性及進步性之法定發明專利要件,爰依法提出申請,懇請 貴 局核准本件發明專利申請案,以勵發明,至感德便。 In summary, this case contains more than the above-mentioned functions compared with the prior art, and should fully comply with the statutory invention patent requirements of novelty and progressiveness, and apply for it according to law. The bureau approved the application for the invention patent, in order to invent the invention, to the sense of virtue.
上列詳細說明係針對本創作之一可行實施例之具體說明,惟該實施例並非用以限制本發明之專利範圍,凡未脫離本發明技藝精神所為之等效實施或變更,均應包含於本案之專利範圍中。 The detailed description above is a detailed description of one of the possible embodiments of the present invention, and is not intended to limit the scope of the present invention. The patent scope of this case.
1‧‧‧機密資料攔阻系統 1‧‧‧Confidential Data Blocking System
10‧‧‧封包監控交換路由器 10‧‧‧ Packet Monitoring Switch Router
20‧‧‧資料分析稽核伺服器 20‧‧‧Data Analysis Audit Server
30‧‧‧政策群組派送伺服器 30‧‧‧policy group delivery server
Claims (6)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW102142385A TWI520548B (en) | 2013-11-21 | 2013-11-21 | Information System and Its Method of Confidential Data Based on Packet Analysis |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW102142385A TWI520548B (en) | 2013-11-21 | 2013-11-21 | Information System and Its Method of Confidential Data Based on Packet Analysis |
Publications (2)
Publication Number | Publication Date |
---|---|
TW201521407A TW201521407A (en) | 2015-06-01 |
TWI520548B true TWI520548B (en) | 2016-02-01 |
Family
ID=53935176
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW102142385A TWI520548B (en) | 2013-11-21 | 2013-11-21 | Information System and Its Method of Confidential Data Based on Packet Analysis |
Country Status (1)
Country | Link |
---|---|
TW (1) | TWI520548B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP3441903B1 (en) * | 2015-10-14 | 2021-06-09 | Digital Arts Inc. | Access management system and program |
TWI647935B (en) * | 2017-12-28 | 2019-01-11 | 中華電信股份有限公司 | System and method for saving backbone bandwidth |
-
2013
- 2013-11-21 TW TW102142385A patent/TWI520548B/en not_active IP Right Cessation
Also Published As
Publication number | Publication date |
---|---|
TW201521407A (en) | 2015-06-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10229269B1 (en) | Detecting ransomware based on file comparisons | |
TWI678616B (en) | File detection method, device and system | |
US11856011B1 (en) | Multi-vector malware detection data sharing system for improved detection | |
US8549642B2 (en) | Method and system for using spam e-mail honeypots to identify potential malware containing e-mails | |
CN107592303B (en) | Method and device for extracting outgoing files in high-speed mirror image network traffic | |
CN109194680B (en) | Network attack identification method, device and equipment | |
CN102404741B (en) | Method and device for detecting abnormal online of mobile terminal | |
CN107347047B (en) | Attack protection method and device | |
CN109450777B (en) | Session information extraction method, device, equipment and medium | |
JP2008541273A5 (en) | ||
US11636208B2 (en) | Generating models for performing inline malware detection | |
US8713674B1 (en) | Systems and methods for excluding undesirable network transactions | |
US20140344573A1 (en) | Decrypting Files for Data Leakage Protection in an Enterprise Network | |
WO2016082568A1 (en) | Short message safe processing method and apparatus | |
US20230114680A1 (en) | Tunneled monitoring service and method | |
US11038803B2 (en) | Correlating network level and application level traffic | |
TWI520548B (en) | Information System and Its Method of Confidential Data Based on Packet Analysis | |
Kumar et al. | Understanding the behaviour of android sms malware attacks with real smartphones dataset | |
WO2018231637A1 (en) | Multi-destination packet redaction | |
US20230069731A1 (en) | Automatic network signature generation | |
CN107317790B (en) | Network behavior monitoring method and device | |
Adwan et al. | A Manual Mobile phone forensic approach towards the analysis of WhatsApp Seven-Minute Delete Feature | |
US9154513B2 (en) | Communication information analysis system | |
CN113315741B (en) | Detection method, detection device and storage medium | |
CN113726799B (en) | Processing method, device, system and equipment for application layer attack |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
MM4A | Annulment or lapse of patent due to non-payment of fees |