CN104008142A - Data protection method and system for social network - Google Patents
Data protection method and system for social network Download PDFInfo
- Publication number
- CN104008142A CN104008142A CN201410194341.7A CN201410194341A CN104008142A CN 104008142 A CN104008142 A CN 104008142A CN 201410194341 A CN201410194341 A CN 201410194341A CN 104008142 A CN104008142 A CN 104008142A
- Authority
- CN
- China
- Prior art keywords
- key element
- user
- operand
- protected
- action type
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a data protection method and system for a social network. The method includes the steps of screening uplink HTTP request messages including user operations from data streams, analyzing the uplink HTTP request messages and obtaining elements corresponding to the user operations, detecting whether elements matched with the elements corresponding to the user operations exist in elements stored currently and corresponding to user operations to be protected, and if the answer is yes, refusing to execute the user operations, wherein the elements include identifications of an operation main body, identifications of operation types and identifications and content of operation objects, the user operations are carried out by the operation main body on the operation objects and are of the type of the operation types. By means of the method and system, precise and effective data protection can be achieved on the social network.
Description
Technical field
The present invention relates to information security field, relate in particular to a kind of data guard method towards social networks and system.
Background technology
Traditional Data Protection Scheme is, in the time detecting that operand that active user operates mates with matched rule, do not carry out current described user's operation, and described matched rule comprises the mark of default each protected object.
But when towards social networks, whether this be the scheme that shielded object carries out data protection based on operand merely, do not consider in social networks diversity mutual between user, the for example diversity of user interactions type, it is user's action type etc., therefore significant discomfort is for social networks, and, while carrying out data protection towards social networks, the rule of setting in such scheme and actual conditions cannot be agreed with, that is to say, user's operation in actual conditions in social networks is usually directed to the element of multiple dimensions, and just merely carry out data protection based on this kind of element of operand in such scheme, its data protection effect is extensive, granularity is excessive, the degree that becomes more meticulous is low, causing the research that social networks is carried out is only the research of the single aspect to social network content, therefore, cannot realize accurate active data protection towards social networks.
Summary of the invention
The invention provides a kind of data guard method towards social networks and system, cannot realize towards social networks the problem of accurate active data protection for solving existing Data Protection Scheme.
First aspect of the present invention is to provide a kind of data guard method towards social networks, comprising:
From data stream, filter out the up HTTP request message that comprises that user operates;
Described up HTTP request message is resolved, obtain described user and operate corresponding key element;
The user each to be protected who detects current storage operates in corresponding key element, whether has the key element that operates corresponding key element coupling with described user, does not if so, carry out described user's operation;
Wherein, described key element comprises the mark of operating main body, the mark of action type, mark and the content of operand, and described user is operating as that described operating main body carries out described operand, the operation that type is described action type.
Another aspect of the present invention is to provide a kind of data protection system towards social networks, comprising:
Acquisition module, for filtering out the up HTTP request message that comprises that user operates from data stream;
Parsing module, for described up HTTP request message is resolved, obtains described user and operates corresponding key element;
Processing module, operates in corresponding key element for detection of the user each to be protected of current storage, whether has the key element that operates corresponding key element coupling with described user, does not if so, carry out described user's operation;
Wherein, described key element comprises the mark of operating main body, the mark of action type, mark and the content of operand, and described user is operating as that described operating main body carries out described operand, the operation that type is described action type.
Data guard method towards social networks provided by the invention and system, by obtaining described user and operate corresponding key element comprising that message that user operates is resolved, described key element comprises the mark of operating main body, the mark of action type, the mark of operand and content, if and detect that current each user to be protected operates existence in corresponding key element and operates with described user the key element that corresponding key element is mated, do not carry out the scheme of described user's operation, based on social networks, user's operation is characterized by above-mentioned key element, and matching result based on these key elements carries out data protection processing, thereby can carry out accurate active data protection towards social networks.
Brief description of the drawings
The schematic flow sheet of a kind of data guard method towards social networks that Fig. 1 provides for the embodiment of the present invention one;
Fig. 2 is the storage organization schematic diagram that in the embodiment of the present invention one, user to be protected operates corresponding key element;
The structural representation of a kind of data protection system towards social networks that Fig. 3 provides for the embodiment of the present invention two;
The structural representation of a kind of data protection system towards social networks that Fig. 4 provides for the embodiment of the present invention three.
Embodiment
For making object, technical scheme and the advantage of the embodiment of the present invention clearer, below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described.
The schematic flow sheet of a kind of data guard method towards social networks that Fig. 1 provides for the embodiment of the present invention one, as shown in Figure 1, described method comprises:
101, from data stream, filter out the up HTTP request message that comprises that user operates.
102, described up HTTP request message is resolved, obtain described user and operate corresponding key element.
Wherein, described key element comprises the mark of operating main body, the mark of action type, mark and the content of operand, and described user is operating as that described operating main body carries out described operand, the operation that type is described action type.In actual applications, described key element can show by the form of four-tuple, for example, (S, A, O, C), wherein, S represents operating main body, i.e. the abbreviation of Subject; A represents action type, i.e. the abbreviation of Action; O represents operand, i.e. the abbreviation of Object; C represents the content of operand, i.e. the abbreviation of Content.
Concrete, described described up HTTP request message is resolved, specifically can comprise: utilize deep-packet detection (Deep packet Inspection is called for short DPI) technology, described up HTTP request message is resolved.Further concrete, can detect item by item the URL of these HTTP request messages, host, referrer, cookie and form data field, and therefrom parse corresponding key element.
103, the user each to be protected who detects current storage operates in corresponding key element, whether has the key element that operates corresponding key element coupling with described user, does not if so, carry out described user's operation.
Be appreciated that; in the present embodiment; in order to carry out data protection towards social networks, described user operates mark and the content that corresponding key element comprises operating main body, action type and operand, thus the matched rule of the data protection of accurate Characterization based on social networks.
Concrete, the user each to be protected who detects current storage described in 103 operates in corresponding key element, whether has the key element that operates corresponding key element coupling with described user, specifically comprises:
Detect in first element storehouse, whether exist described user to operate the mark of the first corresponding operating main body, described first element storehouse comprises that described each user to be protected operates the mark of corresponding operating main body, if, search the second key element storehouse, determine action type corresponding to described the first operating main body, otherwise, judge that described each user to be protected operates in corresponding key element, do not have the key element that operates corresponding key element coupling with described user; Described the second key element storehouse comprises the mark of the action type that the each operating main body in described first element storehouse is corresponding;
Detect in the action type that described the first operating main body is corresponding, whether exist described user to operate the first corresponding action type, if, search three elements storehouse, determine operand corresponding to described the first action type, otherwise, judge that described each user to be protected operates in corresponding key element, there is not the key element that operates corresponding key element coupling with described user; Described three elements storehouse comprises the mark of operand corresponding to the each action type in described the second key element storehouse;
Detect in operand corresponding to described the first action type, whether exist described user to operate the first corresponding operand, if, search the 4th key element storehouse, obtain the content of described the first operand, otherwise, judge that described each user to be protected operates in corresponding key element, there is not the key element that operates corresponding key element coupling with described user; Described the 4th key element storehouse comprises the content of the each operand in described three elements storehouse;
Detect in the content that described user operates the first operand described in corresponding key element; whether exist with described the 4th key element storehouse in the content of content matching of the first operand; if; judge that described each user to be protected operates in corresponding key element; there is the key element that operates corresponding key element coupling with described user; otherwise, judge that described each user to be protected operates in corresponding key element, there is not the key element that operates corresponding key element coupling with described user.
By present embodiment, suppose, when arbitrary layer of key element is when it fails to match, can obtain matching result, just can be for further processing without after waiting for all key elements it fails to match, thereby improve treatment effeciency.
In addition, based on above-mentioned embodiment, in practical operation, resolve and coupling can executed in parallel, for example, can only first parse active user operates corresponding operating main body and mates, that is to say, each key element is resolved on level ground, and each key element level that parsing is obtained mate, can completely mate without all being parsed just of wait, thereby improve treatment effeciency and memory headroom loss.
Concrete, in order to set up in advance above-mentioned each key element storehouse, described method can also comprise:
Obtain user to be protected and operate corresponding key element;
Detect in current described first element storehouse, whether exist described user to be protected to operate the mark of the second corresponding operating main body, if, search the second key element storehouse, determine action type corresponding to described the second operating main body, otherwise, the mark of described the second operating main body is stored in described first element storehouse, and return and carry out in the current described first element of described detection storehouse, whether exist described user to be protected to operate the step of the mark of the second corresponding operating main body;
Detect in the action type that described the second operating main body is corresponding, whether exist described user to be protected to operate the second corresponding action type, if, search three elements storehouse, determine operand corresponding to described the second action type, otherwise, using described the second action type as one of action type corresponding to described the second operating main body, be stored in described the second key element storehouse, and return and carry out in the action type that described the second operating main body of described detection is corresponding, whether exist described user to be protected to operate the step of the second corresponding action type;
Detect in operand corresponding to described the second action type, whether exist described user to be protected to operate corresponding second operand, if, search the 4th key element storehouse, obtain the content of second operand described in described the 4th key element storehouse, otherwise, using described second operand as one of operand corresponding to described the second action type, be stored in described three elements storehouse, and return and carry out in operand corresponding to described the second action type of described detection, whether exist described user to be protected to operate the step of corresponding second operand;
Detect in the first content of second operand described in described the 4th key element storehouse, whether exist described user to be protected to operate the second content of second operand described in corresponding key element, if do not exist, described second content is stored to described first content.
Fig. 2 is the storage organization schematic diagram that in the embodiment of the present invention one, user to be protected operates corresponding key element, as shown in Figure 2, described storage organization is Storage Structure of Tree, concrete, ground floor node is for representing that each user to be protected operates corresponding operating main body S, second layer node is for representing the action type A that each operating main body is corresponding, the 3rd node layer is for representing operand O corresponding to each action type that each operating main body is corresponding, the content C that the 4th node layer is each operand, wherein, line between each layer of element is for representing intuitively the corresponding relation between element, for example, as shown in Figure 2, the action type that operating main body S1 is corresponding comprises A1 and A2, the action type that operating main body S2 is corresponding comprises A3.It should be noted that, Fig. 2 is just in order to express intuitively the given concrete example of technical scheme in the present embodiment, and it does not limit the technical scheme of the present embodiment.
Compared with traditional storage mode, Storage Structure of Tree can to high-rise element to be stored into row space multiplexing, for example, still with Fig. 2 for instance, for (S1, A2, O1, C1), (S1, A2, O1, C2), (S1, A2, O2, C3) and (S1, A2, O2, C4) four key elements, S1 and A2 occur in four key elements, based on traditional storage mode, it needs respectively to store four times, but it only needs storage once respectively in Fig. 2, thereby saves a large amount of storage spaces.
Concrete, in the time having a new key element need to be stored in key element storehouse, can start successively to search from the top node of tree structure, if there is not element to be stored in lower floor's child nodes corresponding to present node, so just element to be stored is created as to new child nodes, then creates child's node corresponding to corresponding element to be stored to its lower floor successively according to this child nodes; If there is element to be added in lower floor's child nodes corresponding to present node, further search lower one deck element to be stored in lower floor's child nodes of this child nodes, by that analogy.
By present embodiment, can operate corresponding key element to user to be protected based on Storage Structure of Tree and store, reduce the storage number of times of identical element, save storage space.
Optionally, in the above-described embodiment, described user to be protected operates corresponding key element can be defined by the user, corresponding, described in obtain user to be protected and operate corresponding key element, specifically can comprise:
Receive user instruction, described user instruction comprises that user to be protected operates corresponding key element.
In actual applications; user can operate corresponding key element to described user to be protected by corresponding web application and be configured; described application can configure dynamically, visually user to be protected and operate corresponding key element; a series of user's operations that this key element can be carried out social network sites for controlling user; described web application can be visual; so that user can be according to pre-configured format requirement; user to be protected is operated to corresponding each key element and be configured, operate corresponding key element thereby generate new user to be protected.In addition, current user to be protected is operated to corresponding key element, user also can be managed for configuration in the visualization interface of described web application, and operation is processed in manually change, deletion etc.
Optional again, in the above-described embodiment, described in obtain user to be protected and operate corresponding key element, specifically can also comprise:
In current data stream, there are the data of its content and the content matching of default data to be protected if detect, obtain mark and the content of described data, and it is operated respectively to mark and the content of corresponding operand as described user to be protected;
Obtain the affiliated user of described data, determine and described user's good friend is operated to corresponding operating main body as described user to be protected;
Default action type is operated to corresponding action type as described user to be protected.
Wherein, the described good friend who determines described user, specifically can utilize web crawlers technology or social networks application programming interface (Application Programming Interface is called for short API) technology to realize.Described default action type can be set according to actual needs, for example, is made as browse operation.
Pass through present embodiment; automatically detect and need shielded object from data stream; and extract corresponding user to be protected and operate corresponding key element, mate thereby can operate corresponding key element to the user who parses, and then realize accurate active data protection.
The data guard method towards social networks that the present embodiment provides, by obtaining described user and operate corresponding key element comprising that message that user operates is resolved, described key element comprises the mark of operating main body, the mark of action type, the mark of operand and content, if and detect that current each user to be protected operates existence in corresponding key element and operates with described user the key element that corresponding key element is mated, do not carry out the scheme of described user's operation, based on social networks, user's operation is characterized by above-mentioned key element, and matching result based on these key elements carries out data protection processing, can carry out accurate active data protection towards social networks.
In addition; in prior art, there is a kind of Data Protection Scheme based on access control model; for example; access control scheme (RBAC) based on role; in this scheme, define access main body, access object and corresponding access authorization information, concrete, determining after current access main body and access object; only, in the situation that corresponding access authorization information allows, described access main body could conduct interviews to access object.But when towards social networks, in this system, simple main body and object cannot embody in social networks diversity mutual between user, its correlative study to regulation engine focuses on the principle of work of regulation engine, there is no detailed definition for matched rule itself, do not consider that strong, readable the writing of social networks interactivity manufacture the features such as content with user yet.
And scheme provided by the invention has exactly overcome these drawbacks.This programme, according to the feature of social networks, is concluded the behavior of user in social networks, and by operating main body, action type, operand and the content thereof of user's operation, these four elements summarize out.Set up the matched rule for carrying out data protection according to these four elements, thus towards social networks realize become more meticulous, fine-grained data protection.
The structural representation of a kind of data protection system towards social networks that Fig. 3 provides for the embodiment of the present invention two, as shown in Figure 3, described system comprises: acquisition module 31, parsing module 32 and processing module 33; Wherein,
Acquisition module 31, for filtering out the up HTTP request message that comprises that user operates from data stream;
Parsing module 32, for described up HTTP request message is resolved, obtains described user and operates corresponding key element;
Processing module 33, operates in corresponding key element for detection of the user each to be protected of current storage, whether has the key element that operates corresponding key element coupling with described user, does not if so, carry out described user's operation;
Wherein, described key element comprises the mark of operating main body, the mark of action type, mark and the content of operand, and described user is operating as that described operating main body carries out described operand, the operation that type is described action type.In actual applications, described key element can be by the form performance of four-tuple.
Concrete, parsing module 32, specifically can, for utilizing DPI technology, resolve described up HTTP request message.
Be appreciated that; in the present embodiment; in order to carry out data protection towards social networks, described user operates mark and the content that corresponding key element comprises operating main body, action type and operand, thus the matched rule of the data protection of accurate Characterization based on social networks.
The data protection system towards social networks that the present embodiment provides, by obtaining described user and operate corresponding key element comprising that message that user operates is resolved, described key element comprises the mark of operating main body, the mark of action type, the mark of operand and content, if and detect that current each user to be protected operates existence in corresponding key element and operates with described user the key element that corresponding key element is mated, do not carry out the scheme of described user's operation, based on social networks, user's operation is characterized by above-mentioned key element, and matching result based on these key elements carries out data protection processing, can carry out accurate active data protection towards social networks.
The structural representation of a kind of data protection system towards social networks that Fig. 4 provides for the embodiment of the present invention three, as shown in Figure 4, according to the data protection system described in embodiment bis-, processing module 33, specifically can comprise: detecting unit 41 and processing unit 42; Wherein,
Whether detecting unit 41, in first element storehouse, exist described user to operate the mark of the first corresponding operating main body; Described first element storehouse comprises that described each user to be protected operates the mark of corresponding operating main body,
Processing unit 42, if detect existence for detecting unit 41, searches the second key element storehouse, determine action type corresponding to described the first operating main body, otherwise, judge that described each user to be protected operates in corresponding key element, there is not the key element that operates corresponding key element coupling with described user; Described the second key element storehouse comprises the mark of the action type that the each operating main body in described first element storehouse is corresponding;
Whether detecting unit 41, also for detection of in action type corresponding to described the first operating main body, exist described user to operate the first corresponding action type;
Processing unit 42, if also detect existence for detecting unit 41, searches three elements storehouse, determine operand corresponding to described the first action type, otherwise, judge that described each user to be protected operates in corresponding key element, there is not the key element that operates corresponding key element coupling with described user; Described three elements storehouse comprises the mark of operand corresponding to the each action type in described the second key element storehouse;
Whether detecting unit 41, also for detection of in operand corresponding to described the first action type, exist described user to operate the first corresponding operand;
Processing unit 42, if also detect existence for detecting unit 41, search the 4th key element storehouse, obtain the content of described the first operand, otherwise, judge that described each user to be protected operates in corresponding key element, do not have the key element that operates corresponding key element coupling with described user, described the 4th key element storehouse comprises the content of the each operand in described three elements storehouse;
Detecting unit 41, also operates in the content of the first operand described in corresponding key element for detection of described user, whether exist with described the 4th key element storehouse in the content of content matching of the first operand;
Processing unit 42, if also detect existence for detecting unit 41, judge that described each user to be protected operates in corresponding key element, there is the key element that operates corresponding key element coupling with described user, otherwise, judge that described each user to be protected operates in corresponding key element, do not have the key element that operates corresponding key element coupling with described user;
, if also detect that for detecting unit 41 described each user to be protected operates corresponding key element, there is the key element that operates corresponding key element coupling with described user in processing unit 42, does not carry out described user's operation.
By present embodiment, suppose, when arbitrary layer of key element is when it fails to match, can obtain matching result, just can be for further processing without after waiting for all key elements it fails to match, thereby improve treatment effeciency.
In addition, based on above-mentioned embodiment, in practical operation, resolve and coupling can executed in parallel, for example, parsing module 32 can first parse active user and operate corresponding operating main body, and 33 of processing modules are carried out the key element coupling for operating main body, that is to say, each key element is resolved on parsing module 32 level ground, mate to each key element level that processing module 33 obtains parsing, can completely mate without all being parsed just of wait, thereby improve treatment effeciency and memory headroom loss.
Concrete, in order to set up in advance above-mentioned each key element storehouse, acquisition module 31, also operates corresponding key element for obtaining user to be protected;
Whether detecting unit 41, also for detection of in current described first element storehouse, exist described user to be protected to operate the mark of the second corresponding operating main body;
Processing unit 42, if also detect existence for detecting unit 41, search the second key element storehouse, determine action type corresponding to described the second operating main body, otherwise, the mark of described the second operating main body is stored in described first element storehouse, and indicates detecting unit 41 to carry out in the current described first element of described detection storehouse, whether exist described user to be protected to operate the step of the mark of the second corresponding operating main body;
Whether detecting unit 41, also for detection of in action type corresponding to described the second operating main body, exist described user to be protected to operate the second corresponding action type;
Processing unit 42, if also detect existence for detecting unit 41, search three elements storehouse, determine operand corresponding to described the second action type, otherwise, using described the second action type as one of action type corresponding to described the second operating main body, be stored in described the second key element storehouse, and indicate detecting unit 41 to carry out in the action type that described the second operating main body of described detection is corresponding, whether exist described user to be protected to operate the step of the second corresponding action type;
Whether detecting unit 41, also, for detection of in operand corresponding to described the second action type, exist described user to be protected to operate corresponding second operand;
Processing unit 42, if also detect existence for detecting unit 41, search the 4th key element storehouse, obtain the content of second operand described in described the 4th key element storehouse, otherwise, using described second operand as one of operand corresponding to described the second action type, be stored in described three elements storehouse, and indicate detecting unit 41 to carry out in operand corresponding to described the second action type of described detection, whether exist described user to be protected to operate the step of corresponding second operand;
Whether detecting unit 41, also, in the first content for detection of second operand described in described the 4th key element storehouse, exist described user to be protected to operate the second content of second operand described in corresponding key element;
Processing unit 42, if also detect and do not exist for detecting unit 41, is stored to described first content by described second content.
By present embodiment, can operate corresponding key element to user to be protected based on Storage Structure of Tree and store, reduce the storage number of times of identical element, save storage space.
Optionally, described user to be protected operates corresponding key element can be defined by the user, corresponding, and acquisition module 31 specifically can comprise:
Receiving element, for receiving user instruction, described user instruction comprises that described user to be protected operates corresponding key element.
Optional again, acquisition module 31 also specifically can comprise:
The first acquiring unit, if for detecting that current data stream exists the data of its content and the content matching of default data to be protected, obtain mark and the content of described data, and it is operated respectively to mark and the content of corresponding operand as described user to be protected;
Second acquisition unit, for obtaining the user under described data, determines and described user's good friend is operated to corresponding operating main body as described user to be protected;
The 3rd acquiring unit, for operating corresponding action type using default action type as described user to be protected.
Wherein, described second acquisition unit specifically can utilize web crawlers technology or social networks application programming interface (Application Programming Interface is called for short API) technology, determines described user's good friend.Described default action type can be set according to actual needs, for example, is made as browse operation.
Pass through present embodiment; automatically detect and need shielded object from data stream; and extract corresponding user to be protected and operate corresponding key element, mate thereby can operate corresponding key element to the user who parses, and then realize accurate active data protection.
The data protection system towards social networks that the present embodiment provides, by obtaining described user and operate corresponding key element comprising that message that user operates is resolved, described key element comprises the mark of operating main body, the mark of action type, the mark of operand and content, if and detect that current each user to be protected operates existence in corresponding key element and operates with described user the key element that corresponding key element is mated, do not carry out the scheme of described user's operation, based on social networks, user's operation is characterized by above-mentioned key element, and matching result based on these key elements carries out data protection processing, can carry out accurate active data protection towards social networks.
Those skilled in the art can be well understood to, and for convenience and simplicity of description, the specific works process of the system of foregoing description, can, with reference to the corresponding process in preceding method embodiment, not repeat them here.
One of ordinary skill in the art will appreciate that: all or part of step that realizes above-mentioned each embodiment of the method can complete by the relevant hardware of programmed instruction.Aforesaid program can be stored in a computer read/write memory medium.This program, in the time carrying out, is carried out the step that comprises above-mentioned each embodiment of the method; And aforesaid storage medium comprises: various media that can be program code stored such as ROM, RAM, magnetic disc or CDs.
Finally it should be noted that: above each embodiment, only in order to technical scheme of the present invention to be described, is not intended to limit; Although the present invention is had been described in detail with reference to aforementioned each embodiment, those of ordinary skill in the art is to be understood that: its technical scheme that still can record aforementioned each embodiment is modified, or some or all of technical characterictic is wherein equal to replacement; And these amendments or replacement do not make the essence of appropriate technical solution depart from the scope of various embodiments of the present invention technical scheme.
Claims (10)
1. towards a data guard method for social networks, it is characterized in that, comprising:
From data stream, filter out the up HTTP request message that comprises that user operates;
Described up HTTP request message is resolved, obtain described user and operate corresponding key element;
The user each to be protected who detects current storage operates in corresponding key element, whether has the key element that operates corresponding key element coupling with described user, does not if so, carry out described user's operation;
Wherein, described key element comprises the mark of operating main body, the mark of action type, mark and the content of operand, and described user is operating as that described operating main body carries out described operand, the operation that type is described action type.
2. method according to claim 1, is characterized in that, the user each to be protected of the current storage of described detection operates in corresponding key element, whether has the key element that operates corresponding key element coupling with described user, specifically comprises:
Detect in first element storehouse, whether exist described user to operate the mark of the first corresponding operating main body, described first element storehouse comprises that described each user to be protected operates the mark of corresponding operating main body, if, search the second key element storehouse, determine action type corresponding to described the first operating main body, otherwise, judge that described each user to be protected operates in corresponding key element, do not have the key element that operates corresponding key element coupling with described user; Described the second key element storehouse comprises the mark of the action type that the each operating main body in described first element storehouse is corresponding;
Detect in the action type that described the first operating main body is corresponding, whether exist described user to operate the first corresponding action type, if, search three elements storehouse, determine operand corresponding to described the first action type, otherwise, judge that described each user to be protected operates in corresponding key element, there is not the key element that operates corresponding key element coupling with described user; Described three elements storehouse comprises the mark of operand corresponding to the each action type in described the second key element storehouse;
Detect in operand corresponding to described the first action type, whether exist described user to operate the first corresponding operand, if, search the 4th key element storehouse, obtain the content of described the first operand, otherwise, judge that described each user to be protected operates in corresponding key element, there is not the key element that operates corresponding key element coupling with described user; Described the 4th key element storehouse comprises the content of the each operand in described three elements storehouse;
Detect in the content that described user operates the first operand described in corresponding key element; whether exist with described the 4th key element storehouse in the content of content matching of the first operand; if; judge that described each user to be protected operates in corresponding key element; there is the key element that operates corresponding key element coupling with described user; otherwise, judge that described each user to be protected operates in corresponding key element, there is not the key element that operates corresponding key element coupling with described user.
3. method according to claim 2, is characterized in that, described method also comprises:
Obtain user to be protected and operate corresponding key element;
Detect in current described first element storehouse, whether exist described user to be protected to operate the mark of the second corresponding operating main body, if, search the second key element storehouse, determine action type corresponding to described the second operating main body, otherwise, the mark of described the second operating main body is stored in described first element storehouse, and return and carry out in the current described first element of described detection storehouse, whether exist described user to be protected to operate the step of the mark of the second corresponding operating main body;
Detect in the action type that described the second operating main body is corresponding, whether exist described user to be protected to operate the second corresponding action type, if, search three elements storehouse, determine operand corresponding to described the second action type, otherwise, using described the second action type as one of action type corresponding to described the second operating main body, be stored in described the second key element storehouse, and return and carry out in the action type that described the second operating main body of described detection is corresponding, whether exist described user to be protected to operate the step of the second corresponding action type;
Detect in operand corresponding to described the second action type, whether exist described user to be protected to operate corresponding second operand, if, search the 4th key element storehouse, obtain the content of second operand described in described the 4th key element storehouse, otherwise, using described second operand as one of operand corresponding to described the second action type, be stored in described three elements storehouse, and return and carry out in operand corresponding to described the second action type of described detection, whether exist described user to be protected to operate the step of corresponding second operand;
Detect in the first content of second operand described in described the 4th key element storehouse, whether exist described user to be protected to operate the second content of second operand described in corresponding key element, if do not exist, described second content is stored to described first content.
4. method according to claim 3, is characterized in that, described in obtain user to be protected and operate corresponding key element, specifically comprise:
In current data stream, there are the data of its content and the content matching of default data to be protected if detect, obtain mark and the content of described data, and it is operated respectively to mark and the content of corresponding operand as described user to be protected;
Obtain the affiliated user of described data, determine and described user's good friend is operated to corresponding operating main body as described user to be protected;
Default action type is operated to corresponding action type as described user to be protected.
5. method according to claim 3, is characterized in that, described in obtain user to be protected and operate corresponding key element, specifically comprise:
Receive user instruction, described user instruction comprises that described user to be protected operates corresponding key element.
6. method according to claim 4, is characterized in that, the described good friend who determines described user, specifically comprises:
Utilize web crawlers technology or social networks application programming interface API technology, determine described user's good friend.
7. according to the method described in any one in claim 1-6, it is characterized in that, described described up HTTP request message resolved, specifically comprise:
Utilize deep-packet detection DPI technology, described up HTTP request message is resolved.
8. towards a data protection system for social networks, it is characterized in that, comprising:
Acquisition module, for filtering out the up HTTP request message that comprises that user operates from data stream;
Parsing module, for described up HTTP request message is resolved, obtains described user and operates corresponding key element;
Processing module, operates in corresponding key element for detection of the user each to be protected of current storage, whether has the key element that operates corresponding key element coupling with described user, does not if so, carry out described user's operation;
Wherein, described key element comprises the mark of operating main body, the mark of action type, mark and the content of operand, and described user is operating as that described operating main body carries out described operand, the operation that type is described action type.
9. system according to claim 8, is characterized in that, described processing module comprises:
Whether detecting unit, in first element storehouse, exist described user to operate the mark of the first corresponding operating main body; Described first element storehouse comprises that described each user to be protected operates the mark of corresponding operating main body,
Processing unit, if detect existence for described detecting unit, searches the second key element storehouse, determine action type corresponding to described the first operating main body, otherwise, judge that described each user to be protected operates in corresponding key element, there is not the key element that operates corresponding key element coupling with described user; Described the second key element storehouse comprises the mark of the action type that the each operating main body in described first element storehouse is corresponding;
Whether described detecting unit, also for detection of in action type corresponding to described the first operating main body, exist described user to operate the first corresponding action type;
Described processing unit, if also detect existence for described detecting unit, search three elements storehouse, determine operand corresponding to described the first action type, otherwise, judge that described each user to be protected operates in corresponding key element, do not have the key element that operates corresponding key element coupling with described user; Described three elements storehouse comprises the mark of operand corresponding to the each action type in described the second key element storehouse;
Whether described detecting unit, also for detection of in operand corresponding to described the first action type, exist described user to operate the first corresponding operand;
Described processing unit, if also detect existence for described detecting unit, search the 4th key element storehouse, obtain the content of described the first operand, otherwise, judge that described each user to be protected operates in corresponding key element, do not have the key element that operates corresponding key element coupling with described user, described the 4th key element storehouse comprises the content of the each operand in described three elements storehouse;
Described detecting unit, also operates in the content of the first operand described in corresponding key element for detection of described user, whether exist with described the 4th key element storehouse in the content of content matching of the first operand;
Described processing unit, if also detect existence for described detecting unit, judge that described each user to be protected operates in corresponding key element, there is the key element that operates corresponding key element coupling with described user, otherwise, judge that described each user to be protected operates in corresponding key element, do not have the key element that operates corresponding key element coupling with described user;
, if also detect that for described detecting unit described each user to be protected operates corresponding key element, there is the key element that operates corresponding key element coupling with described user in described processing unit, does not carry out described user's operation.
10. system according to claim 9, is characterized in that,
Described acquisition module, also operates corresponding key element for obtaining user to be protected;
Whether described detecting unit, also for detection of in current described first element storehouse, exist described user to be protected to operate the mark of the second corresponding operating main body;
Described processing unit, if also detect existence for described detecting unit, search the second key element storehouse, determine action type corresponding to described the second operating main body, otherwise, the mark of described the second operating main body is stored in described first element storehouse, and indicates described detecting unit to carry out in the current described first element of described detection storehouse, whether exist described user to be protected to operate the step of the mark of the second corresponding operating main body;
Whether described detecting unit, also for detection of in action type corresponding to described the second operating main body, exist described user to be protected to operate the second corresponding action type;
Described processing unit, if also detect existence for described detecting unit, search three elements storehouse, determine operand corresponding to described the second action type, otherwise, using described the second action type as one of action type corresponding to described the second operating main body, be stored in described the second key element storehouse, and indicate described detecting unit to carry out in the action type that described the second operating main body of described detection is corresponding, whether exist described user to be protected to operate the step of the second corresponding action type;
Whether described detecting unit, also, for detection of in operand corresponding to described the second action type, exist described user to be protected to operate corresponding second operand;
Described processing unit, if also detect existence for described detecting unit, search the 4th key element storehouse, obtain the content of second operand described in described the 4th key element storehouse, otherwise, using described second operand as one of operand corresponding to described the second action type, be stored in described three elements storehouse, and indicate described detecting unit to carry out in operand corresponding to described the second action type of described detection, whether exist described user to be protected to operate the step of corresponding second operand;
Whether described detecting unit, also, in the first content for detection of second operand described in described the 4th key element storehouse, exist described user to be protected to operate the second content of second operand described in corresponding key element;
Described processing unit, if also detect and do not exist for described detecting unit, is stored to described first content by described second content.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410194341.7A CN104008142B (en) | 2014-05-09 | 2014-05-09 | Towards the data guard method and system of social networks |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410194341.7A CN104008142B (en) | 2014-05-09 | 2014-05-09 | Towards the data guard method and system of social networks |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104008142A true CN104008142A (en) | 2014-08-27 |
| CN104008142B CN104008142B (en) | 2017-06-06 |
Family
ID=51368799
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410194341.7A Active CN104008142B (en) | 2014-05-09 | 2014-05-09 | Towards the data guard method and system of social networks |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104008142B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050262572A1 (en) * | 2004-04-08 | 2005-11-24 | Miki Yoneyama | Information processing apparatus, operation permission/ denial information generating method, operation permission/denial information generating program and computer readable information recording medium |
| CN101493872A (en) * | 2009-02-09 | 2009-07-29 | 汪金保 | Fine grain authority management method based on classification method |
| CN102164321A (en) * | 2011-05-30 | 2011-08-24 | 深圳市同洲电子股份有限公司 | Control method, device and system |
| CN103093140A (en) * | 2011-10-31 | 2013-05-08 | 腾讯科技(深圳)有限公司 | Method and system for managing authority |
-
2014
- 2014-05-09 CN CN201410194341.7A patent/CN104008142B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050262572A1 (en) * | 2004-04-08 | 2005-11-24 | Miki Yoneyama | Information processing apparatus, operation permission/ denial information generating method, operation permission/denial information generating program and computer readable information recording medium |
| CN101493872A (en) * | 2009-02-09 | 2009-07-29 | 汪金保 | Fine grain authority management method based on classification method |
| CN102164321A (en) * | 2011-05-30 | 2011-08-24 | 深圳市同洲电子股份有限公司 | Control method, device and system |
| CN103093140A (en) * | 2011-10-31 | 2013-05-08 | 腾讯科技(深圳)有限公司 | Method and system for managing authority |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104008142B (en) | 2017-06-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Bedford et al. | Simplifying iron-phosphine catalysts for cross-coupling reactions. | |
| Reesink et al. | Measures to prevent transfusion‐related acute lung injury (TRALI) | |
| Huang et al. | Asymmetric total synthesis of leucosceptroid B | |
| CN105022757A (en) | Webpage revision method and webpage revision device | |
| CN101329709B (en) | System and method for safe migration of data | |
| CN103336923A (en) | Print monitoring system and method for universal printer | |
| CN105791269A (en) | Information security gateway based on data white list | |
| CN103218410A (en) | Internet event analysis method and device | |
| CN103905495A (en) | Application synchronization method and backstage server | |
| EP2760161A1 (en) | Policy processing method and device | |
| CN101562603B (en) | Method and system for parsing telnet protocol by echoing | |
| CN104008142A (en) | Data protection method and system for social network | |
| Zseby et al. | Security challenges for wide area monitoring in smart grids | |
| CN103365859A (en) | Method for processing network mouse clicking events | |
| CN103530297A (en) | Method and device capable of automatically carrying out website analysis | |
| Leonardo et al. | Adding randomness to the epc class1 gen2 standard for rfid networks | |
| CN103338190A (en) | Unstructured data security exchange method based on user behavior credibility | |
| Dongen et al. | Process mining: fuzzy clustering and performance visualization | |
| CN106161097A (en) | A kind of method configuring data | |
| CN105721250A (en) | Network protocol identification method and system | |
| EP3188035A1 (en) | Information transmission method, client and server | |
| Sengupta et al. | Formalization of functional requirements in software development process | |
| Min et al. | Factors Influencing Information Systems Outsourcing Success: A Survey in Xi'an, China | |
| Kang et al. | An application of system identification in the two-degree-freedom VIV experiments | |
| Lin et al. | GASA based optimal coverage scheme in wireless sensor networks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |