CN104506545B - Leakage prevention method and device - Google Patents
Leakage prevention method and device Download PDFInfo
- Publication number
- CN104506545B CN104506545B CN201410844357.8A CN201410844357A CN104506545B CN 104506545 B CN104506545 B CN 104506545B CN 201410844357 A CN201410844357 A CN 201410844357A CN 104506545 B CN104506545 B CN 104506545B
- Authority
- CN
- China
- Prior art keywords
- data
- data content
- server
- sensitive data
- control strategy
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 218
- 230000002265 prevention Effects 0.000 title claims abstract description 90
- 230000008569 process Effects 0.000 claims abstract description 153
- 238000011217 control strategy Methods 0.000 claims abstract description 104
- 230000005540 biological transmission Effects 0.000 claims abstract description 34
- 239000013598 vector Substances 0.000 claims description 103
- 238000007639 printing Methods 0.000 claims description 22
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 claims description 10
- 230000035945 sensitivity Effects 0.000 claims description 9
- 238000011112 process operation Methods 0.000 claims description 6
- 238000004886 process control Methods 0.000 claims description 4
- 230000001012 protector Effects 0.000 claims description 4
- 230000006399 behavior Effects 0.000 description 69
- 238000005516 engineering process Methods 0.000 description 5
- 238000012544 monitoring process Methods 0.000 description 5
- 238000004458 analytical method Methods 0.000 description 4
- 238000001514 detection method Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 230000020509 sex determination Effects 0.000 description 4
- 238000013459 approach Methods 0.000 description 3
- 238000004422 calculation algorithm Methods 0.000 description 2
- 239000003795 chemical substances by application Substances 0.000 description 2
- 230000001010 compromised effect Effects 0.000 description 2
- 238000004590 computer program Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 241001269238 Data Species 0.000 description 1
- 235000016936 Dendrocalamus strictus Nutrition 0.000 description 1
- 230000009471 action Effects 0.000 description 1
- 230000002155 anti-virotic effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000007423 decrease Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000018109 developmental process Effects 0.000 description 1
- 238000001035 drying Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
- 238000003058 natural language processing Methods 0.000 description 1
- 238000003012 network analysis Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 238000005192 partition Methods 0.000 description 1
- 230000008439 repair process Effects 0.000 description 1
- 238000012827 research and development Methods 0.000 description 1
- 238000012954 risk control Methods 0.000 description 1
- 230000011218 segmentation Effects 0.000 description 1
- 238000010008 shearing Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012549 training Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention discloses a kind of leakage prevention method and device, wherein, methods described includes:The operation behavior for the process of specifying is obtained, intercepts and captures the network package from the specified process in terminal;The data content of transmission needed for being parsed from the network package;Judge whether include sensitive data in current data content;If the data content includes the sensitive data, control strategy corresponding with the specified process is obtained, the operation behavior of the network package and/or the specified process is controlled according to control strategy corresponding with the specified process.The above method improves the outgoing efficiency of data, reduces the wasting of resources, reduces load, improves Consumer's Experience.
Description
Technical field
The present invention relates to network security technology, and in particular to a kind of leakage prevention method and device.
Background technology
With the rapid development of information technology, cyber-net has turned into routine office work, Communication and cooperation interaction
Indispensable instrument and approach.But information system, while people's operating efficiency is improved, the also storage to information, access is controlled
System and the terminal in information system and the access control of server propose demand for security.At present, information security has become enterprise
Industry safety management and the core content of risk control.Many enterprises information caused by order to prevent employee in outgoing data is let out
Dew, deploys anti-data-leakage (Data Loss Prevent, abbreviation DLP) server, to protect its number in its internal network
According to safety.
In existing DLP implementations, (web proxy) server or Mail Transfer Agent can be acted on behalf of by webpage
The data (web data or mail) of outgoing from client are transferred in DLP servers by server, and DLP servers are adopted
The security of the data in the data flow of outgoing is judged with existing algorithm, sent by the data of safe sex determination to mesh
Address, intercept not by transmission data of the data of safe sex determination or selectivity to destination address.
In the prior art, DLP servers are when carrying out safe sex determination, for all users' in the range of system monitoring
Outgoing data is carried out same determination flow, causes the safe sex determination time delay of outgoing data larger, influences the outgoing of data
Efficiency, influence Consumer's Experience.
Another scheme is that All Files in client is encrypted in the prior art so that the terminal ability having permission
Decryption is opened, and it is mess code otherwise to open, and the program causes the wave of resource for much the file of concerning security matters is not encrypted yet
Take, and aggravated the load of equipment.
The content of the invention
For in the prior art the defects of, the invention provides a kind of leakage prevention method and device, this method energy
The outgoing efficiency of data is enough improved, reduces the wasting of resources, reduces load, improves Consumer's Experience.
In a first aspect, the present invention provides a kind of leakage prevention device, including:
Data content acquiring unit, for obtaining the operation behavior of specified process, intercept and capture in terminal from it is described specify into
The network package of journey, the data content of required transmission is parsed from the network package;
Judging unit, for judging whether include sensitive data in current data content;
Control strategy acquiring unit, for determining that the data content includes the sensitiveness number in the judging unit
According to when, obtain control strategy corresponding with the specified process;
Control unit, for according to control strategy corresponding with the specified process to the network package and/or described
The operation behavior for the process of specifying is controlled.
Alternatively, the data content includes:
The chat message of instant messaging, and/or, picture/document of instant messaging transmission.
Alternatively, described device also includes:
Receiving unit, at least one judgment rule that before judging unit, the reception server is sent;
Correspondingly, the judging unit, specifically for judging current data content according at least one judgment rule
In whether include sensitive data.
Alternatively, the judgment rule is:Regular expression, or pattern-matching rule;
Or the judgment rule is the keyword match rule that the server trains that default sensitive data obtains
Then.
Alternatively, control strategy acquiring unit, it is specifically used for
The control strategy that the specified process is sent to server is asked;
Receive server control strategy according to corresponding to the specified process that control strategy request is sent.
Alternatively, described device also includes:
Transmitting element, recorded for uploading the operation behavior cached in the terminal to server, so that the server
The path of the sensitive data transmission is determined according to operation behavior record.
Alternatively, described device also includes:
Transmitting element, during for not including sensitive data in judging current data content in judging unit, by the number
Server is sent according to content, so that the server determines whether include sensitive data in the data content;
Receiving unit, for when the server determines that the data content includes sensitive data, described in reception
The data content that server is sent includes the information of sensitive data;
Correspondingly, control strategy acquiring unit, it is additionally operable to after the receiving unit receives described information, acquisition and institute
State control strategy corresponding to specified process.
Alternatively, the judging unit, is specifically used for
The data content is sent into server, so that the server determines whether include sensitivity in the data content
Property data, and
Whether receive includes the information of sensitive data in the data content that the server is sent.
Alternatively, described control unit, it is specifically used for
It is printing in the operation behavior of the specified process, and control strategy corresponding to the process is non-print
When, forbid current printing, and the prompting for forbidding the specified process to carry out printing is shown in the client end interface
Information;
Or
Operated in the operation behavior of the specified process to send, and when control strategy is mess code character string sending strategy,
Part/full detail in the data content for needing to transmit corresponding to the specified process is replaced using the field of mark mess code.
Second aspect, the present invention provide a kind of server, including:
Receiving unit, corresponding to the operation behavior of the specified process sent for receiving leakage prevention device in data
Hold;
Judging unit, for determining whether include sensitive data in the data content according to similarity mode rule;
Transmitting element, for when judging unit determines that the data content includes sensitive data, to the data
Leakage protector, which sends the data content, includes the information of sensitive data, so that the leakage prevention device exists
After receiving the information, obtain control strategy corresponding with the specified process, using the control strategy to it is described specify into
The operation behavior of journey and/or the data content are controlled.
Alternatively, the transmitting element, is additionally operable to
Before or after the receiving unit receives the data content, to the leakage prevention device send to
A few judgment rule;
And/or
The receiving unit, before or after the data content is received, receive the leakage prevention device hair
The control strategy request for the specified process sent;
The transmitting element, it is additionally operable to be asked according to the control strategy, sends and refer to the leakage prevention device
Determine control strategy corresponding to process.
Alternatively, the server also includes:
Rule establishes unit, for according to default sensitive data, foundation to judge whether include sensitivity in data content
Property data similarity mode rule.
Alternatively, the judging unit, is specifically used for
Obtain the keyword in the data content, the Feature Words in the sensitive data, the keyword is characterizes
The notional word of the data content Chinese version implication, the Feature Words are the notional word for characterizing the sensitive data Chinese version implication;
The crucial term vector that the keyword corresponds to each data in the data content is established, described in the Feature Words are corresponding
The feature term vector of sensitive data;
Obtain the similarity of each crucial term vector and the feature term vector in the data content;
According to the similarity of all crucial term vectors, each data and the sensitive data in the data content are obtained
Similarity;
When the similarity of partial data and the sensitive data is more than predetermined threshold value in the data content, institute is determined
Stating data content includes sensitive data.
Alternatively, the judging unit, is specifically used for
The crucial term vector that the keyword corresponds to the data content is established using word frequency TF modes, using word frequency TF side
Formula establishes the feature term vector that the Feature Words correspond to the sensitive data;
Obtain the similarity of each crucial term vector and the feature term vector in the data content;
According to the similarity of all crucial term vectors, each data and the sensitive data in the data content are obtained
Similarity;
When the similarity of partial data and the sensitive data is more than predetermined threshold value in the data content, institute is determined
Stating data content includes sensitive data.
The third aspect, the present invention provide a kind of leakage prevention method, including:
The operation behavior for the process of specifying is obtained, intercepts and captures the network package from the specified process in terminal;
The data content of transmission needed for being parsed from the network package;
Judge whether include sensitive data in current data content;
If the data content includes the sensitive data, acquisition is corresponding with the specified process to control plan
Slightly, according to control strategy corresponding with the specified process to the network package and/or the operation behavior of the specified process
It is controlled.
Alternatively, the data content of transmission needed for being parsed from the network package, including:
The chat message of instant messaging, and/or, picture/document of instant messaging transmission.
Alternatively, it is described whether to judge in current data content including before sensitive data, methods described also includes:
At least one judgment rule that the reception server is sent;
Correspondingly, judge whether include sensitive data in current data content, including:
Judge whether include sensitive data in current data content according at least one judgment rule.
Alternatively, the judgment rule is:Regular expression, or pattern-matching rule;
Or the judgment rule is the keyword match rule that the server trains that default sensitive data obtains
Then.
Alternatively, acquisition control strategy corresponding with the specified process, including:
The control strategy that the specified process is sent to server is asked;
Receive server control strategy according to corresponding to the specified process that control strategy request is sent.
Alternatively, methods described also includes:
Upload the operation behavior cached in the terminal to server to record, so that the server is gone according to the operation
The path of the sensitive data transmission is determined for record.
Alternatively, described to judge after whether including sensitive data in current data content, methods described also includes:
If not including sensitive data in the data content, the data content is sent into server, so that institute
State server and determine whether include sensitive data in the data content,
When the server determines that the data content includes sensitive data, the institute that the server is sent is received
Stating data content includes the information of sensitive data, and the step of perform acquisition corresponding with specified process control strategy.
Alternatively, it is described to judge whether include sensitive data in current data content, including:
The data content is sent into server, so that the server determines whether include sensitivity in the data content
Property data, and
Whether receive includes the information of sensitive data in the data content that the server is sent.
Alternatively, it is printing in the operation behavior of the specified process, and control strategy corresponding to the process is taboo
When only printing, behaviour of the basis control strategy corresponding with specified process to the network package and/or the specified process
It is controlled as behavior, including:
Forbid current printing, and shown in the client end interface and forbid the specified process to carry out printing
Prompt message;
Or
Operated in the operation behavior of the specified process to send, and when control strategy is mess code character string sending strategy,
Basis control strategy corresponding with specified process is carried out to the operation behavior of the network package and/or the specified process
Control, including:
Part in the data content for needing to transmit corresponding to the specified process/complete is replaced using the field of mark mess code
Portion's information.
Fourth aspect, the present invention provide a kind of leakage prevention method, including:
Receive data content corresponding to the operation behavior for the specified process that leakage prevention device is sent;
Determine whether include sensitive data in the data content according to similarity mode rule;
If it is determined that the data content includes sensitive data, then to described in leakage prevention device transmission
Data content includes the information of sensitive data, so that the leakage prevention device is after receiving this information, obtains
Control strategy corresponding with the specified process, using operation behavior of the control strategy to the specified process and/or institute
Data content is stated to be controlled.
Alternatively, data content corresponding to the operation behavior for receiving the specified process that leakage prevention device is sent
Before or after, methods described also includes:
At least one judgment rule is sent to the leakage prevention device;
And/or
The control strategy request for the specified process that the leakage prevention device is sent is received, according to the control strategy
Request, control strategy corresponding to the process of specifying is sent to the leakage prevention device.
Alternatively, data content corresponding to the operation behavior for receiving the specified process that leakage prevention device is sent
Before, methods described also includes:
According to default sensitive data, the similarity mode for judging whether to include sensitive data in data content is established
Rule.
Alternatively, determine whether include sensitive data in the data content according to similarity mode rule, including:
Obtain the keyword in the data content, the Feature Words in the sensitive data, the keyword is characterizes
The notional word of the data content Chinese version implication, the Feature Words are the notional word for characterizing the sensitive data Chinese version implication;
The crucial term vector that the keyword corresponds to each data in the data content is established, described in the Feature Words are corresponding
The feature term vector of sensitive data;
Obtain the similarity of each crucial term vector and the feature term vector in the data content;
According to the similarity of all crucial term vectors, each data and the sensitive data in the data content are obtained
Similarity;
If the similarity of partial data and the sensitive data is more than predetermined threshold value in the data content, it is determined that
The data content includes sensitive data.
Alternatively, the crucial term vector established the keyword and correspond to each data in the data content, including:
The crucial term vector that the keyword corresponds to the data content is established using word frequency TF modes;
The feature term vector that the Feature Words correspond to the sensitive data is established, including:
The feature term vector that the Feature Words correspond to the sensitive data is established using word frequency TF modes.
As shown from the above technical solution, a kind of leakage prevention method and device provided by the invention, means of defence energy
Enough operation behaviors for obtaining the process of specifying, intercept and capture the network package from specified process in terminal, and then solved from network package
The data content of transmission needed for separating out, and then determine whether the data content includes sensitive data, include in data content
During sensitive data, network bag/operation behavior is controlled according to control strategy corresponding to specified process.Thus, above-mentioned side
Method can improve the outgoing efficiency of data, reduce the wasting of resources, reduce load, improve Consumer's Experience.
Brief description of the drawings
Fig. 1 is the schematic flow sheet for the leakage prevention method that one embodiment of the invention provides;
Fig. 2 is the schematic flow sheet for the leakage prevention method that another embodiment of the present invention provides;
Fig. 3 is the schematic flow sheet for the leakage prevention method that another embodiment of the present invention provides;
Fig. 4 is the schematic flow sheet for the leakage prevention method that another embodiment of the present invention provides;
Fig. 5 is the schematic flow sheet for the leakage prevention method that another embodiment of the present invention provides;
Fig. 6 A are the schematic diagram for the lexical item inverted index table that one embodiment of the invention provides;
Fig. 6 B are the schematic diagram for the vectorial forward index table that one embodiment of the invention provides;
Fig. 7 is the structural representation for the leakage prevention device that one embodiment of the invention provides;
Fig. 8 is the structural representation for the server that one embodiment of the invention provides.
Embodiment
Below in conjunction with the accompanying drawings, the embodiment of invention is further described.Following examples are only used for more clear
Illustrate to Chu technical scheme, and can not be limited the scope of the invention with this.
At present, the approach of data leak can be classified as three kinds:Divulging a secret in a state of use, divulging a secret in the storage position
Divulging a secret in the transmit state.The methods of general enterprises can be by installing fire wall, antivirus software stop outside invasion,
But in fact 97% information-leakage event comes from enterprises, so three of the above is divulged a secret path analysis, information leakage
Have its source in:Use leakage;Firstth, operational error causes technical data to leak or damage;Secondth, by printing, shearing, multiple
Make, paste, saving as, the operation leak data such as renaming.
Memory leak:Firstth, data center, server, the data of database are by random download, shared leakage;Secondth, from
Duty personnel arbitrarily copy confidential data by USB flash disk, CD/DVD, mobile hard disk;3rd, mobile notebook is stolen, loses or repairs
Cause data leak.
Transport leaks:Firstth, confidential data is transmitted by email, QQ, MSN etc. easily;Secondth, by network monitoring, block
Cut etc. mode distort, forges transmit data.
Thus, the embodiment of the present invention using, storage, the data content in transmitting procedure by being analyzed, it is determined that being
It is no to belong to concerning security matters content such as sensitive data, and then effective protection to confidential data in enterprise is realized, and data can be improved
Outgoing efficiency, reduce the wasting of resources, improve Consumer's Experience.
The partial words referred in the embodiment of the present invention are illustrated below.
Terminal/the client referred in the embodiment of the present invention can refer in enterprise be connected with the management server of enterprise it is multiple
Terminal/client, for example, computer of enterprise staff etc..
The server referred in the embodiment of the present invention can refer to the privately owned server of enterprise, such as privately owned Cloud Server, the service
Device can create various judgment rules, and send judgment rule to terminal, and user in judgment rule monitor terminal is used for realizing
Operation.Privately owned Cloud Server in the present embodiment is located in the fire wall of enterprise.
Sensitive data in the embodiment of the present invention is the core data in enterprise, should belong to confidential data, without power
The employee of limit or terminal such as do not allow to replicate, copy, print at the operation.
The embodiment of the present invention is exactly that sensitive data leakage is protected, and improves the outgoing efficiency of data, reduces simultaneously
Wasting of resources during non-confidential document encryption in the prior art, while the load in each equipment can be reduced, improve Consumer's Experience.
Fig. 1 shows the schematic flow sheet for the leakage prevention method that one embodiment of the invention provides, as shown in figure 1,
The leakage prevention method of the present embodiment is as described below.
101st, the operation behavior for the process of specifying is obtained, the network package from the specified process in terminal is intercepted and captured, from institute
State the data content of transmission needed for being parsed in network package.
For example, the data content of user's specified process of current operation in the terminal can be monitored in real time, for example, a certain
The operation behavior of process includes:Print the operation behavior such as word document, upper transmitting file, USB flash disk copy.
It will be appreciated that the data content in the present embodiment may include:The chat message of instant messaging, instant messaging transmission
Picture/document, the document that is stored in the terminal, and/or, data/information that user inputs temporarily etc..The present embodiment is only
For for example, the unlimited implication for determining data content.In actual applications, the specified process operation row that user operates in the terminal
Data content is belonged to for corresponding data.102nd, judge whether include sensitive data in current data content, if including
Step 103 is performed, otherwise performs step 104.
In the present embodiment, judge whether include sensitive data, possible part number in the data content of user's current operation
Sensitive data is not belonging to according to for sensitive data, partial data, as long as partial data belongs to sensitiveness number in the data content
According to it is believed that the data content includes sensitive data.
If the 103, the data content includes the sensitive data, control corresponding with the specified process is obtained
System strategy, according to operation of the control strategy corresponding with the specified process to the network package and/or the specified process
Behavior is controlled.
Sensitive data in the present embodiment can be the confidential data in enterprise, in user to specifying process to operate
When, first judge whether the data content in network package corresponding to user's operation behavior includes confidential data, and then belonging to machine
The operation for allowing currently assigned process is can determine whether during ciphertext data, enterprise staff thus can be prevented to the sensitiveness number in enterprise
According to/confidential data outgoing leakage.
For example, when user uploads document by programs such as mail, instant messagings, if it is determined that current upload document, which belongs to, to be related to
Ciphertext part, leakage prevention device can select to forbid or the document of upload are encrypted.
Certainly, the operations such as user is preserved to a certain document, printed, replicated in the terminal, USB flash disk copies, can all be triggered
Control strategy corresponding to the operation, for example the corresponding triggering encryption policy of operation is preserved, printing and duplication can trigger bans policy etc..
It is understood that control strategy in the present embodiment can be specific to the rank of a certain employee, and the employee
The information such as packet/department specifically set.
Generally, for a certain employee operation control strategy, can there is manager to be pre-configured with, and be stored in server
In, leakage prevention device is sent to by server, and then realize the monitoring to each terminal.
If the employee of research and development department one sends a confidential document to market department, the field of mark mess code can be used to replace
Part field/whole fields in the confidential document, the file of the field for including mark mess code after replacement is sent into market
Department.
If the 104, not including sensitive data in the data content, current operation behavior intercept/control
System.
It should be strongly noted that can be using if section is come network analysis system to the packet capturing of instant messaging in the present embodiment
Deng software by the network package crawl of the corresponding address/port sent in terminal, and then judge the data content in network package
Whether sensitive data is included.
The leakage prevention method of the present embodiment, the operation behavior for the process of specifying is obtained, intercepted and captured in terminal from specified
The network package of process, and then the required data content transmitted is parsed from network package, and then determine that the data content is
It is no including sensitive data, when data content includes sensitive data, according to control strategy corresponding to specified process to net
Network bag/operation behavior is controlled, and then can improve the outgoing efficiency of data, reduces the wasting of resources, reduces load, is improved and is used
Experience at family.
In addition, explicable be, can be right in abovementioned steps 103 when it is determined that data content includes sensitive data
Document increase concerning security matters mark corresponding to the data content, for subsequently can be used directly when judging.For example, in practical application,
Before can judging whether to include sensitive data in current data content in a step 102, first determine whether to be related to the data content
File/document/information whether have concerning security matters mark, if so, then can directly determine specify process operation behavior corresponding to number
Include sensitive data according to content, if the file/document/information for being related to data content does not have concerning security matters mark, can perform step
Rapid 102 the step of.Thus, it is possible to improve the judging efficiency of data, the accuracy that data judge is improved.
Fig. 2 shows the schematic flow sheet for the leakage prevention method that one embodiment of the invention provides, as shown in Fig. 2
The leakage prevention method of the present embodiment is as described below.
201st, at least one judgment rule that leakage prevention device the reception server is sent.
For example, the judgment rule in the step can be:Regular expression, or pattern-matching rule;Or the step
In judgment rule can also be keyword match rule that server trains that default sensitive data obtains.The server can be
Cloud Server.
The present embodiment is not defined to judgment rule, it is any can identification data content include the rule of sensitive data
The judgment rule is then belonged to, the present embodiment is by way of example only.
The executive agent in method flow shown in Fig. 2 can be leakage prevention device.
In addition, it is necessary to explanation, because the present embodiment refers to leakage prevention, thus, the clothes in step 201
Business device can be the privately owned Cloud Server of the enterprise, and then effectively the data in enterprise can be protected.
202nd, the operation behavior for the process of specifying is obtained, the network package from the specified process in terminal is intercepted and captured, from institute
State the data content of transmission needed for being parsed in network package.
For example, process corresponding to instant messaging program can be that when specifying process, can monitor user in real time in the terminal
The operation behavior of instant messaging, for example, uploading pictures or passing through the operation behaviors such as transmitting file in instant messaging.
203rd, the spy for whether including sensitive data in current data content is judged according at least one judgment rule
Field is levied, if including performing step 204, otherwise performing step 204a.
The 204th, if current data content includes the feature field of sensitive data, it is determined that the data content includes
Sensitive data.
205th, control strategy corresponding with specified process is obtained, network is sealed according to control strategy corresponding with specified process
The operation behavior of bag and/or specified process is controlled.
For example, it is printing in the operation behavior for the process of specifying, and control strategy corresponding to the process is to forbid
During printing, step 205 can be:Forbid current printing, and shown in the terminal interface and forbid the specified process to carry out
The prompt message of printing;
Or in the current operation to preserve operation (such as saving as operating), and control strategy is encrypting storing data
During content/addition concerning security matters mark, step 205 can be:Perform described preserve to operate, and the network package preserved is encrypted
Processing or addition concerning security matters mark;
Or operated in the operation behavior of the specified process to send, and control strategy is that mess code character string sends plan
When slightly, step 205 can be:Portion in the data content for needing to transmit corresponding to the process of specifying is replaced using the field of mark mess code
Point/full detail.
If do not include the feature field of sensitive data in 204a, current data content, it may be determined that the data content is not
Including sensitive data, and then the judgement flow of current operation behavior can be terminated, current operation can not intercept/control.
The present embodiment can reduce the interception action to non-confidential document in the prior art, and can improve the outgoing effect of data
Rate, improve Consumer's Experience.
Alternatively, in a particular application, if leakage of data behavior occurs, then the leaking data in each client is prevented
The operation behavior of the user of local cache in the terminal can also be recorded upload server by protection unit, so that server is according to
Operation behavior record determines that the circulation path of the sensitive data is the path transmitted, and can navigate to letting out for enterprise staff
Dew behavior, and then the confidential data that can effectively protect in enterprise.
Certainly, if a period of time state-owned enterprise is in the industry without the behavior of divulging a secret, the leaking data in each terminal/client is prevented
The operation behavior record for the user that protection unit also can be cached periodically into transmission terminal/client on server (such as Cloud Server),
So that the server preserves those operation behaviors record, subsequently to use.
In other words, user can record in terminal/client to the operation behavior of confidential document in local cache, should
A little record includes establishment, modification, deletion, forwarding etc., the operation behavior record one in the present embodiment in regular acquisition local cache
Aspect can reveal personnel to enterprise and trace to the source, on the other hand it is known that the circulation approach of confidential document, it is known which member
Work has grasped which confidential document etc., thus, can preferably protect the data in enterprise.
Fig. 3 shows the schematic flow sheet for the leakage prevention method that one embodiment of the invention provides, as shown in figure 3,
The leakage prevention method of the present embodiment is as described below.
301st, at least one judgment rule that leakage prevention device the reception server is sent.
In actual applications, manager can pre-set keyword/Feature Words of sensitive data, and then pass through training
Mode trains keyword/Feature Words of part judgment rule extraction sensitive data, and is further judged, such as similarity
Judge etc., thus can realize to user the data content of current operation judgement.
Specifically in the application, data content can be handled using Chinese natural language treatment technology.
302nd, the operation behavior for the process of specifying is obtained, the network package from the specified process in terminal is intercepted and captured, from net
The data content of transmission needed for being parsed in network package.
303rd, judge whether include sensitive data in current data content according at least one judgment rule, if
Including performing step 304, step 304a is otherwise performed.
If the 304, current data content includes sensitive data, the control strategy for the process of specifying is sent to server
Request.
For example, the mark for specifying process is may include in control strategy request, so that server is true according to the mark
Fixed control strategy corresponding with specified process.
305th, the reception server control strategy according to corresponding to the specified process that control strategy request is sent.
306th, according to operation of the control strategy corresponding with the specified process to the network package and/or specified process
Behavior is controlled.
If not including sensitive data in 304a, data content, the data content is sent into server, so that clothes
Business device determines whether include sensitive data in data content.
304b, when server determines that data content includes sensitive data, the reception server send data content
Information including sensitive data, and the step 304 that subsequent execution is above-mentioned.
, then can the data content that sends of the reception server if the server determine that do not include sensitive data in data content
Do not include the information of sensitive data, and then to specifying the operation behavior of process without control.
It should be noted that it is not that the terminal/client for each employee being directed in enterprise is performed both by a particular application
Step 304a, optionally perform step 304a.Such as it can be performed for the ex-employee of key post within a period of time
Step 304a etc..
In addition, foregoing server can be Cloud Server, in the present embodiment, the rule of middle storage can be in Cloud Server
Detection performance is high, and the rule that the degree of accuracy is high, and then can effectively improve Detection accuracy, preferably protects the data peace in enterprise
Entirely.
Alternatively, if server determines that current data content does not include sensitive data, the server hair can be received
The data content of the current operation sent does not include the information of sensitive data, then terminates to current operation behavior monitoring.
It should be noted that in step 304a, it is quick to judge that data content does not include in not all terminal/client
All transmissions server of perceptual data is judged again.For particular terminal/client, such as Top Management, or, company
Recently personnel/company prepares Personnel Who Left etc. can perform step 304a in preset time period.
In addition, it is necessary to illustrate, the data content after judging in the present embodiment by server terminal/client
Secondary judgement is carried out, can effectively protect the leakage of data in enterprise, while can also improve the outgoing efficiency of data, and then improves and uses
Experience at family.
Certainly, can not be to data protection device if the server determine that current data content does not include sensitive data
Any information is sent, data protection device does not receive any information of server transmission in preset time period, can be defaulted as
Need server judge data content in do not include sensitive data, can directly outgoing or other operate etc., the present embodiment
By way of example only.
Further, in actual applications, border detection mode can also be used in the all-network package in enterprise
Data content carries out further safety detection.For example, the content of all outgoing data is detected using fire wall.
Fig. 4 shows the schematic flow sheet for the leakage prevention method that one embodiment of the invention provides, as shown in figure 4,
The leakage prevention method of the present embodiment is as described below.
401st, server receives data content corresponding to the operation behavior for the specified process that leakage prevention device is sent.
Data content in the present embodiment is that data protection device is intercepted and captured after the operation behavior for the process of specifying is obtained
Network package from the specified process in terminal, the data content of the required transmission parsed from network package.
402nd, server determines whether include sensitive data in the data content according to similarity mode rule.
For example, the similarity mode rule in the present embodiment can be that terminal/client pre-establishes, for example, can
According to default sensitive data, the similarity mode rule for judging whether include sensitive data in data content is established.Should
A little default sensitive datas can be the confidential data set in advance belonged in enterprise in enterprise.
Server in the present embodiment can be Cloud Server, i.e., the privately owned Cloud Server in enterprise.
403rd, if the server determine that the data content includes sensitive data, then filled to the leakage prevention
Putting the transmission data content includes the information of sensitive data, so that the leakage prevention device is receiving the information
Afterwards, control strategy corresponding with the specified process, the operation row using the control strategy to the specified process are obtained
For and/or the data content be controlled.
Certainly, if the server determine that data content does not include sensitive data, then sent to the leakage protector
Data content does not include the information of sensitive data, and now, leakage prevention device can be current according to Asymmetry information user
Operation behavior carries out any control.
Alternatively, in actual applications, server can be sentenced to leakage prevention device transmission is at least one in advance
Disconnected rule, so that the data content that the leakage prevention device operates in the client according to the judgment rule to user
Judged.
For example, server can send judgment rule to leakage prevention device, so that leakage prevention assembly monitor
To specified process operation behavior when, data content that can be in the networking package according to corresponding to the judgment rule determines operation behavior
Whether confidential data content/sensitive data is included.
In addition, server is additionally operable to receive the control strategy request for the specified process that leakage prevention device is sent, root
Asked according to the control strategy, send control strategy corresponding to the process of specifying to leakage prevention device, and then prevent data
Protection unit according to specify process corresponding to control strategy to this specify process operation behavior network package and/or specified process
Operation behavior be controlled.
Thus, server and the leakage prevention device of terminal/client, which combine, can effectively protect terminal/client
Middle data are not compromised, and can improve the outgoing efficiency of data, and then improve Consumer's Experience.
Fig. 5 shows the schematic flow sheet for the leakage prevention method that one embodiment of the invention provides, as shown in figure 5,
The leakage prevention method of the present embodiment is as described below.
500th, server is established according to default sensitive data and judges whether include sensitive data in data content
Similarity mode rule.
501st, server receives data content corresponding to the operation behavior for the specified process that leakage prevention device is sent;
502nd, server obtains the keyword in the data content, the Feature Words in the sensitive data, the pass
To characterize the notional word of the data content Chinese version implication, the Feature Words contain keyword to characterize the sensitive data Chinese version
The notional word of justice;
503rd, server establishes the crucial term vector that the keyword corresponds to each data in the data content, the feature
Word corresponds to the feature term vector of the sensitive data.
For example, can be established using word frequency (Term Frequency, abbreviation TF) mode described in the keyword correspondence
The crucial term vector of each data in data content;Or the Feature Words can be established using word frequency TF modes and correspond to the sensitivity
The feature term vector of property data.
Generally, word frequency refers to the number divided by the document/packet that some word in document/data content/field occurs
Total word number/total Field Count.
504th, server obtains the similarity of each crucial term vector and all feature term vectors in the data content;
505th, server is according to the similarities of all crucial term vectors, obtain in the data content each data with it is described quick
The similarity of perceptual data;
If the 506, the similarity of partial data and the sensitive data is more than predetermined threshold value in the data content,
Determine that the data content includes sensitive data.
Certainly, if the similarity of all data and the sensitive data is less than or equal to predetermined threshold value in data content,
Can determine that does not include sensitive data in data content.
507th, server sends the data content to the leakage prevention device includes the letter of sensitive data
Breath, so that the leakage prevention device is after receiving this information, control strategy corresponding with the specified process is obtained,
The operation behavior of the specified process and/or the data content are controlled using the control strategy.
For example, in abovementioned steps 505, each crucial term vector and all Feature Words in the data content are obtained
The similarity of vector, may specify that as follows:
The similarity of each crucial term vector and all feature term vectors in the data content is obtained according to formula (1);
Sim(ti,tj)=wf × CosSim (ti,tj) (1);
Wherein, ti=(wi1,wi2,…,win), represent the crucial term vectors of each data in the data content, tj=(wj1,
wj2,…,wjm), the feature term vector in the sensitive data is represented, wf represents tiAnd tjBetween similarity weighted factor;piRepresent accounting of the keyword in the data content, pjRepresent Feature Words in the sensitive data
Accounting;
CosSim(ti,tj) represent tiAnd tjBetween cosine similarity.
Cosine similarity CosSim (t in the present embodimenti,tj) it is by vectorial tiAnd tjBetween same keyword and every
What individual vector field homoemorphism length was determined.
For example,
Wherein, fimRepresent TF value of m-th of keyword in the data content, fjmRepresent m-th of Feature Words described
TF values in data content, k are parameter.
In actual applications, can be before the step 504 described in earlier figures 5, can also be in initialization data content in method
The lexical item inverted index table of all keywords, the vectorial forward index table of all crucial term vectors, and the sensitive data
In all Feature Words lexical item inverted index table, the vectorial forward index table of all feature term vectors;
Thus, lexical item inverted index table, vectorial forward index table that can be according to keyword, the lexical item inverted index of Feature Words
Table, vectorial forward index table, obtain each crucial term vector of each data and all feature term vectors in the data content
Similarity,
Wherein, the lexical item inverted index table includes:Vocabulary, vector index table, the corresponding relation of lexical item information;It is described to
Amount forward index table includes:Vector index table, vocabulary, the corresponding relation of lexical item information.
Similarity mode rule is illustrated below:
Firstth, at least two pending short text informations are chosen, short text is pre-processed by natural language processing technique
Information.
For example, using ICTCLAS Words partition systems, short text information is carried out to the word segmentation of one-level mark, and counts mark
The word frequency for the cutting word being poured in.Or using the method based on semantic analysis, part of speech analysis is carried out to the word after cutting,
Only retain the word for being noted as noun, adjective, adverbial word, verb.
It will be appreciated that it is following word frequency vector is established to short text information before need to delete it is corresponding in short text information
Stop words, as Chinese " ", " ", English " a ", " is ".Need to carry out semantic analysis to lexical item in the present embodiment,
Also needing to carry out the selection of keyword in addition to deleting stop words, these keywords are exactly the notional word that can most characterize text implication,
That is the part of speech of the lexical item is noun, verb, adjective and adverbial word etc..
Secondth, keyword lexical item selects, such as, it is necessary to lexical item to every short text information after short text information pretreatment
The calculating of TF values is carried out, the TF values of each lexical item in short text information are expressed as a short text vector, is calculated with this
Similarity between short text information.
Generally, the short text vector of above-mentioned acquisition is higher-dimension, therefore, can be from every short text information in the present embodiment
In select keyword, short text information is characterized with this, so as to reduce the dimension of short text vector most possibly.
Specific practice is:Verb, noun, adjective and adverbial word in every short text information are chosen as key word item,
Obtain crucial term vector.If setting key word item number accounts for whole short text percentage as p, the dimension of so crucial term vector
Degree can decline 1-p, and then can improve the efficiency of calculating.
3rd, Text similarity computing, after the short text vector that every short text information has been obtained in above-mentioned steps,
The similarity between two short text informations can be calculated.
Because key word item represents most important information in a text, therefore the similarity between short text information is just
It can be described with the similarity between crucial term vector.
If ti, tjIt is crucial term vector in two different short texts, piAnd pjAll keywords are corresponded to respectively in i short essays
Accounting in sheet and j short texts.Wherein, ti=(wi1,wi2,…,win), tj=(wj1,wj2,…,wjm), n, m round numbers;
Similarity is defined as:Sim(ti,tj)=wf × CosSim (ti,tj) (1-1)
Wherein wf represents crucial term vector tiAnd tjBetween similarity weighted factor, alternatively,
CosSim(ti,tj) represent crucial term vector tiAnd tjBetween cosine similarity.
Specific cosine similarity calculation formula is provided by formula (2-1).
W in formula (2-1)imThe TF values of each keyword are represented, alternatively:
Formula (3-1) fijWord frequency corresponding to keyword j in vectorial i is represented,Represent that institute's directed quantity includes keyword j's
Total word frequency,Represent total word frequency maximum of keyword.
Formula (3-1) is substituted into formula (2-1) and obtains formula (4-1):
Known by formula (4-1), cosine similarity CosSim (ti,tj) it is by vectorial tiAnd tjBetween common key words and every
What individual vector field homoemorphism length was determined.
Therefore, a lexical item can be obtained in advance and falls to arrange rope in order to preferably calculate similarity according to lexical item in the present embodiment
Draw table (Term Inverted Index Table, abbreviation TIIT) and a vectorial forward index table (Vector Forward
Index Table, abbreviation VFIT), and then according to the calculating of TIIT and VFIT progress similarities.
For example, first, using by crucial term vector modeling, by original short text information be expressed as one by one it is crucial to
Amount, TIIT and VFIT is then initialized respectively.
Then, the cosine similarity between two vectors is calculated using formula (4-1).
Generally, TIIT can be divided into 3 grades of dictionary text table, vector index table, lexical item information etc..Can be with by dictionary text table
Specified word is navigated into vector index table, be easy to navigate in vector index table TF of the specified word in vector is specified and to
The mould length of amount, the schematic diagram of TIIT as shown in Figure 6A.
VFIT can be divided into 3 grades of vector index table, contents of vector concordance list, word information etc..In vector index table, pass through finger
Determine vector number find corresponding to contents of vector concordance list, after word information found in contents of vector concordance list by specified word,
In order to update the information after two vectors merge, the schematic diagram of VFIT as shown in Figure 6B.
In addition, in a particular application, can be with automatical and efficient structure TIIT and VFIT:
The granularity cutting of 1w rows is pressed to original short text, file hash tables are established to original short text, in file hash tables
Middle key is reference number of a document (FileNum), and value is file path (FilePath), wherein reference number of a document (FileNum) with to
Corresponding relation between amount numbering (VecNum) is FileNum=(VecNum-1)/10000, is so easy to compile by vector
Number (VecNum) finds corresponding file path.TIIT and VFIT are built respectively with this document.
The similarity that two crucial term vectors are calculated according to aforementioned formula (4-1) is illustrated below.
For example, crucial term vector tiAnd tj, TIIT, VFIT, default similarity threshold values μ (for example, μ=0.5), keyword
Vectorial tiAnd tjSimilarity Sim (ti,tj)。
Firstth, TIIT and VFIT is initialized.
Secondth, known by formula (4-1), molecule is vectorial tiAnd tjAll common lexical item wimWith wjnSum of products, denominator be to
Measure tiAnd tjThe long product of mould.Therefore, as long as from vectorial tiIn lexical item w1Start, lexical item w is searched in TIIT1Corresponding vector,
Judge whether to include tjIf comprising calculating TF values wi1With wj1Product, and obtain vectorial tiAnd tjMould length;Otherwise, multiply
Product is 0.
3rd, add up second step result, molecule, the denominator of calculating formula (4-1), similarity is obtained, in this, as vectorial ti
And tjSimilarity CosSim (ti,tj)。
4th, according to abovementioned steps, to crucial term vector tiAnd tjSimilarity be weighted processing after obtain short text phase
Like degree Sim (ti,tj)。
5th, concordance list is updated.
Sim algorithms requirement in the present embodiment predefines threshold values, calculates two vectorial tiAnd tjSimilarity, if similar
Spend Sim (ti,tj)>μ, by tiAnd tjMerge into a new cluster tk=Simti∪tj, then the crucial vector of the new cluster formed isI.e. if two vectorial tiAnd tjThere is common word w1, then will
tkWord w in new vector1Weights be expressed asOtherwise, t is retainediAnd tj;In order to reduce memory space, here by vector
tiAnd tjIt is merged into vectorial tj.Therefore, it is necessary to adjust TIIT and VFIT, to reduce memory space, calculating speed is accelerated.
Renewal/adjustment concordance list comprises the following steps that:
1) in VFIT tables, temporary variable is established, by vectorial tiMiddle word winWith vectorial tjMiddle word wjmMerge, at the same update to
The mould length of amount, is saved in temporary variable, then by vectorial t in VFIT tablesiWith vectorial tjDelete, then temporary variable is inserted
Into VFIT tables, vector numbers tj。
2) in TIIT tables, according to the VFIT tables after renewal, vectorial t is searchedjCorrespond in each word wjm, delete word wjmIt is corresponding to
Measure ti, while vectorial t corresponding to renewalj, complete the renewal to TIIT tables.
The example above illustrates the calculating process of similarity mode rule in server, thus, in the present embodiment, can use
The above method determine server receive in the data content that leakage prevention device is sent each data whether with sensitive data
It is similar, if similar, it can determine that the data content that the leakage prevention device that server receives is sent includes sensitiveness
Data.
Fig. 7 shows the structural representation for the leakage prevention device that one embodiment of the invention provides, as shown in fig. 7,
The leakage prevention device of the present embodiment includes:Data content acquiring unit 71, judging unit 72, control strategy acquiring unit
73 and control unit 74;
Wherein, data content acquiring unit 71 is used for the operation behavior for obtaining specified process, intercepts and captures in terminal from described
The network package for the process of specifying, the data content of required transmission is parsed from the network package;For example, data content can wrap
Include:The chat message of instant messaging, and/or, picture/document of instant messaging transmission.
Judging unit 72 is used for judging whether include sensitive data in current data content;
Control strategy acquiring unit 73 is used to determine that the data content includes the sensitiveness in the judging unit
During data, control strategy corresponding with the specified process is obtained;
Control unit 74 is used for according to control strategy corresponding with the specified process to the network package and/or described
The operation behavior for the process of specifying is controlled.
For example, described control unit, is specifically used for, it is printing in the operation behavior of the specified process, and this enters
When control strategy corresponding to journey is non-print, forbid current printing, and shown in the terminal interface and forbid the finger
Determine the prompt message that process carries out printing;
Or operated in the operation behavior of the specified process to send, and control strategy is that mess code character string sends plan
When slightly, part/whole in the data content for needing to transmit corresponding to the specified process is replaced using the field of mark mess code
Information.
In an optional embodiment, control strategy acquiring unit 73 can be specifically used for, and described specify is sent to server
The control strategy request of process;The server is received according to corresponding to the specified process that control strategy request is sent
Control strategy.
In another optional embodiment, the judging unit 72 is specifically used for, and the data content is sent into server,
So that the server determines whether include sensitive data in the data content, and receive the institute that the server is sent
Whether state includes the information of sensitive data in data content.
In a kind of possible implementation, foregoing leakage prevention device may also include not shown in following figures
Receiving unit 75;Wherein, the receiving unit 75 is used for before judging unit 72, at least one judgement that the reception server is sent
Rule;
Correspondingly, the judging unit 72 is specifically used for judging current data content according at least one judgment rule
In whether include sensitive data.;
For example, the judgment rule is:Regular expression, or pattern-matching rule;
Or the judgment rule is the keyword match rule that the server trains that default sensitive data obtains
Then.
In alternatively possible implementation, foregoing leakage prevention device may also include not shown in following figures
Transmitting element 76, wherein, transmitting element 76 is used to upload the operation behavior record cached in the terminal to server, so that institute
State the path that server determines the sensitive data transmission according to operation behavior record.
Alternatively, transmitting element 76 is used to not include sensitive data in judging unit 72 judges current data content
When, the data content is sent into server, so that the server determines whether include sensitiveness number in the data content
According to;
Receiving unit 75 is used for when the server determines that the data content includes sensitive data, described in reception
The data content that server is sent includes the information of sensitive data;
Correspondingly, control strategy acquiring unit 73 be additionally operable to the receiving unit receive described information after, obtain with
Control strategy corresponding to the specified process.
It will be appreciated that be the monitoring to specifying process in all terminal/clients in enterprise in the present embodiment, by
This, the server referred in the present embodiment can be the privately owned Cloud Server of the terminal/client owned enterprise.
In addition, the leakage prevention device of the present embodiment can perform in the embodiment of the method shown in foregoing Fig. 1 to Fig. 3
Flow, the present embodiment is not described in detail herein.
Leakage prevention device in the present embodiment belongs to journey in fail-safe software by the software program of programming realization
Sequence, the data in any client/terminal/server can be protected, it can be with monitor client/terminal/server
Whether data content corresponding to the operation behavior of interior specified process includes sensitive data.
The leakage prevention device of the present embodiment, it is possible to increase the outgoing efficiency of data, reduce the wasting of resources, reduce negative
Carry, improve Consumer's Experience.
Fig. 8 shows the structural representation for the server that one embodiment of the invention provides, as shown in figure 8, the present embodiment
Server includes:Receiving unit 81, judging unit 82, transmitting element 83;
Wherein, receiving unit 81 is used to receive corresponding to the operation behavior of the specified process of leakage prevention device transmission
Data content;
Judging unit 82 is used to determine whether include sensitive data in the data content according to similarity mode rule;
Transmitting element 83 is used for when judging unit 82 determines that the data content includes sensitive data, to the number
Sending the data content according to leakage protector includes the information of sensitive data, so that the leakage prevention device
After receiving this information, control strategy corresponding with the specified process is obtained, using the control strategy to described specified
The operation behavior of process and/or the data content are controlled.
In a kind of possible implementation, the transmitting element 83 is additionally operable to receive the number in the receiving unit 81
Before or after content, at least one judgment rule is sent to the leakage prevention device;
And/or the receiving unit 81 receives the leakage prevention before or after the data content is received
The control strategy request for the specified process that device is sent;
The transmitting element 83 is additionally operable to be asked according to the control strategy, sends and refers to the leakage prevention device
Determine control strategy corresponding to process.
During specific implementation, the rule that the server may also include not shown in figure establishes unit 84, the rule
Establish unit 84 to be used for according to default sensitive data, establish and judge whether include the similar of sensitive data in data content
Spend matched rule.
Alternatively, judging unit 82 is specifically used for,
Obtain the keyword in the data content, the Feature Words in the sensitive data, the keyword is characterizes
The notional word of the data content Chinese version implication, the Feature Words are the notional word for characterizing the sensitive data Chinese version implication;
The crucial term vector that the keyword corresponds to each data in the data content is established, described in the Feature Words are corresponding
The feature term vector of sensitive data;
Obtain the similarity of each crucial term vector and the feature term vector in the data content;
For example, according to formula one obtain in the data content each crucial term vector of each data and all Feature Words to
The similarity of amount;
Sim(ti,tj)=wf × CosSim (ti,tj) formula one;
Wherein, ti=(wi1,wi2,…,win), represent the crucial term vector in the data content, tj=(wj1,wj2,…,
wjm), the feature term vector in the sensitive data is represented, wf represents tiAnd tjBetween similarity weighted factor;piRepresent accounting of the keyword in the data content, pjRepresent Feature Words in the sensitive data
Accounting;
CosSim(ti,tj) represent tiAnd tjBetween cosine similarity.
Wherein,fimRepresent m-th of keyword in the data content
In TF values, fjmTF value of m-th of Feature Words in the data content is represented, k is parameter;
Then, according to the similarity of all crucial term vectors, each data and the sensitiveness in the data content are obtained
The similarity of data;
When the similarity of partial data and the sensitive data is more than predetermined threshold value in the data content, institute is determined
Stating data content includes sensitive data;
For example, the judging unit 82 can also be specifically used for, and it is corresponding to establish the keyword using word frequency TF modes
Crucial term vector in the data content;
The feature term vector that the Feature Words correspond to the sensitive data is established using word frequency TF modes.
The method flow shown in the executable earlier figures 4 of server and Fig. 5 in the present embodiment, the present embodiment are only for example
It is bright, the implementation process of server is not limited.
Server in the present embodiment can be combined with the leakage prevention device of client can effectively protect client
Middle data are not compromised, and can improve the outgoing efficiency of data, and then improve Consumer's Experience.
In the specification of the present invention, numerous specific details are set forth.It is to be appreciated, however, that embodiments of the invention can be with
Put into practice in the case of these no details.In some instances, known method, structure and skill is not been shown in detail
Art, so as not to obscure the understanding of this description.
Similarly, it will be appreciated that disclose to simplify the present invention and help to understand one or more in each inventive aspect
Individual, in the description to the exemplary embodiment of the present invention above, each feature of the invention is grouped together into single sometimes
In embodiment, figure or descriptions thereof.It is intended to however, should not explain the method for the disclosure in reflection is following:Want
Seek the application claims features more more than the feature being expressly recited in each claim of protection.More precisely, such as
As following claims reflect, inventive aspect is all features less than single embodiment disclosed above.
Therefore, it then follows thus claims of embodiment are expressly incorporated in the embodiment, wherein each right will
Ask itself all as separate embodiments of the invention.
It will be understood by those skilled in the art that the module in the equipment in embodiment can adaptively be changed
And they are provided in the different one or more equipment of the embodiment.Can the module in embodiment or unit or
Component is combined into a module or unit or component, and can be divided into multiple submodule or subelement or subgroup in addition
Part.Except at least some in such feature and/or process or unit are mutually exclusive parts, any combinations can be used
To all features disclosed in this specification (including adjoint claim, summary and accompanying drawing) and such disclosed any side
All processes or unit of method or equipment are combined.Unless expressly stated otherwise, this specification (including adjoint right will
Ask, make a summary and accompanying drawing) disclosed in each feature can be replaced by the alternative features for providing identical, equivalent or similar purpose.
In addition, it will be appreciated by those of skill in the art that although some embodiments described herein include other embodiments
In included some features rather than further feature, but the combination of the feature of different embodiments means in of the invention
Within the scope of and form different embodiments.For example, in the following claims, embodiment claimed is appointed
One of meaning mode can use in any combination.
The all parts embodiment of the present invention can be realized with hardware, or to be run on one or more processor
Software module realize, or realized with combinations thereof.It will be understood by those of skill in the art that it can use in practice
Microprocessor or digital signal processor (DSP) are realized in a kind of equipment of browser terminal according to embodiments of the present invention
Some or all parts some or all functions.The present invention is also implemented as being used to perform side as described herein
The some or all equipment or program of device (for example, computer program and computer program product) of method.It is such
Realizing the program of the present invention can store on a computer-readable medium, or can have the shape of one or more signal
Formula.Such signal can be downloaded from internet website and obtained, and either be provided or with any other shape on carrier signal
Formula provides.
It should be noted that the present invention will be described rather than limits the invention for above-described embodiment, and ability
Field technique personnel can design alternative embodiment without departing from the scope of the appended claims.In the claims,
Any reference symbol between bracket should not be configured to limitations on claims.Word "comprising" does not exclude the presence of not
Element or step listed in the claims.Word "a" or "an" before element does not exclude the presence of multiple such
Element.The present invention can be by means of including the hardware of some different elements and being come by means of properly programmed computer real
It is existing.In if the unit claim of equipment for drying is listed, several in these devices can be by same hardware branch
To embody.The use of word first, second, and third does not indicate that any order.These words can be explained and run after fame
Claim.
Finally it should be noted that:Various embodiments above is merely illustrative of the technical solution of the present invention, rather than its limitations;To the greatest extent
The present invention is described in detail with reference to foregoing embodiments for pipe, it will be understood by those within the art that:Its according to
The technical scheme described in foregoing embodiments can so be modified, either which part or all technical characteristic are entered
Row equivalent substitution;And these modifications or replacement, the essence of appropriate technical solution is departed from various embodiments of the present invention technology
The scope of scheme, it all should cover among the claim of the present invention and the scope of specification.
Claims (26)
- A kind of 1. leakage prevention device, it is characterised in that including:Data content acquiring unit, for obtaining the operation behavior of specified process, intercept and capture in terminal from the specified process Network package, the data content of required transmission is parsed from the network package, includes instant messaging inside the data Chat message, and/or, picture/document of instant messaging transmission;Judging unit, for judging whether include sensitive data in current data content;Control strategy acquiring unit, for determining that the data content includes the sensitive data in the judging unit When, obtain control strategy corresponding with the specified process;Control unit, for the network package and/or described being specified according to control strategy corresponding with the specified process The operation behavior of process is controlled.
- 2. device according to claim 1, it is characterised in that described device also includes:Receiving unit, at least one judgment rule that before judging unit, the reception server is sent;Correspondingly, the judging unit, specifically for being judged to be in current data content according at least one judgment rule It is no including sensitive data.
- 3. device according to claim 2, it is characterised in that the judgment rule is:Regular expression, or pattern With rule;Or the judgment rule is the keyword match rule that the server trains that default sensitive data obtains.
- 4. device according to claim 1, it is characterised in that control strategy acquiring unit, be specifically used forThe control strategy that the specified process is sent to server is asked;Receive server control strategy according to corresponding to the specified process that control strategy request is sent.
- 5. device according to any one of claims 1 to 4, it is characterised in that described device also includes:Transmitting element, recorded for uploading the operation behavior cached in the terminal to server so that the server according to The operation behavior record determines the path of the sensitive data transmission.
- 6. device according to claim 5, it is characterised in that described device also includes:Transmitting element, during for not including sensitive data in judging current data content in judging unit, by the data Hold and send server, so that the server determines whether include sensitive data in the data content;Receiving unit, for when the server determines that the data content includes sensitive data, receiving the service The data content that device is sent includes the information of sensitive data;Correspondingly, control strategy acquiring unit, it is additionally operable to after the receiving unit receives described information, obtains and the finger Determine control strategy corresponding to process.
- 7. device according to claim 6, it is characterised in that the judging unit, be specifically used forThe data content is sent into server, so that the server determines whether include sensitiveness number in the data content According to, andWhether receive includes the information of sensitive data in the data content that the server is sent.
- 8. device according to claim 7, it is characterised in that described control unit, be specifically used forIt is printing in the operation behavior of the specified process, and when control strategy corresponding to the process is non-print, prohibits Only current printing, and the prompt message for forbidding the specified process to carry out printing is shown in the terminal interface;OrOperated in the operation behavior of the specified process to send, and when control strategy be mess code character string sending strategy, use The field of mark mess code replaces part/full detail in the data content for needing to transmit corresponding to the specified process.
- A kind of 9. server, it is characterised in that including:Receiving unit, for data content corresponding to the operation behavior for the specified process for receiving the transmission of leakage prevention device;Judging unit, for determining whether include sensitive data in the data content according to similarity mode rule;Transmitting element, for when judging unit determines that the data content includes sensitive data, to the leaking data Protector, which sends the data content, includes the information of sensitive data, so that the leakage prevention device is receiving After the information, control strategy corresponding with the specified process is obtained, using the control strategy to the specified process Operation behavior and/or the data content are controlled.
- 10. server according to claim 9, it is characterised in that the transmitting element, be additionally operable toBefore or after the receiving unit receives the data content, at least one is sent to the leakage prevention device Individual judgment rule;And/orThe receiving unit, before or after the data content is received, receive what the leakage prevention device was sent The control strategy request for the process of specifying;The transmitting element, be additionally operable to according to the control strategy ask, to the leakage prevention device send specify into Control strategy corresponding to journey.
- 11. server according to claim 9, it is characterised in that the server also includes:Rule establishes unit, for judging whether include sensitiveness number in data content according to default sensitive data, foundation According to similarity mode rule.
- 12. according to any described server of claim 9 to 11, it is characterised in that the judging unit, be specifically used forObtain the keyword in the data content, the Feature Words in the sensitive data, the keyword is described in characterizing The notional word of data content Chinese version implication, the Feature Words are the notional word for characterizing the sensitive data Chinese version implication;The crucial term vector that the keyword corresponds to each data in the data content is established, the Feature Words correspond to the sensitivity The feature term vector of property data;Obtain the similarity of each crucial term vector and the feature term vector in the data content;According to the similarity of all crucial term vectors, it is similar to the sensitive data to obtain each data in the data content Degree;When the similarity of partial data and the sensitive data is more than predetermined threshold value in the data content, the number is determined Include sensitive data according to content.
- 13. server according to claim 12, it is characterised in that the judging unit, be specifically used forThe crucial term vector that keyword corresponds to the data content is established using word frequency TF modes, institute is established using word frequency TF modes State the feature term vector that Feature Words correspond to the sensitive data;Obtain the similarity of each crucial term vector and the feature term vector in the data content;According to the similarity of all crucial term vectors, it is similar to the sensitive data to obtain each data in the data content Degree;When the similarity of partial data and the sensitive data is more than predetermined threshold value in the data content, the number is determined Include sensitive data according to content.
- A kind of 14. leakage prevention method, it is characterised in that including:The operation behavior for the process of specifying is obtained, intercepts and captures the network package from the specified process in terminal;The data content of transmission, the data content include needed for being parsed from the network package:The chat of instant messaging Information, and/or, picture/document of instant messaging transmission;Judge whether include sensitive data in current data content;If the data content includes the sensitive data, control strategy corresponding with the specified process is obtained, The operation behavior of the network package and/or the specified process is carried out according to control strategy corresponding with the specified process Control.
- 15. according to the method for claim 14, it is characterised in that described to judge whether include sensitivity in current data content Before property data, methods described also includes:At least one judgment rule that the reception server is sent;Correspondingly, judge whether include sensitive data in current data content, including:Judge whether include sensitive data in current data content according at least one judgment rule.
- 16. according to the method for claim 15, it is characterised in that the judgment rule is:Regular expression, or pattern Matched rule;Or the judgment rule is the keyword match rule that the server trains that default sensitive data obtains.
- 17. according to the method for claim 14, it is characterised in that the acquisition is corresponding with the specified process to control plan Omit, including:The control strategy that the specified process is sent to server is asked;Receive server control strategy according to corresponding to the specified process that control strategy request is sent.
- 18. according to any described method of claim 14 to 17, it is characterised in that methods described also includes:Upload the operation behavior cached in the terminal to server to record, so that the server is remembered according to the operation behavior Record determines the path of the sensitive data transmission.
- 19. according to the method for claim 18, it is characterised in that described to judge whether include sensitivity in current data content After property data, methods described also includes:If not including sensitive data in the data content, the data content is sent into server, so that the clothes Business device determines whether include sensitive data in the data content,When the server determines that the data content includes sensitive data, the number that the server is sent is received The step of including the information of sensitive data according to content, and performing acquisition corresponding with specified process control strategy.
- 20. according to the method for claim 19, it is characterised in that described to judge whether include sensitivity in current data content Property data, including:The data content is sent into server, so that the server determines whether include sensitiveness number in the data content According to, andWhether receive includes the information of sensitive data in the data content that the server is sent.
- 21. according to the method for claim 20, it is characterised in thatIt is printing in the operation behavior of the specified process, and when control strategy corresponding to the process is non-print, institute State and the operation behavior of the network package and/or the specified process is controlled according to control strategy corresponding with specified process System, including:Forbid current printing, and the prompting letter for forbidding the specified process to carry out printing is shown in the terminal interface Breath;OrOperated in the operation behavior of the specified process to send, and when control strategy is mess code character string sending strategy, it is described The operation behavior of the network package and/or the specified process is controlled according to control strategy corresponding with specified process System, including:Part/whole letter in the data content for needing to transmit corresponding to the specified process is replaced using the field of mark mess code Breath.
- A kind of 22. leakage prevention method, it is characterised in that including:Receive data content corresponding to the operation behavior for the specified process that leakage prevention device is sent;Determine whether include sensitive data in the data content according to similarity mode rule;If it is determined that the data content includes sensitive data, then the data are sent to the leakage prevention device Content includes the information of sensitive data, so that the leakage prevention device is after receiving this information, acquisition and institute Control strategy corresponding to specified process is stated, using operation behavior of the control strategy to the specified process and/or the number It is controlled according to content.
- 23. according to the method for claim 22, it is characterised in that described to receive specifying for leakage prevention device transmission Before or after data content corresponding to the operation behavior of process, methods described also includes:At least one judgment rule is sent to the leakage prevention device;And/orThe control strategy request for the specified process that the leakage prevention device is sent is received, please according to the control strategy Ask, control strategy corresponding to the process of specifying is sent to the leakage prevention device.
- 24. according to the method for claim 23, it is characterised in that described to receive specifying for leakage prevention device transmission Before data content corresponding to the operation behavior of process, methods described also includes:According to default sensitive data, establish the similarity mode for judging whether to include in data content sensitive data and advise Then.
- 25. according to any described method of claim 22 to 24, it is characterised in that according to determining similarity mode rule Whether sensitive data is included in data content, including:Obtain the keyword in the data content, the Feature Words in the sensitive data, the keyword is described in characterizing The notional word of data content Chinese version implication, the Feature Words are the notional word for characterizing the sensitive data Chinese version implication;The crucial term vector that the keyword corresponds to each data in the data content is established, the Feature Words correspond to the sensitivity The feature term vector of property data;Obtain the similarity of each crucial term vector and the feature term vector in the data content;According to the similarity of all crucial term vectors, it is similar to the sensitive data to obtain each data in the data content Degree;If the similarity of partial data and the sensitive data is more than predetermined threshold value in the data content, it is determined that described Data content includes sensitive data.
- 26. according to the method for claim 25, it is characterised in that described to establish the keyword and correspond to the data content In each data crucial term vector, including:The crucial term vector that the keyword corresponds to each data in the data content is established using word frequency TF modes;The feature term vector that the Feature Words correspond to the sensitive data is established, including:The feature term vector that the Feature Words correspond to the sensitive data is established using word frequency TF modes.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410844357.8A CN104506545B (en) | 2014-12-30 | 2014-12-30 | Leakage prevention method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410844357.8A CN104506545B (en) | 2014-12-30 | 2014-12-30 | Leakage prevention method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104506545A CN104506545A (en) | 2015-04-08 |
| CN104506545B true CN104506545B (en) | 2017-12-22 |
Family
ID=52948260
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410844357.8A Active CN104506545B (en) | 2014-12-30 | 2014-12-30 | Leakage prevention method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104506545B (en) |
Families Citing this family (25)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105488428A (en) * | 2015-11-24 | 2016-04-13 | 北京华夏威科软件技术有限公司 | Operation behavior recording method and system applied to operation behavior auditing system |
| CN107229873B (en) * | 2016-03-24 | 2020-07-17 | 阿里巴巴集团控股有限公司 | Picture processing method and equipment |
| CN105844118B (en) * | 2016-04-15 | 2020-02-21 | 量子创新(北京)信息技术有限公司 | Method and system for data leakage protection |
| CN105893859B (en) * | 2016-04-15 | 2019-05-03 | 宝利九章(北京)数据技术有限公司 | Method and system for leakage prevention |
| CN105956482B (en) * | 2016-04-15 | 2019-06-04 | 宝利九章(北京)数据技术有限公司 | Method and system for leakage prevention |
| CN105955978B (en) * | 2016-04-15 | 2019-07-02 | 宝利九章(北京)数据技术有限公司 | Method and system for leakage prevention |
| CN106453366A (en) * | 2016-10-27 | 2017-02-22 | 北京锐安科技有限公司 | Information transmission method and system, sending terminal and receiving terminal |
| CN108024005B (en) * | 2016-11-04 | 2020-08-21 | 北京搜狗科技发展有限公司 | Information processing method and device, intelligent terminal, server and system |
| CN108270735A (en) * | 2016-12-31 | 2018-07-10 | ***通信集团陕西有限公司 | A kind of data leakage prevention method and equipment |
| CN107391671B (en) * | 2017-07-21 | 2019-11-26 | 华中科技大学 | A kind of document leakage detection method and system |
| CN108011809A (en) * | 2017-12-04 | 2018-05-08 | 北京明朝万达科技股份有限公司 | Anti-data-leakage analysis method and system based on user behavior and document content |
| CN108566358B (en) * | 2017-12-22 | 2021-03-26 | 广州赛意信息科技股份有限公司 | iOS system network communication interception method and system based on iPhone mobile phone |
| CN109214206A (en) * | 2018-08-01 | 2019-01-15 | 武汉普利商用机器有限公司 | cloud backup storage system and method |
| CN110222170B (en) * | 2019-04-25 | 2024-05-24 | 平安科技(深圳)有限公司 | Method, device, storage medium and computer equipment for identifying sensitive data |
| CN110135128A (en) * | 2019-05-22 | 2019-08-16 | 北京明朝万达科技股份有限公司 | A kind of document handling method and device |
| CN110399485B (en) * | 2019-07-01 | 2022-04-08 | 上海交通大学 | Data tracing method and system based on word vector and machine learning |
| CN111241565B (en) * | 2020-01-14 | 2022-10-18 | 中移(杭州)信息技术有限公司 | File control method and device, electronic equipment and storage medium |
| CN111629027B (en) * | 2020-04-10 | 2023-06-23 | 云南电网有限责任公司信息中心 | Method for storing and processing trusted file based on blockchain |
| CN111858094B (en) * | 2020-07-14 | 2021-05-18 | 北京海泰方圆科技股份有限公司 | Data copying and pasting method and system and electronic equipment |
| CN112613031A (en) * | 2020-11-26 | 2021-04-06 | 新华三技术有限公司 | Data stream detection method and device |
| CN112839077A (en) * | 2020-12-29 | 2021-05-25 | 北京安华金和科技有限公司 | Sensitive data determination method and device |
| CN113342288B (en) * | 2021-06-29 | 2024-03-22 | 北京天空卫士网络安全技术有限公司 | Data protection method, client, server and system |
| CN113342449A (en) * | 2021-06-29 | 2021-09-03 | 北京天空卫士网络安全技术有限公司 | Data protection method and device |
| CN113449350A (en) * | 2021-06-30 | 2021-09-28 | 中国工商银行股份有限公司 | Management method, device, equipment and medium for USB outgoing sensitive information |
| CN117290659B (en) * | 2023-11-24 | 2024-04-02 | 华信咨询设计研究院有限公司 | Data tracing method based on regression analysis |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101827102A (en) * | 2010-04-20 | 2010-09-08 | 中国人民解放军理工大学指挥自动化学院 | Data prevention method based on content filtering |
| CN101984603A (en) * | 2010-11-11 | 2011-03-09 | 湖北电力信息通信中心 | Power sensitive information detection method based on e-mail interception |
| CN102624699A (en) * | 2012-01-19 | 2012-08-01 | 歌尔声学股份有限公司 | Method and system for protecting data |
| CN103209174A (en) * | 2013-03-12 | 2013-07-17 | 华为技术有限公司 | Data protection method, device and system |
| CN103327183A (en) * | 2013-06-13 | 2013-09-25 | 中国科学院信息工程研究所 | Black box protecting method and system for private data of Android user based on tag |
| CN103916233A (en) * | 2014-03-28 | 2014-07-09 | 小米科技有限责任公司 | Information encryption method and device |
Family Cites Families (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050172234A1 (en) * | 2004-02-03 | 2005-08-04 | Chuchla Jonathan E. | Video display system |
| CN101098224B (en) * | 2006-06-28 | 2010-08-25 | 中色科技股份有限公司 | Method for encrypting/deciphering dynamically data file |
| US8446607B2 (en) * | 2007-10-01 | 2013-05-21 | Mcafee, Inc. | Method and system for policy based monitoring and blocking of printing activities on local and network printers |
| CN101520833B (en) * | 2009-04-10 | 2010-12-01 | 武汉大学 | Anti-data-leakage system and method based on virtual machine |
| CN102082704A (en) * | 2009-11-30 | 2011-06-01 | ***通信集团河北有限公司 | Safety monitoring method and system |
| CN102143158B (en) * | 2011-01-13 | 2013-10-09 | 北京邮电大学 | Data anti-leakage method based on trusted platform module (TPM) |
| US8800031B2 (en) * | 2011-02-03 | 2014-08-05 | International Business Machines Corporation | Controlling access to sensitive data based on changes in information classification |
| CN103336927A (en) * | 2013-06-07 | 2013-10-02 | 杭州世平信息科技有限公司 | Data classification based data leakage prevention method and system |
-
2014
- 2014-12-30 CN CN201410844357.8A patent/CN104506545B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101827102A (en) * | 2010-04-20 | 2010-09-08 | 中国人民解放军理工大学指挥自动化学院 | Data prevention method based on content filtering |
| CN101984603A (en) * | 2010-11-11 | 2011-03-09 | 湖北电力信息通信中心 | Power sensitive information detection method based on e-mail interception |
| CN102624699A (en) * | 2012-01-19 | 2012-08-01 | 歌尔声学股份有限公司 | Method and system for protecting data |
| CN103209174A (en) * | 2013-03-12 | 2013-07-17 | 华为技术有限公司 | Data protection method, device and system |
| CN103327183A (en) * | 2013-06-13 | 2013-09-25 | 中国科学院信息工程研究所 | Black box protecting method and system for private data of Android user based on tag |
| CN103916233A (en) * | 2014-03-28 | 2014-07-09 | 小米科技有限责任公司 | Information encryption method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104506545A (en) | 2015-04-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104506545B (en) | Leakage prevention method and device | |
| US20200285741A1 (en) | Endpoint Detection and Response Utilizing Machine Learning | |
| Joo et al. | S-Detector: an enhanced security model for detecting Smishing attack for mobile computing | |
| EP3756124B1 (en) | Data-defined architecture for network data management | |
| US10079854B1 (en) | Client-side protective script to mitigate server loading | |
| US8787567B2 (en) | System and method for decrypting files | |
| US9219752B2 (en) | Data leak prevention systems and methods | |
| US8688601B2 (en) | Systems and methods for generating machine learning-based classifiers for detecting specific categories of sensitive information | |
| US9652597B2 (en) | Systems and methods for detecting information leakage by an organizational insider | |
| US8612594B1 (en) | Systems and methods for preventing data loss from files sent from endpoints | |
| GB2555192A (en) | Methods and apparatus for detecting and identifying malware by mapping feature data into a semantic space | |
| US20130312092A1 (en) | System and method for forensic cyber adversary profiling, attribution and attack identification | |
| US11381587B2 (en) | Data segmentation | |
| WO2018076697A1 (en) | Method and apparatus for detecting zombie feature | |
| EP3987728A1 (en) | Dynamically controlling access to linked content in electronic communications | |
| CN111182060A (en) | Message detection method and device | |
| US9245132B1 (en) | Systems and methods for data loss prevention | |
| Moh et al. | Efficient semantic search over encrypted data in cloud computing | |
| Cable et al. | Stratosphere: Finding vulnerable cloud storage buckets | |
| US9253214B1 (en) | Systems and methods for optimizing data loss prevention systems | |
| Chapman | {SAD}{THUG}: Structural Anomaly Detection for Transmissions of High-value Information Using Graphics | |
| Alhindi et al. | Preventing Data Loss by Harnessing Semantic Similarity and Relevance. | |
| Shu et al. | Rapid screening of big data against inadvertent leaks | |
| Prabhu et al. | Malicious Firmware Injection Detection on Wireless Networks Using Deep Learning TF-IDF Normalization (MFI-IDF) | |
| de Sousa | XS-Leaks Crutch: Assisted Detection & Exploitation of Cross-Site Leaks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20170117 Address after: 100015 Chaoyang District Road, Jiuxianqiao, No. 10, building No. 3, floor 15, floor 17, 1701-26, Applicant after: BEIJING QIANXIN TECHNOLOGY Co.,Ltd. Address before: 100088 Beijing city Xicheng District xinjiekouwai Street 28, block D room 112 (Desheng Park) Applicant before: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Applicant before: Qizhi software (Beijing) Co.,Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: Room 332, 3 / F, Building 102, 28 xinjiekouwei street, Xicheng District, Beijing 100088 Patentee after: QAX Technology Group Inc. Address before: 100015 15, 17 floor 1701-26, 3 building, 10 Jiuxianqiao Road, Chaoyang District, Beijing. Patentee before: BEIJING QIANXIN TECHNOLOGY Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20201225 Address after: 100044 2nd floor, building 1, yard 26, Xizhimenwai South Road, Xicheng District, Beijing Patentee after: LEGENDSEC INFORMATION TECHNOLOGY (BEIJING) Inc. Patentee after: QAX Technology Group Inc. Address before: Room 332, 3 / F, Building 102, 28 xinjiekouwei street, Xicheng District, Beijing 100088 Patentee before: QAX Technology Group Inc. |
|
| CP01 | Change in the name or title of a patent holder | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100044 2nd floor, building 1, yard 26, Xizhimenwai South Road, Xicheng District, Beijing Patentee after: Qianxin Wangshen information technology (Beijing) Co.,Ltd. Patentee after: QAX Technology Group Inc. Address before: 100044 2nd floor, building 1, yard 26, Xizhimenwai South Road, Xicheng District, Beijing Patentee before: LEGENDSEC INFORMATION TECHNOLOGY (BEIJING) Inc. Patentee before: QAX Technology Group Inc. |