CN103984902A - New data asset identifying method and system - Google Patents
New data asset identifying method and system Download PDFInfo
- Publication number
- CN103984902A CN103984902A CN201410225656.3A CN201410225656A CN103984902A CN 103984902 A CN103984902 A CN 103984902A CN 201410225656 A CN201410225656 A CN 201410225656A CN 103984902 A CN103984902 A CN 103984902A
- Authority
- CN
- China
- Prior art keywords
- event
- leaks
- data assets
- metadata
- artificial
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/907—Retrieval characterised by using metadata, e.g. metadata not derived from the content or metadata generated manually
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Databases & Information Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Library & Information Science (AREA)
- Data Mining & Analysis (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a new data asset identifying method and system. The new data asset identifying method includes that matching a leaking incident with a manually determined incident in a leaking incident library, if the leaking incident is successfully matched with the manually determined incident in the leaking incident library, extracting meta-data of the leaking incident, and adding the meta-data to a data asset library. According to the new data asset identifying method and system, after determining that the leaking incident is the manually determined leaking incident, the meta-data of the leaking incident is directly extracted and added to the data asset library. The identifying method is capable of duly and effectively updating the data asset library so that the new data asset can be reported more duly and completely, and the possible leaking incident can be confirmed more effectively.
Description
Technical field
The present invention relates to field of information security technology, relate in particular to a kind of recognition methods and system of newly-increased data assets.
Background technology
It is by certain technology and ladder of management that data are revealed protection (Data Leakage Prevention, DLP), prevents that specific data or information assets are stored, use and transmit with the form of breach of security strategy.Data leakage guard technology can be identified, monitors and protect in use, the static sensitive data of transmission neutralization.Data leakage Protection Product form comprises network data leakage protection, terminal data leakage protection, stores data leakage protection and data leakage protection management and control platform, and wherein data leakage is protected management and control platform and realized the collection to the possible event that leaks.
Data are revealed guard system and are adopted content-based sensitive data discovery technique, according to predefined strategy, data are detected, once find to violate the possible event that leaks of strategy, these data are revealed guard system and are taked corresponding technological means according to predefined safeguard procedures, thereby reach, prevent leaking of sensitive data.This content-based sensitive data discovery technique can detect the possible event that leaks, and whether the above-mentioned possible event that leaks is that the real event that leaks also needs to carry out artificial judgment.The real event of leaking can be divided into has a mind to the event that leaks that the event that leaks of leaking and being not intended to leaks, and content based on data assets strategy and the event recognition method that leaks based on metadata can be confirmed the event of leaking that is not intended to leak in violation of rules and regulations.Above-mentioned recognition methods need to be set up data assets storehouse, and in prior art, be generally by the mode of typing under line, to data assets storehouse, to add newly-increased data assets through data combing, add in this way newly-increased data assets and can cause reporting of newly-increased data assets imperfect, not in time, thereby cause effectively to the possible event of leaking, confirming.
Summary of the invention
For addressing the above problem, the invention provides a kind of recognition methods and system of newly-increased data assets, for solving prior art, to data assets storehouse, add newly-increased data assets and can cause reporting of newly-increased data assets imperfect, not in time, thereby cause the problem that can not effectively confirm the possible event of leaking.
For this reason, the invention provides a kind of recognition methods of newly-increased data assets, comprise: the event of leaking is mated with the artificial definite event leaking in event base, if described in the event that leaks determine event matches success with artificial in event base of leaking, the metadata of the event that leaks described in extraction, adds described metadata to data assets storehouse.
Preferably, also comprise: if described in the event that leaks determine that with artificial in event base of leaking event matches is unsuccessful, the metadata of the event that leaks described in extraction, described metadata is mated with the data in described data assets storehouse, if the Data Matching in described metadata and described data assets storehouse is unsuccessful, add described metadata to described data assets storehouse.
Preferably, the event that leaks if described is unsuccessful with the artificial definite event matches leaking in event base, also comprise before the step of the metadata of the event that leaks described in extraction: if described in the event that leaks determine that with artificial in event base of leaking event matches is unsuccessful, the strategy of the described event that leaks is mated with the fingerprint strategy in fingerprint policy library, if described in leak strategy and the fingerprint strategy matching in fingerprint policy library of event unsuccessful, carry out the step of the metadata of the event that leaks described in described extraction.
Preferably, also comprise: according to artificial, determine that event forms the event base that leaks.
Preferably, also comprise: according to determining that from artificial the fingerprint strategy extracting event forms fingerprint policy library.
The present invention also provides a kind of recognition system of newly-increased data assets, comprise: the first matching unit, for the event of leaking is mated with artificial definite event of the event base that leaks, the first extraction unit, for when described in leak described in extraction while the determining event matches success metadata of event of event and the event base that leaks artificial that leaks, the first adding device, for adding described metadata to data assets storehouse.
Preferably, also comprise: the second extraction unit, for when described in leak described in extraction while determining that event matches the is unsuccessful metadata of event of event and the event base that leaks artificial that leaks, the second matching unit, for described metadata is mated with the data in described data assets storehouse, the second adding device, adds described metadata to described data assets storehouse when unsuccessful for the Data Matching when described metadata and described data assets storehouse.
Preferably, also comprise: the 3rd matching unit, for when described in leak when event and the event base that leaks artificial determines that event matches is unsuccessful the strategy of the described event that leaks mated with the fingerprint strategy in fingerprint policy library.
Preferably, also comprise: the event elements that leaks storehouse, for determining that according to artificial event forms the event base that leaks.
Preferably, also comprise: fingerprint policy unit storehouse, for forming fingerprint policy library according to the fingerprint strategy extracting from artificial definite event.
The present invention has following beneficial effect:
In the recognition methods and system of newly-increased data assets provided by the invention, confirm that the event of leaking is artificial leaking after event of determining, the metadata of the event that leaks described in directly extracting is added data assets storehouse to.Above-mentioned recognition methods can be upgraded data assets storehouse in time, effectively, makes reporting of newly-increased data assets more timely, complete, thereby the more possible event of leaking is confirmed.
Accompanying drawing explanation
The process flow diagram of the recognition methods of a kind of newly-increased data assets that Fig. 1 provides for the embodiment of the present invention one;
The structural representation of the recognition system of a kind of newly-increased data assets that Fig. 2 provides for the embodiment of the present invention two.
Embodiment
For making those skilled in the art understand better technical scheme of the present invention, below in conjunction with accompanying drawing, the recognition methods of newly-increased data assets provided by the invention and system are described in detail.
The process flow diagram of the recognition methods of a kind of newly-increased data assets that Fig. 1 provides for the embodiment of the present invention one.As shown in Figure 1, the recognition methods of described newly-increased data assets comprises:
Step 101, the event of leaking and artificial in event base of leaking are determined to event mates, if described in the event that leaks perform step 102 while determining event matches success with artificial in event base of leaking, if described in the event that leaks determine that with artificial in event base of leaking event matches performs step 104 when unsuccessful.
Optionally, before step 101, according to artificial, determine that event forms the event base that leaks.In the present embodiment, the event of leaking of in the past manually determining is sorted out, thereby described in forming, leaked event base.The event that leaks described in inciting somebody to action is mated with artificial definite event in the event base that leaks, if described in the event that leaks manually in event base determine event matches success with leaking, the event that leaks described in can directly determining is the artificial event that leaks of determining, thereby described in determining, the event of leaking must be newly-increased data assets, described in can more in time, effectively determining by this method, whether the event that leaks is newly-increased data assets, makes reporting of newly-increased data assets timely, complete.
The metadata of the event that leaks described in step 102, extraction.
Step 103, add described metadata to data assets storehouse.
In the present embodiment, described in the event that leaks determine that with artificial in event base of leaking event matches success leaks event for increasing data assets newly described in just can determining.After the event that leaks described in having determined is for newly-increased data assets, the metadata of the event that leaks described in extraction, add described metadata to data assets storehouse again, thereby in time, effectively upgrade data assets storehouse, make reporting of newly-increased data assets more timely, complete.
Step 104, the strategy of the described event that leaks is mated with the fingerprint strategy in fingerprint policy library, if described in the leak strategy of event and the fingerprint strategy matching in fingerprint policy library perform step 105 when unsuccessful, if described in while leaking the strategy of event and the success of the fingerprint strategy matching in fingerprint policy library flow process finish.
Optionally, before step 104, according to the fingerprint strategy extracting, form fingerprint policy library from artificial definite event.In the present embodiment, data fingerprint is the unique digital fragment generating according to target data, thereby data fingerprint has the unique characteristic of the original target data content of confirmation, that is to say, unique target data has unique data fingerprint, once target data changes, the data fingerprint of target data must change, therefore, utilize data fingerprint to there is very high accuracy as the newly-increased data assets of strategy identification, the strategy of the described event that leaks is mated with the fingerprint strategy in fingerprint policy library, once the event that leaks described in the match is successful is inevitable, it not newly-increased data assets, thereby more timely, effectively find newly-increased data assets, to such an extent as in time, effectively upgrade data assets storehouse.
The metadata of the event that leaks described in step 105, extraction.
Step 106, described metadata is mated with the data in described data assets storehouse, if perform step 103 when the Data Matching in described metadata and described data assets storehouse is unsuccessful, if flow process finishes when the Data Matching in described metadata and described data assets storehouse is successful.
Preferably, described data assets storehouse comprises the artificial metadata of determining event.In the present embodiment, metadata (Meta Data) is the data of relevant other data, refers to the relevant data source definition producing in generated data process, object definition, the critical data that transformation rule etc. are relevant.Metadata comprises the information of relevant document author, document summary and multiple other types information.When user's spanned file or interpolation additional data, system can generate associated metadata automatically.In addition, user also can or generate the metadata of specific file or document by related tool editor.Because metadata has particular community, therefore can utilize metadata to identify the event of leaking.Therefore, utilize the newly-increased data assets of metadata identification to there is very high accuracy, the metadata of the described event that leaks is mated with the data in described data assets storehouse, once the match is successful, the described event that leaks is inevitable is not newly-increased data assets, thereby more in time, effectively find newly-increased data assets, to such an extent as in time, effectively upgrade data assets storehouse.
In the recognition methods of the newly-increased data assets that the present embodiment provides, confirm that the event of leaking is artificial leaking after event of determining, the metadata of the event that leaks described in directly extracting is added data assets storehouse to.Above-mentioned recognition methods can be upgraded data assets storehouse in time, effectively, makes reporting of newly-increased data assets more timely, complete, thereby the more possible event of leaking is confirmed.
The structural representation of the recognition system of a kind of newly-increased data assets that Fig. 2 provides for the embodiment of the present invention two.As shown in Figure 2, the recognition system of described newly-increased data assets comprises: the first matching unit 201, the first extraction unit 202, the first adding device 203 and data assets storehouse 208.Described the first extraction unit 202 is connected with the first adding device 203 with the first matching unit 201 respectively, and described the first adding device 203 is connected with data assets storehouse 208.Described the first matching unit 201 is for mating the event of leaking with artificial definite event of the event base that leaks, described the first extraction unit 202 is for the metadata of the event that leaks described in extraction when described the first matching unit 201 is successful by artificial definite event matches of the event of leaking and the event base that leaks, and described the first adding device 203 is for adding described metadata to data assets storehouse 208.
In the present embodiment, the recognition system of described newly-increased data assets also comprises the event base unit that leaks, described in the event base unit that leaks be connected with the first matching unit 201.The described event base unit that leaks is for determining that according to artificial event forms the event base that leaks.
Optionally, the recognition system of described newly-increased data assets also comprises the second extraction unit 205, the second matching unit 204 and the second adding device 206.Described the second matching unit 204 is connected with the second adding device 206 with the second extraction unit 205 respectively, and described the second adding device 206 is connected with data assets storehouse 208.Described the second extraction unit 205 for when described in the leak metadata of the event that leaks described in extracting when event and the event base that leaks artificial determines that event matches is unsuccessful, described the second matching unit 204 is for described metadata is mated with the data in described data assets storehouse, and described the second adding device 206 for adding described metadata to described data assets storehouse 208 when described the second matching unit 204 is unsuccessful by the Data Matching in metadata and data assets storehouse.
Optionally, the recognition system of described newly-increased data assets also comprises the 3rd matching unit 207, and described the 3rd matching unit 207 is connected with the second extraction unit 205 with the first matching unit 201 respectively.Described the 3rd matching unit 207 for when described in leak when event and the event base that leaks artificial determines that event matches is unsuccessful the strategy of the described event that leaks mated with the fingerprint strategy in fingerprint policy library.
In the present embodiment, the recognition system of described newly-increased data assets also comprises fingerprint policy library unit, and described fingerprint policy library unit is connected with the 3rd matching unit 207.Described fingerprint policy library unit is for forming fingerprint policy library according to the fingerprint strategy extracting from artificial definite event.
In the recognition system of the newly-increased data assets that the present embodiment provides, confirm that the event of leaking is artificial leaking after event of determining, the metadata of the event that leaks described in directly extracting is added data assets storehouse to.Above-mentioned recognition system can be upgraded data assets storehouse in time, effectively, makes reporting of newly-increased data assets more timely, complete, thereby the more possible event of leaking is confirmed.
Be understandable that, above embodiment is only used to principle of the present invention is described and the illustrative embodiments that adopts, yet the present invention is not limited thereto.For those skilled in the art, without departing from the spirit and substance in the present invention, can make various modification and improvement, these modification and improvement are also considered as protection scope of the present invention.
Claims (10)
1. a recognition methods for newly-increased data assets, is characterized in that, comprising:
The event of leaking is mated with the artificial definite event leaking in event base;
If described in the event that leaks determine event matches success with artificial in event base of leaking, the metadata of the event that leaks described in extraction;
Add described metadata to data assets storehouse.
2. the recognition methods of newly-increased data assets according to claim 1, is characterized in that, also comprises:
If described in the event that leaks determine that with artificial in event base of leaking event matches is unsuccessful, the metadata of the event that leaks described in extraction;
Described metadata is mated with the data in described data assets storehouse;
If the Data Matching in described metadata and described data assets storehouse is unsuccessful, add described metadata to described data assets storehouse.
3. the recognition methods of newly-increased data assets according to claim 2, is characterized in that, the event that leaks if described determines that with artificial in event base of leaking event matches is unsuccessful, before the step of the metadata of the event that leaks described in extraction, also comprises:
If described in the event that leaks determine that with artificial in event base of leaking event matches is unsuccessful, the strategy of the described event that leaks is mated with the fingerprint strategy in fingerprint policy library;
If described in leak strategy and the fingerprint strategy matching in fingerprint policy library of event unsuccessful, carry out the step of the metadata of the event that leaks described in described extraction.
4. the recognition methods of newly-increased data assets according to claim 1, is characterized in that, also comprises:
According to artificial, determine that event forms the event base that leaks.
5. the recognition methods of newly-increased data assets according to claim 1, is characterized in that, also comprises:
According to determining that from artificial the fingerprint strategy extracting event forms fingerprint policy library.
6. a recognition system for newly-increased data assets, is characterized in that, comprising:
The first matching unit, for mating the event of leaking with artificial definite event of the event base that leaks;
The first extraction unit, for when described in the leak metadata of the event that leaks described in extracting when event and the event base that leaks artificial determined event matches success;
The first adding device, for adding described metadata to data assets storehouse.
7. the recognition system of newly-increased data assets according to claim 6, is characterized in that, also comprises:
The second extraction unit, for when described in the leak metadata of the event that leaks described in extracting when event and the event base that leaks artificial determines that event matches is unsuccessful;
The second matching unit, for mating described metadata with the data in described data assets storehouse;
The second adding device, adds described metadata to described data assets storehouse when unsuccessful for the Data Matching when described metadata and described data assets storehouse.
8. the recognition system of newly-increased data assets according to claim 6, is characterized in that, also comprises:
The 3rd matching unit, for when described in leak when event and the event base that leaks artificial determines that event matches is unsuccessful the strategy of the described event that leaks mated with the fingerprint strategy in fingerprint policy library.
9. the recognition system of newly-increased data assets according to claim 6, is characterized in that, also comprises:
The event base unit that leaks, for determining that according to artificial event forms the event base that leaks.
10. the recognition system of newly-increased data assets according to claim 6, is characterized in that, also comprises:
Fingerprint policy library unit, for forming fingerprint policy library according to the fingerprint strategy extracting from artificial definite event.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410225656.3A CN103984902B (en) | 2014-05-26 | 2014-05-26 | A kind of recognition methods of newly-increased data assets and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410225656.3A CN103984902B (en) | 2014-05-26 | 2014-05-26 | A kind of recognition methods of newly-increased data assets and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103984902A true CN103984902A (en) | 2014-08-13 |
| CN103984902B CN103984902B (en) | 2017-06-30 |
Family
ID=51276867
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410225656.3A Active CN103984902B (en) | 2014-05-26 | 2014-05-26 | A kind of recognition methods of newly-increased data assets and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103984902B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113326269A (en) * | 2021-06-29 | 2021-08-31 | 深信服科技股份有限公司 | Asset identification method, equipment, device and computer readable storage medium |
| CN113495978A (en) * | 2020-03-18 | 2021-10-12 | 中电长城网际***应用有限公司 | Data retrieval method and device |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101068168A (en) * | 2007-04-23 | 2007-11-07 | 北京启明星辰信息技术有限公司 | Main machine invading detecting method and system |
| AU2011203651A1 (en) * | 2010-01-07 | 2012-07-26 | Rovi Guides, Inc. | Systems and methods for accessing content using an internet content guide |
| CN102546641B (en) * | 2012-01-14 | 2014-12-31 | 杭州安恒信息技术有限公司 | Method and system for carrying out accurate risk detection in application security system |
| CN103336927A (en) * | 2013-06-07 | 2013-10-02 | 杭州世平信息科技有限公司 | Data classification based data leakage prevention method and system |
| CN103365963B (en) * | 2013-06-20 | 2016-06-01 | 广州赛姆科技资讯有限公司 | Database audit system compliance method for quickly detecting |
-
2014
- 2014-05-26 CN CN201410225656.3A patent/CN103984902B/en active Active
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113495978A (en) * | 2020-03-18 | 2021-10-12 | 中电长城网际***应用有限公司 | Data retrieval method and device |
| CN113495978B (en) * | 2020-03-18 | 2024-01-02 | 中电长城网际***应用有限公司 | Data retrieval method and device |
| CN113326269A (en) * | 2021-06-29 | 2021-08-31 | 深信服科技股份有限公司 | Asset identification method, equipment, device and computer readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103984902B (en) | 2017-06-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP2693356B1 (en) | Detecting pirated applications | |
| CN103473501B (en) | A kind of Malware method for tracing based on cloud security | |
| CN104021467A (en) | Method and device for protecting payment security of mobile terminal and mobile terminal | |
| CN109344611B (en) | Application access control method, terminal equipment and medium | |
| CN101826101A (en) | Search engine device and method | |
| CN105653397A (en) | Recovery processing method, apparatus and electronic device | |
| CN104123496B (en) | The hold-up interception method and device of a kind of rogue software, terminal | |
| CN110381166A (en) | A kind of message informing management method, device and computer readable storage medium | |
| CN109889487B (en) | Processing method and device for external equipment access terminal | |
| CN104063669A (en) | Method for monitoring file integrity in real time | |
| CN103559438A (en) | Progress identification method and progress identification system | |
| CN105550573B (en) | The method and apparatus for intercepting bundled software | |
| CN103984902A (en) | New data asset identifying method and system | |
| CN107392033B (en) | Android device penetration test system and automatic penetration test method thereof | |
| CN111222181B (en) | AI model supervision method, system, server and storage medium | |
| CN108038233B (en) | Method and device for collecting articles, electronic equipment and storage medium | |
| CN111159718A (en) | Method and device for bug repair and household appliance | |
| CN103973708A (en) | Determination method and system for data breach event | |
| GB2546567A (en) | Method of associating a person with a digital object | |
| CN105653932A (en) | Software upgrading validation method and device | |
| CN116226865A (en) | Security detection method, device, server, medium and product of cloud native application | |
| KR101990998B1 (en) | System and method for protecting font copyrights | |
| CN105809074B (en) | USB data transmission control method, device, control assembly and system | |
| CN107368712B (en) | The guard method and system of software | |
| CN105590058A (en) | Virtual machine escape detection method and apparatus |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |