[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN112733188A - Sensitive file management method - Google Patents

Sensitive file management method Download PDF

Info

Publication number
CN112733188A
CN112733188A CN202110039654.5A CN202110039654A CN112733188A CN 112733188 A CN112733188 A CN 112733188A CN 202110039654 A CN202110039654 A CN 202110039654A CN 112733188 A CN112733188 A CN 112733188A
Authority
CN
China
Prior art keywords
sensitive
sensitive file
file set
files
virus
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110039654.5A
Other languages
Chinese (zh)
Other versions
CN112733188B (en
Inventor
刘进江
葛旸
杨华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Aerosun Corp
Original Assignee
Aerosun Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Aerosun Corp filed Critical Aerosun Corp
Priority to CN202110039654.5A priority Critical patent/CN112733188B/en
Publication of CN112733188A publication Critical patent/CN112733188A/en
Application granted granted Critical
Publication of CN112733188B publication Critical patent/CN112733188B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • Databases & Information Systems (AREA)
  • Medical Informatics (AREA)
  • Virology (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a sensitive file management method, which comprises the following steps: a sensitive file database is established in advance, and sensitivity is set for sensitive files stored in the sensitive file database; acquiring and analyzing network flow data in a preset time period, screening out a target type file set, and identifying whether a sensitive file exists in the file set according to a sensitive file database; when the sensitive files are determined to exist, performing clustering analysis on the sensitive files to form a sensitive file set; the method comprises the steps of obtaining the sensitivity of each sensitive file in a sensitive file set, calculating the sensitivity polymerization degree of the sensitive file set, establishing the life cycle of the sensitive file set when the sensitivity polymerization degree is determined to be larger than a preset sensitivity polymerization degree threshold value, analyzing the circulation path of the sensitive file set, and sending an alarm prompt when the circulation path of the sensitive file set is determined to deviate from the preset circulation path. The leakage of the sensitive files is avoided, and the circulation process of the sensitive files is effectively monitored.

Description

Sensitive file management method
Technical Field
The invention relates to the technical field of sensitive file management, in particular to a sensitive file management method.
Background
In the current intelligent manufacturing system, the control of sensitive files is relatively lost, and the control is basically controlled by adopting simple authority management. When the authority management is bypassed or the output file is verified through correct authority, the file is not controlled, and sensitive data is easily leaked in the reading and forwarding processes. The method has the advantages that effective monitoring can not be carried out in the process of transferring the sensitive files, the leakage position can not be accurately searched when the sensitive files are leaked, and the safety level of the leakage position can not be timely improved.
Disclosure of Invention
The present invention is directed to solving, at least to some extent, one of the technical problems in the art described above. Therefore, the invention aims to provide a sensitive file management method, which can avoid the leakage of sensitive files, effectively monitor the circulation process of the sensitive files and improve the safety of the sensitive files.
In order to achieve the above object, an embodiment of the present invention provides a sensitive file management method, including:
a sensitive file database is established in advance, and sensitivity is set for sensitive files stored in the sensitive file database;
acquiring and analyzing network flow data in a preset time period, screening out a target type file set, and identifying whether a sensitive file exists in the file set according to the sensitive file database;
when the sensitive files are determined to exist, performing clustering analysis on the sensitive files to form a sensitive file set; acquiring the sensitivity of each sensitive file in the sensitive file set according to the sensitive file database, calculating the sensitivity polymerization degree of the sensitive file set, and judging whether the sensitivity polymerization degree is greater than a preset sensitivity polymerization degree threshold value;
and when the sensitive polymerization degree is determined to be larger than a preset sensitive polymerization degree threshold value, establishing a sensitive file set life cycle, analyzing the circulation path of the sensitive file set, and sending an alarm prompt when the circulation path of the sensitive file set is determined to deviate from the preset circulation path.
According to some embodiments of the present invention, when the sensitive file set is circulated, a working key is obtained according to the sensitive file set;
compressing and encrypting the sensitive file set by using the working key, and obtaining a first encrypted file;
acquiring a public key of a target streaming node, encrypting the working key needle by using the public key, and acquiring an encryption key ciphertext;
and transmitting the first encrypted file and the encrypted key ciphertext to a target circulation node through a network, decrypting the encrypted key ciphertext by the target circulation node based on an internal private key of the target circulation node to obtain a working key, and performing a decryption step on the first encrypted file by using the working key to obtain a decrypted sensitive file set.
According to some embodiments of the invention, the obtaining the working key from the set of sensitive files comprises:
randomly generating a Random character string containing letters and data by using a Random function;
and taking the randomly generated character string as a working key.
According to some embodiments of the present invention, the obtaining a public key of a target streaming node, encrypting the working key pointer by using the public key, and obtaining an encryption key ciphertext includes:
acquiring a public key of a target streaming node through USBKey operation;
and encrypting the working key by using an asymmetric algorithm public key encryption algorithm, and acquiring an encryption key ciphertext.
According to some embodiments of the invention, identifying whether a sensitive file exists in the set of files according to the sensitive file database comprises:
respectively extracting the characteristics of the files in the file set, and extracting characteristic keywords;
standardizing the feature keywords to obtain standardized feature keywords, and judging whether the standardized feature keywords exist in the sensitive file database;
counting the number of the standardized feature keywords in the sensitive file database, and when the number is determined to be larger than the preset number, indicating that the sensitive files exist in the file set.
According to some embodiments of the present invention, when it is determined that there is a sensitive file, performing cluster analysis on the sensitive file to form a sensitive file set, includes:
determining attribute relations among the sensitive files, and determining correlation coefficients among the sensitive files according to the attribute relations;
and sequencing the correlation coefficients among the sensitive files, determining the correlation degree among the sensitive files according to the sizes of the correlation coefficients, and establishing a topological connection relation among the sensitive files to form a sensitive file set.
According to some embodiments of the invention, further comprising:
monitoring a sensitive file database, recording access information of the sensitive file database, and generating a sensitive file access table;
setting the maximum access times to the sensitive files in a preset time period according to the sensitivity of the sensitive files in the sensitive file database;
and inquiring a sensitive file access table to obtain the access times of the target sensitive file in a preset time period, and sending an alarm prompt when the access times are determined to be larger than the maximum access times.
According to some embodiments of the invention, a sensitive file set is encrypted before being circulated;
when the sensitive file set is transferred to a target position, the sensitive file set is decrypted, when the decryption fails or the decrypted sensitive file set is inconsistent with the sensitive file set before encryption, a transfer path of the sensitive file set is obtained, and the transfer node is determined according to the transfer path;
sequentially detecting the risk levels of the transfer nodes, sequencing, screening the transfer nodes with the highest risk level, and acquiring the operation logs of the transfer nodes on the sensitive file set;
analyzing the operation log, judging whether abnormal behaviors exist or not, giving an alarm prompt when the abnormal behaviors exist, blocking the flow node, reducing the risk level of the flow node according to the abnormal behaviors during the blocking period, and switching on the flow node when the risk level is determined to be smaller than a preset risk level.
According to some embodiments of the present invention, before analyzing the network traffic within the preset time period, the method further includes:
and carrying out virus detection on the network flow, analyzing the virus data when the virus data exists in the network flow, calculating to obtain a virus value of the virus data, determining a virus grade according to the virus value and a preset virus grade table, and sending an alarm grade corresponding to the virus grade.
According to some embodiments of the invention, when the network traffic is subjected to virus detection, the effective rate of the virus detection is calculated, and when the effective rate is determined to be less than the preset effective rate, unqualified detection information is sent out and the network traffic is re-detected;
the calculating the effective rate of virus detection comprises the following steps:
calculating a detection difficulty coefficient S of virus data:
Figure BDA0002895202320000051
wherein M is the number of detected virus data; b is a detection scale coefficient;
Figure BDA0002895202320000052
the average length of the detected virus data; a. theiThe length of the detected ith virus data; d is the average distance between the detected adjacent virus data; l is the length of the network flow processed by the wavelet analysis method; n is the number of virus data detected in the network flow processed by the wavelet analysis method;
calculating the effective rate K of virus detection according to the detection difficulty coefficient of virus data:
Figure BDA0002895202320000053
wherein, λ is the average duration of all virus data in the detected network flow; lambda [ alpha ]iThe time length of the detection of the ith virus data; t isiIs a noise value at the time of detecting the ith virus data.
Has the advantages that: the method has the advantages that each sensitive file is prevented from being monitored, a monitoring mechanism for the sensitive file set is established by clustering and analyzing the sensitive files, the sensitive file set with the sensitive polymerization degree larger than the preset sensitive polymerization degree threshold value is effectively monitored, system resources can be effectively saved, the supervision quantity of the sensitive files is reduced, the supervision complexity is reduced, and the supervision efficiency is improved. When the sensitive file is leaked, data tracking can be carried out, the leakage position can be accurately searched, the searching time is shortened, the searching speed is improved, meanwhile, the safety level of the leakage position can be timely improved, and the leakage risk of the sensitive file is reduced.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and drawings.
The technical solution of the present invention is further described in detail by the accompanying drawings and embodiments.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention and not to limit the invention. In the drawings:
FIG. 1 is a flow diagram of a sensitive file management method according to one embodiment of the present invention;
FIG. 2 is a block diagram of a sensitive file management system, according to one embodiment of the present invention.
Detailed Description
The preferred embodiments of the present invention will be described in conjunction with the accompanying drawings, and it will be understood that they are described herein for the purpose of illustration and explanation and not limitation.
As shown in FIG. 1, an embodiment of the first aspect of the present invention provides a sensitive file management method, including steps S1-S4:
s1, a sensitive file database is established in advance, and sensitivity is set for sensitive files stored in the sensitive file database;
s2, acquiring and analyzing network traffic data in a preset time period, screening out a target type file set, and identifying whether a sensitive file exists in the file set according to the sensitive file database;
s3, when the sensitive files are determined to exist, carrying out clustering analysis on the sensitive files to form a sensitive file set; acquiring the sensitivity of each sensitive file in the sensitive file set according to the sensitive file database, calculating the sensitivity polymerization degree of the sensitive file set, and judging whether the sensitivity polymerization degree is greater than a preset sensitivity polymerization degree threshold value;
and S4, when the sensitive polymerization degree is determined to be larger than the preset sensitive polymerization degree threshold value, establishing a life cycle of the sensitive file set, analyzing the circulation path of the sensitive file set, and when the circulation path of the sensitive file set is determined to deviate from the preset circulation path, sending an alarm prompt.
The working principle of the technical scheme is as follows: a sensitive file database is established in advance, and sensitivity is set for sensitive files stored in the sensitive file database; the sensitivity is set according to the importance degree of the sensitive file, for example, the higher the importance degree of the sensitive file is, the higher the sensitivity is; acquiring and analyzing network flow data in a preset time period, screening out a file set of a target type, wherein the target type can be a text type, namely, the data of the text type is reserved, brushing out the file set of the text type, and identifying whether a sensitive file exists in the file set according to the sensitive file database; when the sensitive files are determined to exist, performing clustering analysis on the sensitive files to form a sensitive file set; in an example, two sensitive files are detected to exist in a text set, and the two sensitive files are subjected to clustering analysis to form a sensitive file set. Acquiring the sensitivity of each sensitive file in the sensitive file set according to the sensitive file database, calculating the sensitivity polymerization degree of the sensitive file set, and judging whether the sensitivity polymerization degree is greater than a preset sensitivity polymerization degree threshold value; the sensitivity polymerization degree is calculated according to the sensitivity of the sensitive files in the sensitive file set and represents the total sensitivity of the sensitive file set. When the sensitive polymerization degree is determined to be larger than a preset sensitive polymerization degree threshold value, the important degree of a sensitive file set transmitted in a preset time period is high, monitoring management needs to be carried out, at the moment, a life cycle of the sensitive file set is established, namely the sensitive file set is monitored in the whole transmission process to the application, the circulation path of the sensitive file set is analyzed, namely the circulation nodes through which the sensitive file set passes are analyzed, when the circulation path of the sensitive file set is determined to deviate from the preset circulation path or the circulation area of the sensitive file set deviates from a circulatable area, the occurrence of the possible leakage condition of the sensitive file is indicated, an alarm prompt is sent, the occurrence of the leakage event of the sensitive file is prevented in time, and the loss is reduced.
The beneficial effects of the above technical scheme are that: the method has the advantages that each sensitive file is prevented from being monitored, a monitoring mechanism for the sensitive file set is established by clustering and analyzing the sensitive files, the sensitive file set with the sensitive polymerization degree larger than the preset sensitive polymerization degree threshold value is effectively monitored, system resources can be effectively saved, the supervision quantity of the sensitive files is reduced, the supervision complexity is reduced, and the supervision efficiency is improved. When the sensitive file is leaked, data tracking can be carried out, the leakage position can be accurately searched, the searching time is shortened, the searching speed is improved, meanwhile, the safety level of the leakage position can be timely improved, and the leakage risk of the sensitive file is reduced.
According to some embodiments of the present invention, when the sensitive file set is circulated, a working key is obtained according to the sensitive file set;
compressing and encrypting the sensitive file set by using the working key, and obtaining a first encrypted file;
acquiring a public key of a target streaming node, encrypting the working key needle by using the public key, and acquiring an encryption key ciphertext;
and transmitting the first encrypted file and the encrypted key ciphertext to a target circulation node through a network, decrypting the encrypted key ciphertext by the target circulation node based on an internal private key of the target circulation node to obtain a working key, and performing a decryption step on the first encrypted file by using the working key to obtain a decrypted sensitive file set.
The working principle and the beneficial effects of the technical scheme are as follows: when the sensitive file set is circulated, acquiring a working secret key according to the sensitive file set; compressing and encrypting the sensitive file set by using the working key, and obtaining a first encrypted file; acquiring a public key of a target streaming node, encrypting the working key needle by using the public key, and acquiring an encryption key ciphertext; and transmitting the first encrypted file and the encrypted key ciphertext to a target circulation node through a network, decrypting the encrypted key ciphertext by the target circulation node based on an internal private key of the target circulation node to obtain a working key, and performing a decryption step on the first encrypted file by using the working key to obtain a decrypted sensitive file set. Utilize big data technology to compress the encryption to sensitive file set, can reuse cluster hardware resource like this, improve compression encryption efficiency and transmission efficiency greatly, the file after the compression encryption has not only improved network transmission's security, has reduced the file volume greatly after the compression moreover, can improve network transmission rate, through dual encrypted's operation, has further promoted the security of file data, has avoided revealing of file data and the loss that causes. The sensitive file set can be opened only at the target transfer node in the transfer process, and the other transfer nodes can not access the sensitive file set, so that the risk of leakage of the sensitive file set is reduced, and the safety of the sensitive file set is improved.
According to some embodiments of the invention, the obtaining the working key from the set of sensitive files comprises:
randomly generating a Random character string containing letters and data by using a Random function;
and taking the randomly generated character string as a working key.
According to some embodiments of the invention, the obtaining the working key from the set of sensitive files comprises:
and inquiring a preset sensitive polymerization degree-working key corresponding table according to the sensitive polymerization degree of the sensitive file set to obtain a working key.
According to some embodiments of the present invention, the obtaining a public key of a target streaming node, encrypting the working key pointer by using the public key, and obtaining an encryption key ciphertext includes:
acquiring a public key of a target streaming node through USBKey operation;
and encrypting the working key by using an asymmetric algorithm public key encryption algorithm, and acquiring an encryption key ciphertext.
The working principle and the beneficial effects of the technical scheme are as follows: firstly, acquiring a public key of a target user through USBKey operation; finally, encrypting the working key by using an asymmetric algorithm public key encryption algorithm, and acquiring an encryption key ciphertext; the asymmetric algorithm encryption is an asymmetric encryption algorithm based on Diffie-Hellman key exchange, and adopts public key encryption, private key decryption and unidirectional encryption and decryption operations, so that directed authorized access to a designated person or node is realized, and any other person cannot decrypt files.
According to some embodiments of the invention, identifying whether a sensitive file exists in the set of files according to the sensitive file database comprises:
respectively extracting the characteristics of the files in the file set, and extracting characteristic keywords;
standardizing the feature keywords to obtain standardized feature keywords, and judging whether the standardized feature keywords exist in the sensitive file database;
counting the number of the standardized feature keywords in the sensitive file database, and when the number is determined to be larger than the preset number, indicating that the sensitive files exist in the file set.
The working principle of the technical scheme is as follows: respectively extracting the characteristics of the files in the file set, and extracting characteristic keywords; standardizing the characteristic keywords, exemplarily, carrying out term mapping on the characteristic keywords, exemplarily, extracting the characteristic keywords from the file to be the appearance of the automobile, standardizing the format of the characteristic keywords such as the appearance of the automobile, eliminating unnecessary words, carrying out standardization processing to obtain standardized characteristic keywords, and judging whether the standardized characteristic keywords exist in the sensitive file database; counting the number of the standardized feature keywords in the sensitive file database, and when the number is determined to be larger than the preset number, indicating that the sensitive files exist in the file set.
The beneficial effects of the above technical scheme are that: the method can accurately judge whether the sensitive files exist in the file set or not and the number of the sensitive files, meanwhile, the characteristic keywords are subjected to standardization processing, useless words and the like are eliminated, the matching efficiency of the standardized characteristic keywords and the keywords extracted from the sensitive file database is improved, the matching time is reduced, the user experience is improved, when the number is determined to be larger than the preset number, the sensitive files exist in the file set, and the accuracy of judging whether the sensitive files exist in the file set or not is improved.
According to some embodiments of the present invention, when it is determined that there is a sensitive file, performing cluster analysis on the sensitive file to form a sensitive file set, includes:
determining attribute relations among the sensitive files, and determining correlation coefficients among the sensitive files according to the attribute relations;
and sequencing the correlation coefficients among the sensitive files, determining the correlation degree among the sensitive files according to the sizes of the correlation coefficients, and establishing a topological connection relation among the sensitive files to form a sensitive file set.
The working principle of the technical scheme is as follows: determining attribute relations among the sensitive files, and determining correlation coefficients among the sensitive files according to the attribute relations; and sequencing the correlation coefficients among the sensitive files, determining the correlation degree among the sensitive files according to the sizes of the correlation coefficients, and establishing a topological connection relation among the sensitive files to form a sensitive file set.
The beneficial effects of the above technical scheme are that: the cluster analysis efficiency and effect are improved, the sensitive file set is established, and the sensitive polymerization degree of the sensitive file set is conveniently and accurately calculated.
According to some embodiments of the invention, further comprising:
monitoring a sensitive file database, recording access information of the sensitive file database, and generating a sensitive file access table;
setting the maximum access times to the sensitive files in a preset time period according to the sensitivity of the sensitive files in the sensitive file database;
and inquiring a sensitive file access table to obtain the access times of the target sensitive file in a preset time period, and sending an alarm prompt when the access times are determined to be larger than the maximum access times.
The working principle of the technical scheme is as follows: monitoring a sensitive file database, recording access information of the sensitive file database, and generating a sensitive file access table; setting the maximum access times to the sensitive files in a preset time period according to the sensitivity of the sensitive files in the sensitive file database; and inquiring a sensitive file access table to obtain the access times of the target sensitive file in a preset time period, and sending an alarm prompt when the access times are determined to be larger than the maximum access times.
The beneficial effects of the above technical scheme are that: the method has the advantages that the target sensitive files in the sensitive file database are effectively monitored, the access times of the target sensitive files are limited, the target sensitive files are prevented from being leaked, and the safety of the target sensitive files is guaranteed from the sensitive file database layer.
According to some embodiments of the invention, a sensitive file set is encrypted before being circulated;
when the sensitive file set is transferred to a target position, the sensitive file set is decrypted, when the decryption fails or the decrypted sensitive file set is inconsistent with the sensitive file set before encryption, a transfer path of the sensitive file set is obtained, and the transfer node is determined according to the transfer path;
sequentially detecting the risk levels of the transfer nodes, sequencing, screening the transfer nodes with the highest risk level, and acquiring the operation logs of the transfer nodes on the sensitive file set;
analyzing the operation log, judging whether abnormal behaviors exist or not, giving an alarm prompt when the abnormal behaviors exist, blocking the flow node, reducing the risk level of the flow node according to the abnormal behaviors during the blocking period, and switching on the flow node when the risk level is determined to be smaller than a preset risk level.
The working principle of the technical scheme is as follows: before the sensitive file set is circulated, encrypting the sensitive file set; when the sensitive file set is streamed to a target position, the sensitive file set is decrypted, the target position can be a final streaming node, when the decryption fails or the decrypted sensitive file set is inconsistent with the sensitive file set before encryption, a tampering event occurs to the sensitive file set in the streaming process, a streaming path of the sensitive file set is obtained, and the streaming node is determined according to the streaming path; sequentially detecting the risk levels of the transfer nodes, sequencing, screening the transfer nodes with the highest risk level, and acquiring the operation logs of the transfer nodes on the sensitive file set; analyzing the operation log, judging whether abnormal behaviors exist or not, giving an alarm prompt when the abnormal behaviors exist, blocking the flow node, reducing the risk level of the flow node according to the abnormal behaviors during the blocking period, and switching on the flow node when the risk level is determined to be smaller than a preset risk level.
The beneficial effects of the above technical scheme are that: the method can avoid the occurrence of events such as stealing and leakage of the sensitive file set in the circulation process, and improve the security of data transmission. When a tampering event occurs in the circulation process of the sensitive file set, the application of the sensitive file set is avoided, and the loss is reduced. Meanwhile, a transfer node of a sensitive file set with a tampering event is searched, the transfer node with the tampering event is blocked, more leakage and tampering events are avoided through the transfer node, and loss is reduced; during the blocking period, the risk level of the circulation node is reduced according to the abnormal behavior, when the risk level is determined to be smaller than the preset risk level, the circulation node is switched on, the safety of the circulation node is guaranteed, and the sensitive file set can only flow through the circulation node under the condition that the circulation node is safe.
In an embodiment, before analyzing the network traffic within the preset time period, the method further includes:
and carrying out virus detection on the network flow, analyzing the virus data when the virus data exists in the network flow, calculating to obtain a virus value of the virus data, determining a virus grade according to the virus value and a preset virus grade table, and sending an alarm grade corresponding to the virus grade.
The working principle and the beneficial effects of the technical scheme are as follows: before analyzing the network flow in the preset time period, the method further comprises the following steps: performing virus detection on the network flow, analyzing the virus data when the virus data exists in the network flow, calculating to obtain a virus value of the virus data, determining a virus grade according to the virus value and a preset virus grade table, and sending an alarm grade corresponding to the virus grade; the method and the device can detect whether the virus data exist before analyzing the network flow data in the preset time period, if the virus data are found, the corresponding alarm level is sent according to the virus level, the higher the virus level is, the higher the sent alarm level is, so that a user can timely and accurately obtain the virus level, corresponding measures are taken to eliminate the virus data, leakage of sensitive files caused by the existence of the virus data in the analyzing process is avoided, and the safety of the sensitive files is ensured.
In one embodiment, when the network traffic is subjected to virus detection, calculating the effective rate of virus detection, and when the effective rate is determined to be smaller than a preset effective rate, sending out unqualified detection information and re-detecting the network traffic;
the calculating the effective rate of virus detection comprises the following steps:
calculating a detection difficulty coefficient S of virus data:
Figure BDA0002895202320000141
wherein M is the number of detected virus data; b is a detection scale coefficient;
Figure BDA0002895202320000142
the average length of the detected virus data; a. theiThe length of the detected ith virus data; d is the average distance between the detected adjacent virus data; l is the length of the network flow processed by the wavelet analysis method; n is the number of virus data detected in the network flow processed by the wavelet analysis method;
calculating the effective rate K of virus detection according to the detection difficulty coefficient of virus data:
Figure BDA0002895202320000143
wherein, λ is the average duration of all virus data in the detected network flow; lambda [ alpha ]iThe time length of the detection of the ith virus data; t isiIs a noise value at the time of detecting the ith virus data.
The working principle and the beneficial effects of the technical scheme are as follows: when the network flow is subjected to virus detection, calculating the effective rate of the virus detection, and when the effective rate is determined to be smaller than the preset effective rate, sending out unqualified detection information and re-detecting the network flow; the accuracy of detecting the virus data in the network flow is ensured, so that the virus data can be eliminated accurately, and the safety of data transmission is ensured. The larger the detection scale coefficient is, the lower the accuracy of the clustering center of the acquired virus data is, and the more the screened virus data is. The network flow processed by the wavelet analysis method can effectively improve the accuracy of virus detection and reduce the difficulty of virus data detection to a certain extent. The detection difficulty coefficient of the virus data can represent the difficulty of virus data detection; the method has the advantages that noise exists in the process of detecting the virus data, the effective rate of virus detection, namely the credibility of the detected virus data is accurately calculated according to the noise, the detection difficulty coefficient of the virus data and the like, and correct elimination measures are selected according to the detected virus data to accurately eliminate the virus data.
As shown in fig. 2, a second embodiment of the present invention provides a sensitive file management system, including:
the preset module is used for establishing a sensitive file database in advance and setting sensitivity to sensitive files stored in the sensitive file database;
the first judgment module is used for acquiring and analyzing network flow data in a preset time period, screening out a target type file set, and identifying whether a sensitive file exists in the file set according to the sensitive file database;
the second judgment module is used for carrying out clustering analysis on the sensitive files to form a sensitive file set when the sensitive files are determined to exist; acquiring the sensitivity of each sensitive file in the sensitive file set according to the sensitive file database, calculating the sensitivity polymerization degree of the sensitive file set, and judging whether the sensitivity polymerization degree is greater than a preset sensitivity polymerization degree threshold value;
and the alarm module is used for establishing a life cycle of the sensitive file set when the sensitive polymerization degree is determined to be greater than a preset sensitive polymerization degree threshold value, analyzing the circulation path of the sensitive file set, and sending an alarm prompt when the circulation path of the sensitive file set is determined to deviate from the preset circulation path.
The working principle of the technical scheme is as follows: the method comprises the steps that a preset module establishes a sensitive file database in advance and sets sensitivity for sensitive files stored in the sensitive file database; the sensitivity is set according to the importance degree of the sensitive file, for example, the higher the importance degree of the sensitive file is, the higher the sensitivity is; the method comprises the steps that a first judging module obtains and analyzes network flow data in a preset time period, a file set of a target type is screened out, the target type can be a text type, namely, data of the text type is reserved, the file set of the text type is selected, and whether a sensitive file exists in the file set or not is identified according to a sensitive file database; the second judgment module performs cluster analysis on the sensitive files to form a sensitive file set when determining that the sensitive files exist; in an example, two sensitive files are detected to exist in a text set, and the two sensitive files are subjected to clustering analysis to form a sensitive file set. Acquiring the sensitivity of each sensitive file in the sensitive file set according to the sensitive file database, calculating the sensitivity polymerization degree of the sensitive file set, and judging whether the sensitivity polymerization degree is greater than a preset sensitivity polymerization degree threshold value; the sensitivity polymerization degree is calculated according to the sensitivity of the sensitive files in the sensitive file set and represents the total sensitivity of the sensitive file set. When the alarm module determines that the sensitive polymerization degree is larger than a preset sensitive polymerization degree threshold value, the importance degree of a sensitive file set transmitted in a preset time period is high, monitoring management needs to be carried out, at the moment, a life cycle of the sensitive file set is established, namely the sensitive file set is monitored in the whole process of transmission to application, the circulation path of the sensitive file set is analyzed, namely the circulation nodes through which the sensitive file set passes are analyzed, when the circulation path of the sensitive file set is determined to deviate from the preset circulation path or the circulation area of the sensitive file set deviates from a circulatable area, the occurrence of a leakage condition of the sensitive file is indicated, an alarm prompt is sent, the occurrence of a leakage event of the sensitive file is prevented in time, and loss is reduced.
The beneficial effects of the above technical scheme are that: the method has the advantages that each sensitive file is prevented from being monitored, a monitoring mechanism for the sensitive file set is established by clustering and analyzing the sensitive files, the sensitive file set with the sensitive polymerization degree larger than the preset sensitive polymerization degree threshold value is effectively monitored, system resources can be effectively saved, the supervision quantity of the sensitive files is reduced, the supervision complexity is reduced, and the supervision efficiency is improved. When the sensitive file is leaked, data tracking can be carried out, the leakage position can be accurately searched, the searching time is shortened, the searching speed is improved, meanwhile, the safety level of the leakage position can be timely improved, and the leakage risk of the sensitive file is reduced.
According to some embodiments of the invention, further comprising:
the encryption and decryption module is used for encrypting the sensitive file set before the sensitive file set is circulated; when the sensitive file set is transferred to a target position, the sensitive file set is decrypted, when the decryption fails or the decrypted sensitive file set is inconsistent with the sensitive file set before encryption, a transfer path of the sensitive file set is obtained, and the transfer node is determined according to the transfer path;
the circulation node detection module is used for sequentially detecting the risk levels of the circulation nodes, sequencing the risk levels, screening out the circulation nodes with the highest risk levels and acquiring the operation logs of the circulation nodes on the sensitive file set; analyzing the operation log, judging whether abnormal behaviors exist or not, giving an alarm prompt when the abnormal behaviors exist, blocking the flow node, reducing the risk level of the flow node according to the abnormal behaviors during the blocking period, and switching on the flow node when the risk level is determined to be smaller than a preset risk level.
The working principle of the technical scheme is as follows: the encryption and decryption module encrypts the sensitive file set before the sensitive file set is circulated; when the sensitive file set is streamed to a target position, the sensitive file set is decrypted, the target position can be a final streaming node, when the decryption fails or the decrypted sensitive file set is inconsistent with the sensitive file set before encryption, a tampering event occurs to the sensitive file set in the streaming process, a streaming path of the sensitive file set is obtained, and the streaming node is determined according to the streaming path; the circulation node detection module sequentially detects the risk levels of the circulation nodes and sorts the risk levels, the circulation nodes with the highest risk levels are screened out, and operation logs of the circulation nodes on the sensitive file set are obtained; analyzing the operation log, judging whether abnormal behaviors exist or not, giving an alarm prompt when the abnormal behaviors exist, blocking the flow node, reducing the risk level of the flow node according to the abnormal behaviors during the blocking period, and switching on the flow node when the risk level is determined to be smaller than a preset risk level.
The beneficial effects of the above technical scheme are that: the method can avoid the occurrence of events such as stealing and leakage of the sensitive file set in the circulation process, and improve the security of data transmission. When a tampering event occurs in the circulation process of the sensitive file set, the application of the sensitive file set is avoided, and the loss is reduced. Meanwhile, a transfer node of a sensitive file set with a tampering event is searched, the transfer node with the tampering event is blocked, more leakage and tampering events are avoided through the transfer node, and loss is reduced; during the blocking period, the risk level of the circulation node is reduced according to the abnormal behavior, when the risk level is determined to be smaller than the preset risk level, the circulation node is switched on, the safety of the circulation node is guaranteed, and the sensitive file set can only flow through the circulation node under the condition that the circulation node is safe.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.

Claims (10)

1. A sensitive file management method, comprising:
a sensitive file database is established in advance, and sensitivity is set for sensitive files stored in the sensitive file database;
acquiring and analyzing network flow data in a preset time period, screening out a target type file set, and identifying whether a sensitive file exists in the file set according to the sensitive file database;
when the sensitive files are determined to exist, performing clustering analysis on the sensitive files to form a sensitive file set; acquiring the sensitivity of each sensitive file in the sensitive file set according to the sensitive file database, calculating the sensitivity polymerization degree of the sensitive file set, and judging whether the sensitivity polymerization degree is greater than a preset sensitivity polymerization degree threshold value;
and when the sensitive polymerization degree is determined to be larger than a preset sensitive polymerization degree threshold value, establishing a sensitive file set life cycle, analyzing the circulation path of the sensitive file set, and sending an alarm prompt when the circulation path of the sensitive file set is determined to deviate from the preset circulation path.
2. The sensitive file management method according to claim 1, wherein when the sensitive file set is circulated, a working key is obtained according to the sensitive file set;
compressing and encrypting the sensitive file set by using the working key, and obtaining a first encrypted file;
acquiring a public key of a target streaming node, encrypting the working key needle by using the public key, and acquiring an encryption key ciphertext;
and transmitting the first encrypted file and the encrypted key ciphertext to a target circulation node through a network, decrypting the encrypted key ciphertext by the target circulation node based on an internal private key of the target circulation node to obtain a working key, and performing a decryption step on the first encrypted file by using the working key to obtain a decrypted sensitive file set.
3. The sensitive file management method of claim 2, wherein the obtaining a working key from the set of sensitive files comprises:
randomly generating a Random character string containing letters and data by using a Random function;
and taking the randomly generated character string as a working key.
4. The sensitive file management method of claim 2, wherein the obtaining a public key of the target streaming node, encrypting the working key pointer by using the public key, and obtaining an encryption key ciphertext comprises:
acquiring a public key of a target streaming node through USBKey operation;
and encrypting the working key by using an asymmetric algorithm public key encryption algorithm, and acquiring an encryption key ciphertext.
5. The sensitive file management method of claim 1, wherein identifying whether a sensitive file exists in the set of files based on the sensitive file database comprises:
respectively extracting the characteristics of the files in the file set, and extracting characteristic keywords;
standardizing the feature keywords to obtain standardized feature keywords, and judging whether the standardized feature keywords exist in the sensitive file database;
counting the number of the standardized feature keywords in the sensitive file database, and when the number is determined to be larger than the preset number, indicating that the sensitive files exist in the file set.
6. The sensitive file management method of claim 1, wherein the performing cluster analysis on the sensitive files to form a sensitive file set when determining that the sensitive files exist comprises:
determining attribute relations among the sensitive files, and determining correlation coefficients among the sensitive files according to the attribute relations;
and sequencing the correlation coefficients among the sensitive files, determining the correlation degree among the sensitive files according to the sizes of the correlation coefficients, and establishing a topological connection relation among the sensitive files to form a sensitive file set.
7. The sensitive file management method according to claim 1, further comprising:
monitoring a sensitive file database, recording access information of the sensitive file database, and generating a sensitive file access table;
setting the maximum access times to the sensitive files in a preset time period according to the sensitivity of the sensitive files in the sensitive file database;
and inquiring a sensitive file access table to obtain the access times of the target sensitive file in a preset time period, and sending an alarm prompt when the access times are determined to be larger than the maximum access times.
8. The sensitive document management method according to claim 1, wherein the sensitive document set is encrypted before being circulated;
when the sensitive file set is transferred to a target position, the sensitive file set is decrypted, when the decryption fails or the decrypted sensitive file set is inconsistent with the sensitive file set before encryption, a transfer path of the sensitive file set is obtained, and the transfer node is determined according to the transfer path;
sequentially detecting the risk levels of the transfer nodes, sequencing, screening the transfer nodes with the highest risk level, and acquiring the operation logs of the transfer nodes on the sensitive file set;
analyzing the operation log, judging whether abnormal behaviors exist or not, giving an alarm prompt when the abnormal behaviors exist, blocking the flow node, reducing the risk level of the flow node according to the abnormal behaviors during the blocking period, and switching on the flow node when the risk level is determined to be smaller than a preset risk level.
9. The sensitive file management method according to claim 1, before parsing the network traffic within the preset time period, further comprising:
and carrying out virus detection on the network flow, analyzing the virus data when the virus data exists in the network flow, calculating to obtain a virus value of the virus data, determining a virus grade according to the virus value and a preset virus grade table, and sending an alarm grade corresponding to the virus grade.
10. The sensitive file management method according to claim 9, wherein, when performing virus detection on the network traffic, an effective rate of virus detection is calculated, and when determining that the effective rate is less than a preset effective rate, detection failure information is sent and the network traffic is re-detected;
the calculating the effective rate of virus detection comprises the following steps:
calculating a detection difficulty coefficient S of virus data:
Figure FDA0002895202310000041
wherein M is the number of detected virus data; b is a detection scale coefficient;
Figure FDA0002895202310000042
the average length of the detected virus data; a. theiThe length of the detected ith virus data; d is the average distance between the detected adjacent virus data; l is the length of the network flow processed by the wavelet analysis method; n is the number of virus data detected in the network flow processed by the wavelet analysis method;
calculating the effective rate K of virus detection according to the detection difficulty coefficient of virus data:
Figure FDA0002895202310000043
wherein, λ is the average duration of all virus data in the detected network flow; lambda [ alpha ]iThe time length of the detection of the ith virus data; t isiIs a noise value at the time of detecting the ith virus data.
CN202110039654.5A 2021-01-13 2021-01-13 Sensitive file management method Active CN112733188B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110039654.5A CN112733188B (en) 2021-01-13 2021-01-13 Sensitive file management method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110039654.5A CN112733188B (en) 2021-01-13 2021-01-13 Sensitive file management method

Publications (2)

Publication Number Publication Date
CN112733188A true CN112733188A (en) 2021-04-30
CN112733188B CN112733188B (en) 2023-09-22

Family

ID=75591479

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110039654.5A Active CN112733188B (en) 2021-01-13 2021-01-13 Sensitive file management method

Country Status (1)

Country Link
CN (1) CN112733188B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114781194A (en) * 2022-06-20 2022-07-22 航天晨光股份有限公司 Construction method of database based on metal hose

Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001063528A1 (en) * 2000-02-23 2001-08-30 Ipdn Corporation Methods and devices for storing, distributing, and accessing intellectual property in digital form
US20070294539A1 (en) * 2006-01-27 2007-12-20 Imperva, Inc. Method and system for transparently encrypting sensitive information
US7870614B1 (en) * 2006-01-27 2011-01-11 Aspect Loss Prevention, LLC Sensitive data aliasing
US20150154420A1 (en) * 2013-11-29 2015-06-04 Institute For Information Industry Sensitive data discrimination method and data loss prevention system using the sensitive data discrimination method
CN105740661A (en) * 2014-12-11 2016-07-06 中国移动通信集团公司 Method and device for protecting application program
CN106713067A (en) * 2016-11-30 2017-05-24 广东电网有限责任公司信息中心 Sensitive file circulation monitoring method based on DPI
CN107577939A (en) * 2017-09-12 2018-01-12 中国石油集团川庆钻探工程有限公司 Data leakage prevention method based on keyword technology
CN107733902A (en) * 2017-10-23 2018-02-23 中国移动通信集团广东有限公司 A kind of monitoring method and device of target data diffusion process
CN108133138A (en) * 2017-12-21 2018-06-08 北京明朝万达科技股份有限公司 A kind of sensitive information source tracing method of leakage, device and system
CN108667766A (en) * 2017-03-28 2018-10-16 腾讯科技(深圳)有限公司 File detection method and file detection device
CN109766525A (en) * 2019-01-14 2019-05-17 湖南大学 A data-driven sensitive information leak detection framework
WO2019196224A1 (en) * 2018-04-09 2019-10-17 平安科技(深圳)有限公司 Regulation information processing method and apparatus, computer device and storage medium
CN110377479A (en) * 2019-05-24 2019-10-25 平安普惠企业管理有限公司 Sensitive field monitoring method, device and the computer equipment of journal file
CN111967024A (en) * 2020-07-10 2020-11-20 苏州浪潮智能科技有限公司 File sensitive data protection method and device
CN112115493A (en) * 2020-09-16 2020-12-22 安徽长泰信息安全服务有限公司 Data leakage protection system based on data acquisition

Patent Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001063528A1 (en) * 2000-02-23 2001-08-30 Ipdn Corporation Methods and devices for storing, distributing, and accessing intellectual property in digital form
US20070294539A1 (en) * 2006-01-27 2007-12-20 Imperva, Inc. Method and system for transparently encrypting sensitive information
US7870614B1 (en) * 2006-01-27 2011-01-11 Aspect Loss Prevention, LLC Sensitive data aliasing
US20150154420A1 (en) * 2013-11-29 2015-06-04 Institute For Information Industry Sensitive data discrimination method and data loss prevention system using the sensitive data discrimination method
CN105740661A (en) * 2014-12-11 2016-07-06 中国移动通信集团公司 Method and device for protecting application program
CN106713067A (en) * 2016-11-30 2017-05-24 广东电网有限责任公司信息中心 Sensitive file circulation monitoring method based on DPI
CN108667766A (en) * 2017-03-28 2018-10-16 腾讯科技(深圳)有限公司 File detection method and file detection device
CN107577939A (en) * 2017-09-12 2018-01-12 中国石油集团川庆钻探工程有限公司 Data leakage prevention method based on keyword technology
CN107733902A (en) * 2017-10-23 2018-02-23 中国移动通信集团广东有限公司 A kind of monitoring method and device of target data diffusion process
CN108133138A (en) * 2017-12-21 2018-06-08 北京明朝万达科技股份有限公司 A kind of sensitive information source tracing method of leakage, device and system
WO2019196224A1 (en) * 2018-04-09 2019-10-17 平安科技(深圳)有限公司 Regulation information processing method and apparatus, computer device and storage medium
CN109766525A (en) * 2019-01-14 2019-05-17 湖南大学 A data-driven sensitive information leak detection framework
CN110377479A (en) * 2019-05-24 2019-10-25 平安普惠企业管理有限公司 Sensitive field monitoring method, device and the computer equipment of journal file
CN111967024A (en) * 2020-07-10 2020-11-20 苏州浪潮智能科技有限公司 File sensitive data protection method and device
CN112115493A (en) * 2020-09-16 2020-12-22 安徽长泰信息安全服务有限公司 Data leakage protection system based on data acquisition

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
严敏;何庆;: "基于大数据平台敏感数据流转全生命周期监控的研究与应用", 信息安全研究, no. 02, pages 51 - 55 *
李自清;: "基于网络的数据库敏感数据加密模型研究", 计算机测量与控制, no. 05, pages 184 - 187 *
许暖;: "基于敏感数据流向分析的数据管控体系的研究", 网络安全技术与应用, no. 03, pages 67 - 68 *
陈颖: "基于数据驱动的敏感信息泄露检测系统", 《基于数据驱动的敏感信息泄露检测系统 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114781194A (en) * 2022-06-20 2022-07-22 航天晨光股份有限公司 Construction method of database based on metal hose

Also Published As

Publication number Publication date
CN112733188B (en) 2023-09-22

Similar Documents

Publication Publication Date Title
Yang et al. SDAP: A secure hop-by-hop data aggregation protocol for sensor networks
CN112637166A (en) Data transmission method, device, terminal and storage medium
Anand et al. Quantifying eavesdropping vulnerability in sensor networks
CN117113199A (en) File security management system and method based on artificial intelligence
CN115942262B (en) Short message service system with data security mechanism and method thereof
CN116132989A (en) Industrial Internet security situation awareness system and method
CN116418587B (en) Data cross-domain switching behavior audit trail method and data cross-domain switching system
CN116015894B (en) Information security management method and system
CN116881948A (en) Data encryption management system and method based on general database
CN112733188B (en) Sensitive file management method
CN116821928A (en) Method and system for improving internal data security of power edge computing chip
Sun et al. CCID-CAN: Cross-chain intrusion detection on CAN bus for autonomous vehicles
CN112533170A (en) Malicious node identification method based on time credit sequence
CN118349979B (en) User information safety processing control system applied to intelligent medical treatment
CN118381672B (en) Data security dynamic protection method and system based on artificial intelligence
CN110247911A (en) A kind of Traffic anomaly detection method and system
CN118944982A (en) A data security transmission method based on encryption algorithm
CN113839925A (en) IPv6 network intrusion detection method and system based on data mining technology
Agrawal et al. A SURVEY ON ATTACKS AND APPROACHES OF INTRUSION DETECTION SYSTEMS.
CN118138312A (en) A smart payment port encryption method and system
CN117527409A (en) Data encryption method, personal gateway equipment and data encryption system
CN111371727A (en) Detection method for NTP protocol covert communication
CN116074051A (en) Equipment fingerprint generation method and equipment
CN116028953A (en) Data encryption method based on privacy calculation
CN116089398A (en) Database security audit method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant