WO2022259516A1 - Système de prévention d'opération interdite, dispositif de prévention d'opération interdite, procédé de prévention d'opération interdite et programme - Google Patents

Système de prévention d'opération interdite, dispositif de prévention d'opération interdite, procédé de prévention d'opération interdite et programme Download PDF

Info

Publication number
WO2022259516A1
WO2022259516A1 PCT/JP2021/022282 JP2021022282W WO2022259516A1 WO 2022259516 A1 WO2022259516 A1 WO 2022259516A1 JP 2021022282 W JP2021022282 W JP 2021022282W WO 2022259516 A1 WO2022259516 A1 WO 2022259516A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
processing request
prohibited
prohibited operation
determination
Prior art date
Application number
PCT/JP2021/022282
Other languages
English (en)
Japanese (ja)
Inventor
修 瀧野
慧 高橋
敏行 森山
賢治 太田
Original Assignee
日本電信電話株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日本電信電話株式会社 filed Critical 日本電信電話株式会社
Priority to PCT/JP2021/022282 priority Critical patent/WO2022259516A1/fr
Publication of WO2022259516A1 publication Critical patent/WO2022259516A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules

Definitions

  • the present invention relates to a prohibited operation prevention system, a prohibited operation prevention device, a prohibited operation prevention method, and a program for preventing prohibited operations by a data analyst in a secure computing system that performs statistical processing of data while it is encrypted.
  • a secure computing system receives sensitive data held by a data provider that is not suitable for disclosure in an encrypted state from the data provider, and when the data analyst instructs data processing, it remains in the encrypted state at all times.
  • This system is characterized in that data processing is performed without being plaintext, and that only the processing results can be obtained by data analysts.
  • Prohibited operations include, for example, operations that require the data provider to ⁇ view information that the data provider does not want to view'' and operations that result in ⁇ infringement of personal information through information search operations for identifying individuals''.
  • Non-Patent Document 1 As a method of prohibiting specific operations, it is widely known that the permitted or prohibited operations and targets (persons, organizations, IP addresses, etc.) are set in advance in a list or the like to impose restrictions. As an example, there is a whitelist/blacklist system that is often used to permit or prohibit connection in Internet security (Non-Patent Document 1).
  • the data processing performed by the data analyst was limited to the extent permitted by the data provider, and the scope of data processing that the data analyst could carry out was restricted.
  • An example of implementation in a secure computing system is to prepare a correspondence table of data analysts and possible operations that data analysts may perform, and limit the data processing instructions that data analysts can select. .
  • the data provider decides on prohibited operations on the data to be provided in an encrypted state for each data analyst and the conditions for permitting such operations, and It is necessary to implement such as specifying it in the calculation system.
  • the secure computing system aims to ensure that the provided sensitive data is constantly handled in an encrypted state through implementation and operation that stipulates prohibited operations and does not allow such operations to be performed.
  • the data provider originally does not want browsing behavior that involves data decryption, including partial decryption processing of data records, and data analysts need it to verify hypotheses. There is a tendency to make many or all of the free data decryption prohibited operations.
  • data analysts plan data processing procedures in their work and process data according to the procedures. For each data process, there are a number of processing parameters, such as the extent of data utilized and the statistical analysis method employed. Data analysts make hypotheses about processing parameters, evaluate them, change the parameters, evaluate them again, compare them, and determine better parameters. There is A data processing procedure is drawn up using the finally determined parameters, and data analysis is performed accordingly.
  • Data analysts are unable to perform ideal data processing (such as selective decryption of data records) for verifying hypotheses in the planning of data processing procedures, resulting in deterioration in the quality of examination results and efficiency in examination work.
  • ideal data processing such as selective decryption of data records
  • the data analyst will have to conduct a brute-force trial-and-error process when determining parameters.
  • the planning activities are literally fumbling around, resulting in a significant deterioration in operational efficiency.
  • the data provider predefines prohibited operations using the conventional method, even if the data set provided is one, the prohibited operations must be specified in detail for each individual or group of data analysts. , and specify it in advance for the implementation or operation of the secure computing system. Furthermore, in each data analysis, if the purpose of data processing or the range of target data changes, the data provider will consider whether it is necessary to review the designation of prohibited operations, and will notify the individual or group of data analysts of prohibited operations on a case-by-case basis. It is necessary to change the designation of , or to specify the implementation or operation of the secure computing system, which further aggravates the complexity.
  • a prohibited operation prevention system includes a data analyst device that outputs a processing request regarding data analysis, a log recording device, and a log recording of detected activity logs.
  • a judging device that provides a prohibited operation judgment AI with an operation detection device stored in the device, a processing request, and an activity log related to the processing request, and acquires a judgment result indicating whether the processing request corresponds to a prohibited operation. If it is judged that the processing request corresponds to a prohibited operation, the processing request is blocked, the fact of the blocking is reported to the data analysis supervisor along with related information, and the judgment result that the processing request does not correspond to the prohibited operation is obtained.
  • it includes a blocking notification device that transmits a processing request to a secure computing system, and a secure computing system that executes secure computation in response to the processing request.
  • a blocking notification device that transmits a processing request to a secure computing system
  • a secure computing system that executes secure computation in response to the processing request.
  • it is an AI trained using a prohibited operation data set containing multiple variations created by inserting unnecessary processing requests.
  • a prohibited-operation prevention device provides a processing request and an activity log related to the processing request to a prohibited-operation determination AI so that the processing request is prohibited.
  • a judgment unit that acquires a judgment result indicating whether or not it corresponds to an operation, and if the judgment result indicates that the processing request corresponds to a prohibited operation, the processing request is blocked, and the data analysis supervisor reports the fact of the blocking along with related information.
  • a blocking notification unit that transmits the processing request to the secure computing system in the case of a judgment result that the processing request does not correspond to a prohibited operation, and the prohibited operation determination AI detects each of a plurality of basic prohibited operations. AI is trained using a prohibited operation data set containing multiple variations created by inserting unnecessary processing requests for .
  • a prohibited operation prevention method includes the steps of: a data analyst device outputting a processing request relating to data analysis; a step of storing the log in the log recording device; and a determination device providing the processing request and the activity log related to the processing request to the prohibited operation determination AI to determine whether the processing request corresponds to the prohibited operation.
  • the prohibited operation determination AI is an AI that has been trained using a prohibited operation data set that includes multiple variations created by inserting unnecessary processing requests for each of multiple basic prohibited operations. be.
  • FIG. 10 is a diagram for explaining prior art 1; FIG. 10 is a diagram for explaining conventional technique 2; 1 is a configuration diagram of a prohibited operation prevention system according to a first embodiment; FIG. A diagram for explaining a preparation stage and an operation stage.
  • FIG. 4 is a diagram for explaining the flow of data in the operation stage; The block diagram of the prohibited operation prevention system of a preparation stage.
  • FIG. 4 is a flow diagram of a prohibited operation prevention system in a preliminary stage;
  • FIG. 4 is a diagram showing an example of a prohibited operation data set;
  • FIG. 2 is a configuration diagram of a prohibited operation prevention system in the operation stage;
  • FIG. 4 is a flowchart of the prohibited operation prevention system in the operation stage; The figure which shows the structural example of the computer which applies this method.
  • the secure computing system 93 is provided with the data operator list L for data manipulation by the data analyst 92A, and unauthorized manipulation is prevented by restricting access.
  • a "data provider” (data provider 91 in the example of FIG. 1) who provides sensitive data such as personal information and a "data analyst” who performs data analysis work (In the example of FIG. 1, the data analyst 92A) agrees on whether or not to manipulate the data.
  • the data provider 91 creates a data operator list L based on the agreement.
  • the data operator list L includes an ID and authentication data (Password) for each operator.
  • the data provider 91 passes the data operator list L to the secure computing system 93, assigns an ID and authentication data (password) to the agreed data analyst 92A, and notifies them.
  • the secure computing system 93 Before accepting a processing request from the data analyst 92A, the secure computing system 93 makes the requester enter an ID and authentication data for authentication. In the example of FIG. 1, only authorized persons are permitted to perform data analysis work.
  • This prior art 1 is operated on the premise that the data analyst 92A always performs correct processing and only permitted processing. cannot be prevented. Moreover, when there are many data analysts, each person or group must be registered in advance, which is complicated.
  • the secure computing system 93 is provided with the definition L2 of the permitted range of data manipulation to impose manipulation restrictions on data manipulation by the data analyst 92A.
  • the data provider 91 and the data analyst 92A agree on whether or not data manipulation is possible, or it is assumed that they have agreed, and the data analyst 92A is given a predetermined data analysis work.
  • the data provider 91 passes the definition L 2 of the permitted range of data manipulation to the secure computing system 93 .
  • the secure computing system 93 determines whether or not to permit a predetermined data analysis work according to the operation and conditions based on the definition L2 of the permitted range of data manipulation.
  • the data provider 91 provides the data analyst 92A with the definition L2 of the data manipulation permission range for permissible and bad manipulations each time, and then, before data analysis work, It is necessary to agree on the scope of permission.
  • the data analyst 92A unintentionally performs operations disadvantageous to the data provider 91 (for example, extracting personal information, searching operations that identify individuals, etc.), and the data provider 91 or the data analyst 92A is not permitted to perform the operations necessary to complete the work, the work cannot be completed, or the work efficiency deteriorates. Sometimes.
  • One example of the definition of the data operation permission range is whether or not each operation (issue of a processing request (query), data combination operation, data access operation, etc.) that can be performed in the secure computing system 93 can be performed (Fig. In example 2, a combination of ⁇ ) and implementation conditions (conditions a to n to be satisfied in the example) is determined, and an embodiment is conceivable in which the operation of the secure computing system 93 is restricted accordingly.
  • AI determines whether or not a processing request corresponds to a prohibited operation, thereby preventing the prohibited operation.
  • a prohibited operation data set is created, which is a data set in which various types of behavior related to the analysis processing of the data analyst are recorded, and types of operations that are not permitted by the data provider are collected as "prohibited operations". do.
  • AI artificial intelligence
  • AI is educated using the prohibited operation data set, and a prohibited operation determination AI is constructed.
  • the operation detection device acquires an activity log containing the details of requests made by the data analyst to the secure computing system in real time for each data analyst and accumulates it in the log recording device. If necessary, the data analysis supervisor refers to the recorded activity log in real time or after the event, and checks, suppresses, and instructs the data analyst on prohibited operations to prevent recurrence.
  • the activity log time, terminal operation, request to the secure computing system, etc.
  • the judgment device in real time, and from the judgment device to the prohibited operation judgment AI, It is determined whether or not it corresponds to a prohibited operation.
  • processing requests to the secure computing system data processing instructions, etc.
  • the processing request is transmitted to the secure computing system, the data is processed, and the processing result is sent to the data analyst. returned.
  • the processing request will be blocked by the blocking notification device and will not be transmitted to the secure computing system.
  • the blocking notification device notifies the data analysis supervisor of the prohibited operation report.
  • the cost for the data provider to create and update the data operator list L and the data operation permitted range definition L2 can be saved.
  • the prohibited operation determination AI determines whether or not the processing request corresponds to the prohibited operation, it is possible to avoid the problem that the data provider excessively sets prohibited actions.
  • FIG. 3 shows a configuration diagram of the prohibited operation prevention system according to the first embodiment.
  • the prohibited operation prevention system includes a data provider device 100 used by the data provider 91, a data analyst device 110 used by the data analyst 92A, a secure computing system 93, and a data analysis system used by the data analysis supervisor 94. It includes a supervisor device 120 , an operation detection device 130 , a determination device 140 , a shutdown reporting device 150 and a log recording device 160 .
  • the processing in the prohibited operation prevention system according to the first embodiment is divided into a preparation stage and an operation stage (see FIG. 4).
  • the data provider 91 prepares as many patterns of operations that would be inconvenient if performed, and prepares a prohibited operation data set that combines the operations and a large amount of information remaining in the log.
  • the data provider device 100 operated by the data provider 91 educates the AI using the prohibited operation data set, prepares the prohibited operation determination AI, and places it in the determination device 140 .
  • the prohibited operations specified by the data provider 91 by preparing many variations of prohibited operations, putting them together in a prohibited operation data set, and educating AI, even if there are multiple data analysts, each data analyst can Even if the business and confidential data to be analyzed are different, the same prohibited operation judgment AI can be used to make judgments, eliminating the need for individual responses for each data analyst.
  • the determination device 140 with the prohibited operation determination AI is installed in the front stage of receiving the command from the data analyst device 110. Deploy.
  • FIG. 5 is a diagram for explaining the flow of data in the operation stage.
  • the operation detection device 130 passes all action information and operations of the data analysts 92A, 92B, .
  • the prohibited operation determination AI determines whether the processing request is a prohibited operation each time.
  • the prohibited operation judgment AI judges the processing request of each data analyst brought in real time at any time, and if it judges that it is a prohibited operation, it blocks the operation to the secure computing system 93 via the blocking notification device 150.
  • the data analysis supervisor 94 who supervises the work via the data analysis supervisor device 120 (see FIG. 5). If the determination device 140 determines that the operation is not prohibited, it transmits a processing request to the secure computing system 93 via the interruption notification device 150 , and the secure computing system 93 returns the processing result to the data analyst device 110 .
  • This method improves operational efficiency by eliminating the need for the data provider 91 and the data analysts 92A, 92B, .
  • the operation restriction range of the data analysts 92A, 92B, . . . , 92N do not excessively limit data manipulation options necessary for improving analysis quality, and deterioration of work efficiency and deterioration of result quality can be avoided.
  • Each device that constitutes the prohibited operation prevention system has a central processing unit (CPU: Central Processing Unit), a main memory (RAM: Random Access Memory), etc.
  • CPU Central Processing Unit
  • main memory RAM: Random Access Memory
  • a special program is loaded into a publicly known or dedicated computer. It is a special device configured with Each device executes each process under the control of, for example, a central processing unit. Data input to each device and data obtained in each process are stored, for example, in a main memory device, and the data stored in the main memory device are read out to the central processing unit as necessary and stored in other processing units. used for processing. At least a part of each processing unit of each device may be configured by hardware such as an integrated circuit.
  • Each storage unit provided in each device can be configured by, for example, a main storage device such as RAM (Random Access Memory), or middleware such as a relational database or a key-value store.
  • a main storage device such as RAM (Random Access Memory), or middleware such as a relational database or a key-value store.
  • middleware such as a relational database or a key-value store.
  • each storage unit does not necessarily have to be provided inside each device. It is good also as a structure prepared for.
  • FIG. 6 shows a configuration diagram of the preparatory stage
  • FIG. 7 shows a flow chart of the preparatory stage.
  • the data provider 91 provides the secure computing system 93 after encrypting sensitive data managed and owned by the data provider 91 . It also defines prohibited operations in relation to data processing and data analysis.
  • the data provider device 100 is a terminal operated by the data provider 91 or a person who receives a request from the data provider 91 .
  • Data analysts 92A, 92B, ..., 92N and data analyst device 110 Data analysts 92A, 92B, .
  • the data analyst 92A performs data analysis according to the data processing procedure and obtains processing results.
  • the data analyst device 110 is a terminal operated by the data analyst 92A, and is a terminal used when the data analyst 92A connects to the secure computing system 93 and performs data analysis.
  • the prohibited operation data set is an AI training data set configured by collecting a large number of variations regarding a series of operation procedures that are regarded as prohibited operations determined by the data provider 91 .
  • FIG. 8 shows an example of a prohibited operation data set.
  • the data provider 91 prepares a large number of basic prohibited operations, inserts various unnecessary processing requests into each basic prohibited operation, and creates a large number of variations.
  • a large number of prohibited operations are created and set as a prohibited operation data set. In this way, a plurality of seemingly normal processing requests are inserted into the basic prohibited operation, and a large number of variations are prepared in which prohibited operations are included.
  • a prohibited operation data set consisting of only prohibited operations is used as a data set for AI training. May be included in educational datasets.
  • prohibited operations included in the prohibited operation data set are labeled as prohibited operations
  • appropriate operations are labeled as appropriate operations, and used for AI training.
  • the data provider 91 prepares a large number of basic appropriate operations, inserts various unnecessary processing requests into each basic appropriate operation, and creates a large amount of variations. may be created as an appropriate operation data set, and an AI training data set including a prohibited operation data set and an appropriate operation data set may be prepared. Note that the AI training data set always includes the prohibited operation data set, but does not necessarily include the appropriate operation data set.
  • AI here means pre-learning AI that becomes prohibited operation judgment AI through education.
  • the prohibited operation judging AI is an AI that has received training from a prohibited operation data set and has acquired the ability to make judgments about prohibited operations.
  • This prohibited operation determination AI not only includes a series of data processing that the data provider 91 considers to be prohibited operations, but also includes a wide variety of seemingly irrelevant operations in the middle of the procedure, which may or may not have malicious intent. Even if it is intervening in the Be expected.
  • the purpose of the education is to determine whether or not there is no danger of infringement of personal information when instructions are given to secure computing.
  • the AI education method it is possible to use a supervised education method, which is used to directly determine whether the judgment result by AI is in a dangerous state or not.
  • a learning database that collects cases that should not be implemented and a learning database that collects cases that are normally recognized without the risk of infringement.
  • the role of AI is to determine the type of situation in which instructions to secure computation are given, including dangerous situations, it is possible to use an unsupervised education method. .
  • CNN Convolutional Neural Network
  • GAN Geneative Adversarial Network
  • AI can be trained by the training method of Reference 1 to obtain a prohibited operation determination AI.
  • the judgment device 140 has a built-in prohibited operation judgment AI.
  • the prohibited operation determination AI is a function used by the determination device 140 and does not necessarily have to be built into the determination device 140 .
  • the prohibited operation determination AI can be placed in a physical external environment such as a cloud or a virtual environment via a secure communication path as an external function of the determination device 140 .
  • the data provider 91 and the data analyst 92A confirm the analysis guidelines for the provided data (S101).
  • the data provider 91 or a person who receives a request from the data provider 91 operates the data provider device 100 to create a large number of basic prohibited operations according to the analysis guideline, and A large number of variations are created by inserting one or more various unnecessary processing requests for the operation, and a prohibited operation data set is created (S103).
  • the data provider 91 or those requested by the data provider 91 use the prohibited operation data set to educate the AI and acquire the prohibited operation determination AI (S105).
  • the data provider 91 associates the prohibited operation determination AI with the secure computing system 93 (S107), and places the prohibited operation determination AI in the determination device 140 (S109).
  • the data provider 91 provides and registers the sensitive data to be provided to the secure computing system 93 (S111).
  • FIG. 9 shows a block diagram of the operation stage
  • FIG. 10 shows a flow chart of the operation stage.
  • the operation detection devices 130 are arranged inside or outside the data analyst's device 110, or are distributed inside and outside the data analyst's device 110.
  • the operation detection devices 130 are arranged not only for processing requests to the data analyst's device 110 made by the data analyst 92A, but also for the data analyst 92A.
  • a wide range of logs (hereinafter also referred to as "activity logs") relating to the data analysis activities of the data analyst 92A are obtained.
  • the operation detection device 130 transmits the detected activity log to the determination device 140 in real time or at a predetermined timing (see FIG. 5).
  • the activity log other than the processing request and the processing request are described as being integrated. Although they need to be transmitted, they are not necessarily treated as a single communication (data packet) for transmission to decision device 140 .
  • the activity log is a wide range of logs related to the data analysis activities of the data analyst 92A.
  • Information related to the data analyst device 110 such as a terminal operation log detected by the device 130 is recorded as an activity log, which is a collection of log data managed in an integrated manner in association with time data.
  • the activity log data set includes, for example, (a) operator ID, (b) date and time, (c) log type, and (d) log content.
  • Log types include (i) request content, (ii) terminal status, (iii) terminal operation, and (iv) automatic acquisition log.
  • Log contents include data records as logs defined in advance according to the log type.
  • a data record can be exemplified by a structure such as a list structure of index names and values.
  • the content of the request is the content of the request to the secure computing system 93 such as SQL.
  • Terminal status includes terminal environment setting information, WiFi usage, IP address, GPS coordinates, system access status, terminal monitoring data, terminal environment variables and memory status (memory consumption status, etc.) and disk It is the data that the terminal OS is instructed to monitor and report, such as the start-up end time of main OS-related processes, the number of processes, and the status of active processes.
  • Terminal operation is a record of operations on the terminal, including a terminal operation log and a record of operations such as power ON/OFF.
  • Automatically obtained logs include opening and closing of indoor doors in the workplace, logs of entering and exiting the room where the terminal is installed, the status of workers who operate the terminal, their time information, the temperature of the space (room temperature), , logs acquired by IoT devices in the physical world surrounding the worker such as the implementation of authentication operations, surveillance camera images and link information to their recorded files, information related to disasters, and the like.
  • the log recording device 160 records activity logs detected by the operation detection device 130 at any time.
  • the log recording device 160 is arranged inside or outside the data analyst device 110, or distributed inside and outside.
  • the log recording device 160 may be arranged in a physical external environment such as a cloud or a virtual environment via a secure communication path.
  • the determination device 140 receives the activity log from the operation detection device 130 , causes the prohibited operation determination AI to determine whether the operation is prohibited, and transmits the determination result to the shutdown notification device 150 .
  • the prohibited operation determination AI analyzes the received series of activity logs and determines each time whether the series of operations by the data analyst 92A corresponds to prohibited operations.
  • the determination device 140 may be a part of the secure computing system 93, which will be described later, or may be a separate device.
  • the shutdown notification device 150 is arranged inside or outside the determination device 140, or distributed inside and outside.
  • the blocking notification device 150 performs blocking processing to prevent the processing request that the data analyst 92A attempted to execute from being transmitted to the secure computing system 93, and performs data analysis.
  • the data analysis supervisor 94 who is the supervisor of the person 92A, is notified via the data analysis supervisor device 120.
  • the cut-off notification device 150 transmits to the secure computing system 93 the processing request that the data analyst 92A attempted to perform.
  • reporting means transmitting the following reporting information to the data analysis supervisor device 120.
  • the report information is a set of information related to prohibited operation determination by AI, which is transmitted by the cut-off report device 150 to the data analysis supervisor device 120 .
  • the message included in the report information is displayed on the display section of the data analysis supervisor device 120 and is transmitted to the data analysis supervisor 94 . It should be noted that a configuration may be adopted in which an alarm sound or the like is reproduced by a speaker or the like while being displayed on the display unit. An example of report information is shown below.
  • Deviation Deviation from normal operation time
  • Concern Searching for personal information by performing inappropriate operations after a long period of time
  • Necessity of action Necessary (infringement level “moderate”): Real-time communication to the operator Confirmation, preparation for business shutdown. ”
  • Infringement levels include, for example, "serious (serious concern about violation)/important (major concern about violation)/moderate (violation/deviation from multiple viewpoints)/monitoring required (occurrence of deviation)/normal” etc. can be considered.
  • the determination device 140 and the shutdown notification device 150 cooperate to prevent prohibited operations by the data analyst.
  • the device is also called a prohibited operation prevention device.
  • the data analysis supervisor 94 has the role of managing and supervising proper operation of the entire data analysis work.
  • the data analysis supervisor device 120 is a terminal operated by the data analysis supervisor 94 .
  • the data analysis supervisor 94 supervises the data analysts 92A, 92B, . Analyze the background of the case, etc.
  • the secure computing system 93 holds sensitive data provided in an encrypted state by the data provider 91, performs data processing (mainly statistical processing) according to the processing request transmitted from the data analyst 92A, and outputs the processing result. is returned to data analyst 92A via data analyst device 110.
  • data processing mainly statistical processing
  • the operation detection device 130 stores the detected activity log in the log recording device 160 as needed (S201).
  • the data analyst 92A outputs a processing request regarding data analysis via the data analyst device 110 (S203).
  • the operation detection device 130 detects the operation related to the processing request, and stores it in the log recording device 160 together with the time data.
  • Determining device 140 receives a processing request and stores an activity log of data analyst 92A making the processing request and data analyst device 110 operated by data analyst 92A (hereinafter also referred to as "activity log related to the processing request"). Take out from the log recording device 160 (S205).
  • the operation detection device 130 that has detected the operation related to the processing request may be configured to extract the activity log related to the processing request from the log recording device 160 and output it to the determination device 140 .
  • the determination device 140 receives the processing request and the activity log related to the processing request, supplies them to the prohibited operation determination AI, and the prohibited operation determination AI determines whether the processing request corresponds to the prohibited operation (S207), It outputs the determination result and the processing request to the interruption notification device 150 .
  • prohibited operations not only processing requests, but also activity logs related to processing requests other than processing requests (such as room entry and exit logs) are input to the prohibited operation judgment AI. , operations at unauthorized times such as late-night hours, and operations unintended by data analysts using virus-infected terminals, etc., and sensitive data accumulated by the secure computing system 93 can be protected more widely than before. .
  • activity logs related to processing requests are related to AI training, and can be implemented to be used for AI training in combination with training data for AI.
  • the above-mentioned AI education is performed using a learning database containing activity logs obtained in situations that should not be implemented and a learning database containing normally recognized activity logs that are not at risk of infringement. .
  • the activity log included in the learning database is created manually, for example.
  • an unsupervised educational method using a learning database containing activity logs will be used. Educate AI.
  • the risk state led by AI considering the risk state led by AI, whether to accept it as input to the secure calculation system It may be determined whether or not to block (whether or not it corresponds to the prohibited operation).
  • a rule for judging whether the operation is malicious or not is manually created based on empirical rules, and the prohibited operation judgment AI of the judging device 140 refers to this rule to determine whether the operation is malicious or not based on the contents of the activity log. It determines whether or not there is a possibility of malicious operation, and furthermore, the prohibited operation determination AI takes into consideration the risk state derived from the processing request, and finally determines whether the processing request corresponds to the prohibited operation.
  • the blocking notification device 150 blocks the processing request so that it is not transmitted to the secure computing system 93 (S209), and reports the fact of blocking together with related information as "report information.” ” is reported to the data analysis supervisor 94 via the data analysis supervisor device 120 (S211), and prompts for a response.
  • the shutdown notification device 150 When the shutdown notification device 150 receives the judgment result that the processing request does not correspond to the prohibited operation, it transmits the processing request to the secure computing system 93 (S213).
  • the secure computation system 93 executes secure computation according to the processing request, and returns the computation result to the data analyst 92A via the data analyst device 110.
  • shutdown notification device 150 stores the determination result in the log recording device 160 (S215).
  • the interruption notification device 150 stores the judgment result and the notification information in the log recording device 160 (S215).
  • the data analysis supervisor 94 When the data analysis supervisor 94 receives the report information, it accesses the logging device 160 via the data analysis supervisor device 120 and analyzes the processing request of the data analyst 92A corresponding to the report information and the activity related to the processing request. The log is checked (S217), and the audit response to the data analyst 92A is performed (S219). Note that each process can be performed independently regardless of the context.
  • the prohibited operation determination AI can be prepared, in principle, as long as the data provider 91 does not change the "permitted data operation range", adjustment operations for the secure computing system 93 are unnecessary, thereby reducing complexity. Therefore, it is possible to avoid the occurrence of enormous manpower and cost.
  • the data analyst 92A when the data analyst 92A is not permitted to view data that is required for hypothesis verification, conventionally, the data is provisionally placed in a round-robin manner, the processing is repeated for hypothesis verification, and the processing result is obtained. Together, the optimal analytical parameters were determined. If the prohibited operation determination AI does not prohibit the browsing operation of the data analyst 92A, brute-force analysis work can be reduced, and operational efficiency can be achieved. In addition, since the prohibited operation determination AI draws attention to the prevention of prohibited operations, the monitoring burden on the data analysis supervisor 94 can be greatly reduced.
  • the present invention is not limited to the above embodiments and modifications.
  • the various types of processing described above may not only be executed in chronological order according to the description, but may also be executed in parallel or individually according to the processing capacity of the device that executes the processing or as necessary.
  • appropriate modifications are possible without departing from the gist of the present invention.
  • a program that describes this process can be recorded on a computer-readable recording medium.
  • Any computer-readable recording medium may be used, for example, a magnetic recording device, an optical disk, a magneto-optical recording medium, a semiconductor memory, or the like.
  • this program is carried out, for example, by selling, assigning, lending, etc. portable recording media such as DVDs and CD-ROMs on which the program is recorded.
  • the program may be distributed by storing the program in the storage device of the server computer and transferring the program from the server computer to other computers via the network.
  • a computer that executes such a program for example, first stores the program recorded on a portable recording medium or the program transferred from the server computer once in its own storage device. Then, when executing the process, this computer reads the program stored in its own recording medium and executes the process according to the read program. Also, as another execution form of this program, the computer may read the program directly from a portable recording medium and execute processing according to the program, and the program is transferred from the server computer to this computer. Each time, the processing according to the received program may be executed sequentially. In addition, the above-mentioned processing is executed by a so-called ASP (Application Service Provider) type service, which does not transfer the program from the server computer to this computer, and realizes the processing function only by its execution instruction and result acquisition. may be It should be noted that the program in this embodiment includes information that is used for processing by a computer and that conforms to the program (data that is not a direct instruction to the computer but has the property of prescribing the processing of the computer, etc.).
  • ASP
  • the device is configured by executing a predetermined program on a computer, but at least part of these processing contents may be implemented by hardware.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention concerne un système de prévention d'opération interdite et similaire qui réduit la complexité pour un fournisseur de données et améliore l'efficacité de travail pour un fournisseur de données. La présente invention comprend : un dispositif de détermination qui transmet une demande de traitement et un journal d'activités se rapportant à la demande de traitement à une IA de détermination d'opération interdite, et acquiert un résultat de détermination indiquant si la demande de traitement correspond à une opération interdite; et un dispositif de signalement de blocage qui, dans le cas d'un résultat de détermination indiquant que la demande de traitement correspond à une opération interdite, bloque la demande de traitement et signale le blocage conjointement avec des informations associées à un superviseur d'analyse de données, et qui, dans le cas d'un résultat de détermination indiquant que la demande de traitement ne correspond pas à une opération interdite, transmet la demande de traitement à un système de calcul secret. L'IA de détermination d'opération interdite est entraînée à l'aide d'un ensemble de données d'opération interdite comprenant une pluralité de variations créées par insertion d'une demande de traitement inutile dans chaque opération d'une pluralité d'opérations interdites de base.
PCT/JP2021/022282 2021-06-11 2021-06-11 Système de prévention d'opération interdite, dispositif de prévention d'opération interdite, procédé de prévention d'opération interdite et programme WO2022259516A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/JP2021/022282 WO2022259516A1 (fr) 2021-06-11 2021-06-11 Système de prévention d'opération interdite, dispositif de prévention d'opération interdite, procédé de prévention d'opération interdite et programme

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2021/022282 WO2022259516A1 (fr) 2021-06-11 2021-06-11 Système de prévention d'opération interdite, dispositif de prévention d'opération interdite, procédé de prévention d'opération interdite et programme

Publications (1)

Publication Number Publication Date
WO2022259516A1 true WO2022259516A1 (fr) 2022-12-15

Family

ID=84424629

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2021/022282 WO2022259516A1 (fr) 2021-06-11 2021-06-11 Système de prévention d'opération interdite, dispositif de prévention d'opération interdite, procédé de prévention d'opération interdite et programme

Country Status (1)

Country Link
WO (1) WO2022259516A1 (fr)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2011198256A (ja) * 2010-03-23 2011-10-06 Nomura Research Institute Ltd コンテント保護装置
JP2015201049A (ja) * 2014-04-08 2015-11-12 日本電信電話株式会社 アクセス権限処理システム、アクセス権限処理方法、及びプログラム
JP2020047037A (ja) * 2018-09-20 2020-03-26 日本電信電話株式会社 個人情報保護装置、個人情報保護方法及びプログラム
JP6795863B1 (ja) * 2020-01-24 2020-12-02 Eaglys株式会社 秘密計算用変換装置、秘密計算システム、秘密計算用変換方法、および秘密計算用変換プログラム

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2011198256A (ja) * 2010-03-23 2011-10-06 Nomura Research Institute Ltd コンテント保護装置
JP2015201049A (ja) * 2014-04-08 2015-11-12 日本電信電話株式会社 アクセス権限処理システム、アクセス権限処理方法、及びプログラム
JP2020047037A (ja) * 2018-09-20 2020-03-26 日本電信電話株式会社 個人情報保護装置、個人情報保護方法及びプログラム
JP6795863B1 (ja) * 2020-01-24 2020-12-02 Eaglys株式会社 秘密計算用変換装置、秘密計算システム、秘密計算用変換方法、および秘密計算用変換プログラム

Similar Documents

Publication Publication Date Title
US10154066B1 (en) Context-aware compromise assessment
KR100732789B1 (ko) 데이터 베이스 시스템을 모니터링하기 위한 방법 및 장치
RU2589852C2 (ru) Система и способ автоматической регулировки правил контроля приложений
US20180137288A1 (en) System and method for modeling security threats to prioritize threat remediation scheduling
CN108683652A (zh) 一种基于行为权限的处理网络攻击行为的方法及装置
TW201937390A (zh) 用於網路資料管理之資料界定架構
US11539751B2 (en) Data management platform
KR102542720B1 (ko) 제로 트러스트 보안을 위한 행동 인터넷 기반 지능형 데이터 보안 플랫폼 서비스 제공 시스템
EP2323061A2 (fr) Suivi de signature logicielle
US11599659B2 (en) Documenting and annotating code activities
US20100017374A1 (en) Approching control system to the file server
Van Landuyt et al. A descriptive study of assumptions made in linddun privacy threat elicitation
RU2610395C1 (ru) Способ расследования распределенных событий компьютерной безопасности
CN114139178A (zh) 基于数据链路的数据安全监测方法、装置和计算机设备
JP2023543596A (ja) 顧客データ処理のためのシステムおよび方法
JP2019219898A (ja) セキュリティ対策検討ツール
CN117375997A (zh) 一种基于蜜点的恶意流量攻击安全知识平面构建方法
KR20170041614A (ko) 화이트리스트 기반의 네트워크 보안 장치 및 방법
RU2481633C2 (ru) Система и способ автоматического расследования инцидентов безопасности
US20210084061A1 (en) Bio-inspired agile cyber-security assurance framework
JP4843546B2 (ja) 情報漏洩監視システムおよび情報漏洩監視方法
WO2022259516A1 (fr) Système de prévention d'opération interdite, dispositif de prévention d'opération interdite, procédé de prévention d'opération interdite et programme
CN117251850A (zh) 智能数据共享与监控方法及系统
US11651313B1 (en) Insider threat detection using access behavior analysis
US20090222876A1 (en) Positive multi-subsystems security monitoring (pms-sm)

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21945189

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21945189

Country of ref document: EP

Kind code of ref document: A1