CN112905857A - Data leakage behavior tracing method and device based on data characteristics - Google Patents

Data leakage behavior tracing method and device based on data characteristics Download PDF

Info

Publication number
CN112905857A
CN112905857A CN202110131828.0A CN202110131828A CN112905857A CN 112905857 A CN112905857 A CN 112905857A CN 202110131828 A CN202110131828 A CN 202110131828A CN 112905857 A CN112905857 A CN 112905857A
Authority
CN
China
Prior art keywords
data
leakage
database
information
tracing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110131828.0A
Other languages
Chinese (zh)
Inventor
唐更新
赵卫国
宋辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Zhongan Xingyun Software Technology Co ltd
Original Assignee
Beijing Zhongan Xingyun Software Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Zhongan Xingyun Software Technology Co ltd filed Critical Beijing Zhongan Xingyun Software Technology Co ltd
Priority to CN202110131828.0A priority Critical patent/CN112905857A/en
Publication of CN112905857A publication Critical patent/CN112905857A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/903Querying
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/34Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
    • G06F11/3438Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment monitoring of user actions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/17Details of further file system functions
    • G06F16/1734Details of monitoring file system events, e.g. by the use of hooks, filter drivers, logs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/903Querying
    • G06F16/9038Presentation of query results
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/906Clustering; Classification

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • Computational Linguistics (AREA)
  • Computer Hardware Design (AREA)
  • Quality & Reliability (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention discloses a data leakage behavior tracing method based on data characteristics, which comprises the following steps: inputting various types of data, determining the distribution positions of the various types of data according to the data characteristic information of the various types of data, and generating data distribution position information; acquiring a leakage data tracing request, and performing feature extraction on leakage data in the leakage data tracing request to obtain target data features; and determining a database to which the leaked data belongs according to the target data characteristics and the data distribution position information, inquiring operation information of the leaked data in the corresponding database, and generating and sending leakage path information according to the operation information. The invention also discloses a data leakage behavior tracing device based on the data characteristics. The invention can automatically, quickly and effectively trace and trace the source according to the leaked data characteristics and determine the data leakage path.

Description

Data leakage behavior tracing method and device based on data characteristics
Technical Field
The invention relates to the technical field of data tracing, in particular to a data leakage behavior tracing method and device based on data characteristics.
Background
The existing database log auditing technology has great defects in the aspects of tracing, safety and the like:
firstly, tracing and tracing: retrieval is carried out according to the access behavior of the user, source tracing analysis cannot be carried out through inputting or importing leaked data, and the method is low in automation degree and accuracy.
Secondly, safety: according to the partial log auditing technology, the returned data of the database are stored in the audit log, and the data in the log are retrieved to find a data leakage path, so that on one hand, the security is poor, a great data leakage risk exists, on the other hand, unnecessary calculation and storage resources are occupied, and the efficiency is low.
Therefore, the problem that the existing database log auditing mechanism cannot quickly, automatically and accurately trace the source according to the characteristics of leaked data after the data are leaked is urgently needed to be solved.
Disclosure of Invention
In order to overcome the above problems or at least partially solve the above problems, embodiments of the present invention provide a data leakage behavior tracing method and apparatus based on data characteristics, which can automatically, quickly and effectively trace and trace a source according to leaked data characteristics to determine a data leakage path.
The embodiment of the invention is realized by the following steps:
in a first aspect, an embodiment of the present invention provides a data leakage behavior tracing method based on data characteristics, including the following steps:
inputting various types of data, determining the distribution positions of the various types of data according to the data characteristic information of the various types of data, and generating data distribution position information;
acquiring a leakage data tracing request, and performing feature extraction on leakage data in the leakage data tracing request to obtain target data features;
and determining a database to which the leaked data belongs according to the target data characteristics and the data distribution position information, inquiring operation information of the leaked data in the corresponding database, and generating and sending leakage path information according to the operation information.
In order to quickly trace the source of the leaked data, firstly, carrying out feature classification on different data, determining the distribution position of each data according to the data features of the different data, specifically in which corresponding database, determining the specific position of the data in the corresponding database, providing reference for subsequently searching the distribution position of the leaked data, after setting the data distribution positions of various types, extracting the leaked data in the tracing request when obtaining the source tracing request of the leaked data, carrying out feature extraction on the leaked data in the tracing request, extracting the corresponding data features, namely target data features, after extracting the target data features, matching and comparing the target data features with the data features according to the distribution position information of the previously determined data so as to obtain the database to which the target data features belong and the specific position of the database, the method comprises the steps of determining a database to which leaked data belongs and a specific position of the database, inquiring operation information of the leaked data in the corresponding database, generating one or more kinds of leakage path information through operation time, operators, operation behaviors, operation tools and other information in the operation information, comprehensively showing a path of data leakage, deducing the position of the data through reverse deduction, and further quickly searching the operated information of the data in the corresponding database, and further quickly deducing the leakage path of the data.
The method adopts feature extraction and feature matching to quickly and effectively determine the distribution position of the leaked data, and then reversely deduces the possible leakage path of the leaked data by combining the operation information of the leaked data in the corresponding database, so as to comprehensively reflect the data leakage path, thereby facilitating the subsequent and quick data tracking.
Based on the first aspect, in some embodiments of the present invention, the method for determining distribution positions of various types of data according to data characteristic information of the various types of data includes the following steps:
and matching the data characteristic information of each type of data with preset data characteristics, and inquiring a database to which each type of data belongs by adopting a matching scanning method according to the data characteristic information so as to determine the distribution positions of each type of data.
Based on the first aspect, in some embodiments of the present invention, the method for determining a database to which leakage data belongs according to the target data characteristics and the data distribution location information includes the following steps:
and comparing and matching the target data characteristics with the data characteristics in the data distribution position information to obtain a database corresponding to the target data characteristics so as to determine the position of the leakage data in the database.
Based on the first aspect, in some embodiments of the present invention, the method for querying the database corresponding to the database to reveal the operation information of the data includes the following steps:
and automatically retrieving the access log of the database according to the position of the leaked data in the database to obtain the operation information of the leaked data.
Based on the first aspect, in some embodiments of the present invention, the data leakage behavior tracing method based on the data characteristics further includes the following steps:
and generating a leakage path image according to the leakage path information, and visually displaying the leakage path image.
In a second aspect, an embodiment of the present invention provides a data leakage behavior tracing apparatus based on data characteristics, including a data distribution module, a target characteristic module, and a tracing module, where:
the data distribution module is used for inputting various types of data, determining the distribution positions of various types of data according to the data characteristic information of the various types of data and generating data distribution position information;
the target characteristic module is used for acquiring a leaked data tracing request and extracting characteristics of leaked data in the leaked data tracing request to obtain target data characteristics;
and the source tracing module is used for determining a database to which the leakage data belongs according to the target data characteristics and the data distribution position information, inquiring operation information of the leakage data in the corresponding database, and generating and sending leakage path information according to the operation information.
In order to quickly trace the source of the leaked data, firstly, different data are classified according to features, a data distribution module determines the distribution position of each data according to the data features of the different data, specifically in which corresponding database, determines the specific position of the data in the corresponding database, provides reference for subsequently searching the distribution position of the leaked data, after the data distribution positions of various types are set, when a target feature module acquires a leaked data tracing request, the leaked data in the tracing request are extracted, the feature extraction is carried out on the leaked data in the tracing request, the corresponding data features, namely the target data features, are extracted, after the target data features are extracted, the target data features are matched and compared with the data features according to the distribution position information of the previously determined data, so as to acquire the database to which the target data features belong and the specific position of the database, the method comprises the steps of determining a database to which leaked data belongs and a specific position of the database, inquiring operation information of the leaked data in the corresponding database through a tracing module, generating one or more kinds of leakage path information through operation time, operators, operation behaviors, operation tools and other information in the operation information, comprehensively showing a path of data leakage, deducing the position of the data through reverse deduction, further quickly searching the operated information of the data in the corresponding database, and further quickly deducing the leakage path of the data.
The system adopts feature extraction and feature matching to quickly and effectively determine the distribution position of the leaked data, and then reversely deduces the possible leakage path of the leaked data by combining the operation information of the leaked data in the corresponding database, so as to comprehensively reflect the data leakage path, thereby facilitating the subsequent and quick data tracking.
Based on the second aspect, in some embodiments of the present invention, the data distribution module includes a matching scanning sub-module, configured to match data feature information of each type of data with a preset data feature, and query a database to which each type of data belongs by using a matching scanning method according to the data feature information, so as to determine a distribution position of each type of data.
Based on the second aspect, in some embodiments of the present invention, the source tracing module includes a feature matching sub-module, configured to compare and match the target data feature with the data feature in the data distribution location information, and obtain a database corresponding to the target data feature through matching, so as to determine a location of the leaked data in the database to which the leaked data belongs.
Based on the second aspect, in some embodiments of the present invention, the tracing module includes a tracing query submodule, configured to perform an automated retrieval on an access log of the database according to a location of the leaked data in the database to which the leaked data belongs, so as to obtain operation information of the leaked data.
Based on the second aspect, in some embodiments of the present invention, the data characteristic-based data leakage behavior tracing apparatus further includes a visualization display module, configured to generate a leakage path image according to the leakage path information, and visually display the leakage path image.
The embodiment of the invention at least has the following advantages or beneficial effects:
the embodiment of the invention provides a data leakage behavior tracing method and a device based on data characteristics, firstly, different data are subjected to characteristic classification, the distribution position of each data is determined according to the data characteristics of the different data, reference is provided for subsequently searching the distribution position of the leaked data, after the data distribution positions of various types are set, when a leaked data tracing request is obtained, the characteristics of the leaked data in the tracing request are extracted, after target data characteristics are extracted, the target data characteristics are matched and compared with the target data characteristics according to the distribution position information of the previously determined data, a database to which the leaked data belongs and the specific position of the database to which the leaked data belongs are determined, then the operation information of the leaked data in the corresponding database is inquired, the position to which the data belongs is deduced through reverse derivation, and further the operated information of the data in the corresponding database is quickly searched, and then rapidly deducing the leakage path of the data. The method adopts feature extraction and feature matching to quickly and effectively determine the distribution position of the leaked data, and then reversely deduces the possible leakage path of the leaked data by combining the operation information of the leaked data in the corresponding database, so as to comprehensively reflect the data leakage path, thereby facilitating the subsequent and quick data tracking.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained according to the drawings without inventive efforts.
Fig. 1 is a flowchart of a data leakage behavior tracing method based on data characteristics according to an embodiment of the present invention;
fig. 2 is a schematic block diagram of a data leakage behavior tracing apparatus based on data characteristics according to an embodiment of the present invention.
Icon: 100. a data distribution module; 110. matching the scanning sub-module; 200. a target feature module; 300. a source tracing module; 310. a feature matching sub-module; 320. a source tracing query submodule; 400. and a visual display module.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. The components of embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the present invention, presented in the figures, is not intended to limit the scope of the invention, as claimed, but is merely representative of selected embodiments of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
Examples
As shown in fig. 1, in a first aspect, an embodiment of the present invention provides a data leakage behavior tracing method based on data characteristics, including the following steps:
s1, inputting various types of data, determining the distribution positions of various types of data according to the data characteristic information of the various types of data, and generating data distribution position information;
in order to quickly trace the source of the leaked data, firstly, different data are subjected to feature classification, the distribution position of each data is determined according to the data features of the different data, specifically in which corresponding database, and the specific position of the good data in the corresponding database is determined, so that reference is provided for subsequently searching the distribution position of the leaked data.
S2, obtaining a leaked data tracing request, and performing feature extraction on leaked data in the leaked data tracing request to obtain target data features;
after the data distribution positions of various types are set, when a leakage data tracing request is obtained, the leakage data in the tracing request is extracted, the characteristics of the leakage data in the tracing request are extracted, and the corresponding data characteristics are extracted, namely the target data characteristics.
And S3, determining a database to which the leakage data belong according to the target data characteristics and the data distribution position information, inquiring operation information of the leakage data in the corresponding database, and generating and sending leakage path information according to the operation information.
After the target data characteristics are extracted, matching and comparing the target data characteristics with the distribution position information of the determined data to obtain a database to which the target data characteristics belong and a specific position of the database, namely determining the database to which the leaked data belongs and the specific position of the database, inquiring operation information of the leaked data in the corresponding database, generating one or more leakage path information through operation time, operators, operation behaviors, operation tools and other information in the operation information, comprehensively showing paths of data leakage, deducing the affiliated position of the data through reverse deduction, further quickly searching the operated information of the data in the corresponding database, and further quickly deducing the leakage path of the data.
The method adopts feature extraction and feature matching to quickly and effectively determine the distribution position of the leaked data, and then reversely deduces the possible leakage path of the leaked data by combining the operation information of the leaked data in the corresponding database, so as to comprehensively reflect the data leakage path, thereby facilitating the subsequent and quick data tracking.
Based on the first aspect, in some embodiments of the present invention, the method for determining distribution positions of various types of data according to data characteristic information of the various types of data includes the following steps:
and matching the data characteristic information of each type of data with preset data characteristics, and inquiring a database to which each type of data belongs by adopting a matching scanning method according to the data characteristic information so as to determine the distribution positions of each type of data.
Firstly, scanning a database through prefabricated or self-defined data characteristics such as an identity card, a mobile phone number, a unified credit code, an address, a mailbox and the like by technical means such as characteristic matching, a semantic algorithm, a data model and the like, and inquiring the database to which each data characteristic belongs so as to determine the distribution condition and the position of data. And a reference basis is provided for the subsequent search of the affiliated position of the leaked data, so that the subsequent and rapid data matching is facilitated.
Based on the first aspect, in some embodiments of the present invention, the method for determining a database to which leakage data belongs according to the target data characteristics and the data distribution location information includes the following steps:
and comparing and matching the target data characteristics with the data characteristics in the data distribution position information to obtain a database corresponding to the target data characteristics so as to determine the position of the leakage data in the database.
Analyzing input or imported leaked data or data segments, and obtaining specific content of the leaked data through data characteristic similarity calculation, namely determining data characteristics of the leaked data, wherein the characteristics of the leaked data belong to an identity card, a mobile phone number, a unified credit code, an address, a mailbox and the like; and then comparing the obtained result with the result obtained by the data feature extraction module to obtain the accurate position of the leakage data in the database.
Based on the first aspect, in some embodiments of the present invention, the method for querying the database corresponding to the database to reveal the operation information of the data includes the following steps:
and automatically retrieving the access log of the database according to the position of the leaked data in the database to obtain the operation information of the leaked data.
And automatically retrieving the database access log according to the accurate position of the leaked data to obtain a possible data leakage path. The method analyzes and inquires the operation information according to time, IP address, tool name, user name, operation behavior and the like to obtain possible leakage paths, including what time, what personnel and what tool is adopted to perform what operation behavior on the leakage data, so that various paths of data leakage are comprehensively and accurately reflected, and rapid data tracing is performed in the subsequent process.
Based on the first aspect, in some embodiments of the present invention, the data leakage behavior tracing method based on the data characteristics further includes the following steps:
and generating a leakage path image according to the leakage path information, and visually displaying the leakage path image.
The database log auditing technology in the prior art also has great defects in the aspects of visualization and the like: the visualization degree is low, only the database access log information can be displayed, and the leaked context process and details cannot be visually displayed. In order to reflect the leakage path more intuitively and effectively, the leakage path image is displayed in a visual form, so that a user can view the data leakage path more intuitively and clearly.
As shown in fig. 2, in a second aspect, an embodiment of the present invention provides a data leakage behavior tracing apparatus based on data characteristics, including a data distribution module 100, a target characteristic module 200, and a tracing module 300, where:
the data distribution module 100 is configured to enter multiple types of data, determine distribution positions of the various types of data according to data feature information of the various types of data, and generate data distribution position information;
the target characteristic module 200 is configured to obtain a leaked data tracing request, and perform characteristic extraction on leaked data in the leaked data tracing request to obtain target data characteristics;
and the source tracing module 300 is configured to determine a database to which the leakage data belongs according to the target data feature and the data distribution position information, query operation information of the leakage data in the corresponding database, and generate and send leakage path information according to the operation information.
In order to quickly trace the source of the leaked data, firstly, different data are classified according to features, the data distribution module 100 determines the distribution position of each data, specifically in which corresponding database, and determines the specific position of the data in the corresponding database, so as to provide reference for subsequently searching the distribution position of the leaked data, after the data distribution positions of various types are set, when the target feature module 200 acquires the leaked data tracing request, the leaked data in the tracing request is extracted, the feature extraction is performed on the leaked data in the tracing request, the corresponding data feature, namely the target data feature is extracted, after the target data feature is extracted, the target data feature is matched and compared with the target data feature according to the distribution position information of the previously determined data, so as to acquire the database to which the target data feature belongs and the specific position of the target data in the database, the method comprises the steps of determining a database to which leaked data belongs and a specific position of the database, inquiring operation information of the leaked data in the corresponding database through the tracing module 300, generating one or more kinds of leakage path information through operation time, operators, operation behaviors, operation tools and other information in the operation information, comprehensively showing a path of data leakage, deducing the position of the data through reverse deduction, and further quickly searching the operated information of the data in the corresponding database, and further quickly deducing the leakage path of the data.
The system adopts feature extraction and feature matching to quickly and effectively determine the distribution position of the leaked data, and then reversely deduces the possible leakage path of the leaked data by combining the operation information of the leaked data in the corresponding database, so as to comprehensively reflect the data leakage path, thereby facilitating the subsequent and quick data tracking.
As shown in fig. 2, based on the second aspect, in some embodiments of the present invention, the data distribution module 100 includes a match scanning sub-module 110, configured to match data feature information of each type of data with a preset data feature, and query a database to which each type of data belongs by using a match scanning method according to the data feature information, so as to determine a distribution position of each type of data.
Firstly, scanning a database by using technical means such as feature matching, semantic algorithm, data model and the like through prefabricated or customized data features such as an identity card, a mobile phone number, a unified credit code, an address, a mailbox and the like through the matching scanning sub-module 110, and inquiring the database to which each data feature belongs so as to determine the distribution condition and the position of data. And a reference basis is provided for the subsequent search of the affiliated position of the leaked data, so that the subsequent and rapid data matching is facilitated.
Based on the second aspect, in some embodiments of the present invention, as shown in fig. 2, the tracing module 300 includes a feature matching sub-module 310, configured to compare and match the target data feature with the data feature in the data distribution location information, and obtain a database corresponding to the target data feature through matching, so as to determine a location of the leaked data in the database to which the leaked data belongs.
By analyzing the input or imported leaked data or data segments, the feature matching sub-module 310 obtains the specific content of the leaked data through data feature similarity calculation, namely, the data features of the determined data, such as the features of the leaked data belonging to an identity card, a mobile phone number, a unified credit code, an address, a mailbox and the like; and then comparing the obtained result with the result obtained by the data feature extraction module to obtain the accurate position of the leakage data in the database.
Based on the second aspect, in some embodiments of the present invention, as shown in fig. 2, the tracing module 300 includes a tracing query sub-module 320, configured to perform an automated retrieval on an access log of a database to which the leaked data belongs according to a location of the leaked data in the database, so as to obtain operation information of the leaked data.
The source tracing query submodule 320 performs automatic retrieval on the database access log according to the accurate position of the leaked data to obtain a possible data leakage path. The method analyzes and inquires the operation information according to time, IP address, tool name, user name, operation behavior and the like to obtain possible leakage paths, including what time, what personnel and what tool is adopted to perform what operation behavior on the leakage data, so that various paths of data leakage are comprehensively and accurately reflected, and rapid data tracing is performed in the subsequent process.
As shown in fig. 2, in some embodiments of the present invention, based on the second aspect, the data leakage behavior tracing apparatus based on data characteristics further includes a visualization display module 400, configured to generate a leakage path image according to the leakage path information, and visually display the leakage path image.
The database log auditing technology in the prior art also has great defects in the aspects of visualization and the like: the visualization degree is low, only the database access log information can be displayed, and the leaked context process and details cannot be visually displayed. In order to reflect the leakage path more intuitively and effectively, the visualization display module 400 is used for displaying the leakage path image in a visualization mode, so that a user can view the data leakage path more intuitively and clearly.
The above is only a preferred embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes will occur to those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
It will be evident to those skilled in the art that the present application is not limited to the details of the foregoing illustrative embodiments, and that the present application may be embodied in other specific forms without departing from the spirit or essential attributes thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the application being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned.

Claims (10)

1. A data leakage behavior tracing method based on data characteristics is characterized by comprising the following steps:
inputting various types of data, determining the distribution positions of the various types of data according to the data characteristic information of the various types of data, and generating data distribution position information;
acquiring a leakage data tracing request, and performing feature extraction on leakage data in the leakage data tracing request to obtain target data features;
and determining a database to which the leaked data belongs according to the target data characteristics and the data distribution position information, inquiring operation information of the leaked data in the corresponding database, and generating and sending leakage path information according to the operation information.
2. The data characteristic-based data leakage behavior tracing method according to claim 1, wherein the method for determining the distribution positions of various types of data according to the data characteristic information of each type of data comprises the following steps:
and matching the data characteristic information of each type of data with preset data characteristics, and inquiring a database to which each type of data belongs by adopting a matching scanning method according to the data characteristic information so as to determine the distribution positions of each type of data.
3. The data characteristic-based data leakage behavior tracing method according to claim 1, wherein the method for determining the database to which the leaked data belongs according to the target data characteristic and the data distribution location information comprises the following steps:
and comparing and matching the target data characteristics with the data characteristics in the data distribution position information to obtain a database corresponding to the target data characteristics so as to determine the position of the leakage data in the database.
4. The data characteristic-based data leakage behavior tracing method according to claim 3, wherein the method for querying operation information of leakage data in a corresponding database comprises the following steps:
and automatically retrieving the access log of the database according to the position of the leaked data in the database to obtain the operation information of the leaked data.
5. The data leakage behavior tracing method based on data characteristics according to claim 1, further comprising the steps of:
and generating a leakage path image according to the leakage path information, and visually displaying the leakage path image.
6. The utility model provides a data leakage behavior device of tracing to source based on data characteristic, its characterized in that includes data distribution module, target characteristic module and module of tracing to source, wherein:
the data distribution module is used for inputting various types of data, determining the distribution positions of various types of data according to the data characteristic information of the various types of data and generating data distribution position information;
the target characteristic module is used for acquiring a leaked data tracing request and extracting characteristics of leaked data in the leaked data tracing request to obtain target data characteristics;
and the source tracing module is used for determining a database to which the leakage data belongs according to the target data characteristics and the data distribution position information, inquiring operation information of the leakage data in the corresponding database, and generating and sending leakage path information according to the operation information.
7. The data characteristic-based data leakage behavior tracing device according to claim 6, wherein the data distribution module includes a matching scanning sub-module for matching data characteristic information of each type of data with a preset data characteristic, and querying a database to which each type of data belongs by using a matching scanning method according to the data characteristic information to determine a distribution position of each type of data.
8. The data characteristic-based data leakage behavior tracing device according to claim 6, wherein the tracing module includes a characteristic matching sub-module, which is configured to compare and match the target data characteristic with the data characteristic in the data distribution location information, and obtain a database corresponding to the target data characteristic by matching, so as to determine the location of the leakage data in the database to which the leakage data belongs.
9. The data characteristic-based data leakage behavior tracing apparatus according to claim 8, wherein the tracing module includes a tracing query submodule, configured to perform automatic retrieval on an access log of the database according to a location of the leaked data in the database, so as to obtain operation information of the leaked data.
10. The data characteristic-based data leakage behavior tracing apparatus according to claim 6, further comprising a visualization display module, configured to generate a leakage path image according to the leakage path information, and perform visualization display on the leakage path image.
CN202110131828.0A 2021-01-30 2021-01-30 Data leakage behavior tracing method and device based on data characteristics Pending CN112905857A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110131828.0A CN112905857A (en) 2021-01-30 2021-01-30 Data leakage behavior tracing method and device based on data characteristics

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110131828.0A CN112905857A (en) 2021-01-30 2021-01-30 Data leakage behavior tracing method and device based on data characteristics

Publications (1)

Publication Number Publication Date
CN112905857A true CN112905857A (en) 2021-06-04

Family

ID=76121983

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110131828.0A Pending CN112905857A (en) 2021-01-30 2021-01-30 Data leakage behavior tracing method and device based on data characteristics

Country Status (1)

Country Link
CN (1) CN112905857A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114077722A (en) * 2021-10-20 2022-02-22 深信服科技股份有限公司 Data leakage tracking method and device, electronic equipment and computer storage medium
CN115906135A (en) * 2022-12-28 2023-04-04 深圳乐信软件技术有限公司 Tracing method and device for target data leakage path, electronic equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108133138A (en) * 2017-12-21 2018-06-08 北京明朝万达科技股份有限公司 A kind of sensitive information source tracing method of leakage, device and system
CN109992936A (en) * 2017-12-31 2019-07-09 ***通信集团河北有限公司 Data source tracing method, device, equipment and medium based on data watermark
CN111435384A (en) * 2019-01-14 2020-07-21 阿里巴巴集团控股有限公司 Data security processing and data tracing method, device and equipment
CN111898100A (en) * 2020-06-17 2020-11-06 新浪网技术(中国)有限公司 Code leakage tracing method and device and terminal equipment

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108133138A (en) * 2017-12-21 2018-06-08 北京明朝万达科技股份有限公司 A kind of sensitive information source tracing method of leakage, device and system
CN109992936A (en) * 2017-12-31 2019-07-09 ***通信集团河北有限公司 Data source tracing method, device, equipment and medium based on data watermark
CN111435384A (en) * 2019-01-14 2020-07-21 阿里巴巴集团控股有限公司 Data security processing and data tracing method, device and equipment
CN111898100A (en) * 2020-06-17 2020-11-06 新浪网技术(中国)有限公司 Code leakage tracing method and device and terminal equipment

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114077722A (en) * 2021-10-20 2022-02-22 深信服科技股份有限公司 Data leakage tracking method and device, electronic equipment and computer storage medium
CN115906135A (en) * 2022-12-28 2023-04-04 深圳乐信软件技术有限公司 Tracing method and device for target data leakage path, electronic equipment and storage medium
CN115906135B (en) * 2022-12-28 2024-03-19 深圳乐信软件技术有限公司 Tracing method and device for target data leakage path, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
CN110807085B (en) Fault information query method and device, storage medium and electronic device
CN109947949A (en) Knowledge information intelligent management, device and server
CN112905857A (en) Data leakage behavior tracing method and device based on data characteristics
CN111859046A (en) Water pollution tracing system and method based on pollution element source analysis
Malik et al. The Importance of Text Mining for Services Management
CN111105150A (en) Project risk analysis system
CN107330076B (en) Network public opinion information display system and method
CN110851630A (en) Management system and method for deep learning labeled samples
CN114419631A (en) Network management virtual system based on RPA
CN111078988B (en) Electric power service information hotspot retrieval method and device and electronic equipment
CN112631889A (en) Portrayal method, device and equipment for application system and readable storage medium
CN104240107B (en) Community data screening system and method thereof
CN112269956A (en) Method and device for presenting agricultural big data search results based on machine learning engine
CN112200547A (en) Laboratory science data management system
Bilad et al. Industry 4.0 tools in the industrial sector: A Systematic Literature Review
CN116452212A (en) Intelligent customer service commodity knowledge base information management method and system
CN115828243A (en) Static code flow analysis method based on scanning scheme
CN115860548A (en) SaaS one-stop platform management method, system and medium based on big data
CN112365248B (en) Method and system for analyzing digital currency transaction path
CN113127465A (en) Data fusion method and system
CN115344661A (en) Equipment halt diagnosis method and device, electronic equipment and storage medium
CN107346329B (en) Data processing method and device
CN111611322A (en) User information correlation method and system
CN117009609B (en) Visual management method for sample library
CN116707834B (en) Distributed big data evidence obtaining and analyzing platform based on cloud storage

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination