CN117478364A - Transmission anti-disclosure method and system based on enterprise research and development core data - Google Patents
Transmission anti-disclosure method and system based on enterprise research and development core data Download PDFInfo
- Publication number
- CN117478364A CN117478364A CN202311335391.8A CN202311335391A CN117478364A CN 117478364 A CN117478364 A CN 117478364A CN 202311335391 A CN202311335391 A CN 202311335391A CN 117478364 A CN117478364 A CN 117478364A
- Authority
- CN
- China
- Prior art keywords
- data
- enterprise
- core data
- development
- research
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 238000012827 research and development Methods 0.000 title claims abstract description 129
- 230000005540 biological transmission Effects 0.000 title claims abstract description 90
- 238000000034 method Methods 0.000 title claims abstract description 40
- 238000004891 communication Methods 0.000 claims abstract description 31
- 238000005516 engineering process Methods 0.000 claims abstract description 31
- 230000006870 function Effects 0.000 claims abstract description 11
- 238000012545 processing Methods 0.000 claims abstract description 10
- 238000007726 management method Methods 0.000 claims description 51
- 238000004422 calculation algorithm Methods 0.000 claims description 49
- 238000012544 monitoring process Methods 0.000 claims description 44
- 238000012795 verification Methods 0.000 claims description 44
- 230000006399 behavior Effects 0.000 claims description 27
- 238000004458 analytical method Methods 0.000 claims description 24
- 206010000117 Abnormal behaviour Diseases 0.000 claims description 17
- 238000011161 development Methods 0.000 claims description 16
- 230000004044 response Effects 0.000 claims description 15
- 238000010801 machine learning Methods 0.000 claims description 14
- 230000002159 abnormal effect Effects 0.000 claims description 13
- 238000007637 random forest analysis Methods 0.000 claims description 12
- 230000002787 reinforcement Effects 0.000 claims description 12
- 230000000694 effects Effects 0.000 claims description 11
- 230000007246 mechanism Effects 0.000 claims description 11
- 230000000737 periodic effect Effects 0.000 claims description 11
- 244000035744 Hura crepitans Species 0.000 claims description 10
- 238000012550 audit Methods 0.000 claims description 9
- 230000008569 process Effects 0.000 claims description 8
- 238000001514 detection method Methods 0.000 claims description 7
- 238000004364 calculation method Methods 0.000 claims description 6
- 238000003066 decision tree Methods 0.000 claims description 6
- 238000012360 testing method Methods 0.000 claims description 6
- 238000002955 isolation Methods 0.000 claims description 5
- 230000035945 sensitivity Effects 0.000 claims description 5
- SLXKOJJOQWFEFD-UHFFFAOYSA-N 6-aminohexanoic acid Chemical compound NCCCCCC(O)=O SLXKOJJOQWFEFD-UHFFFAOYSA-N 0.000 claims description 3
- 230000006978 adaptation Effects 0.000 claims description 3
- 238000011160 research Methods 0.000 claims description 3
- 239000000725 suspension Substances 0.000 claims description 2
- 238000003860 storage Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 6
- 238000004590 computer program Methods 0.000 description 4
- 238000011217 control strategy Methods 0.000 description 2
- 238000007418 data mining Methods 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 239000004065 semiconductor Substances 0.000 description 2
- 238000007619 statistical method Methods 0.000 description 2
- 238000012549 training Methods 0.000 description 2
- 238000013528 artificial neural network Methods 0.000 description 1
- 230000004888 barrier function Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 230000001815 facial effect Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
- 230000003340 mental effect Effects 0.000 description 1
- 238000005065 mining Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
- 238000002360 preparation method Methods 0.000 description 1
- 238000012216 screening Methods 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000012706 support-vector machine Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/168—Implementing security features at a particular protocol layer above the transport layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3231—Biological data, e.g. fingerprint, voice or retina
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3249—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Life Sciences & Earth Sciences (AREA)
- Biodiversity & Conservation Biology (AREA)
- Biomedical Technology (AREA)
- General Health & Medical Sciences (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to the technical field of digital information transmission, and particularly discloses a transmission anti-disclosure method and system based on enterprise research and development core data, wherein the method comprises the following steps: the method comprises the steps of deploying an MCK on a server operated by enterprise research and development core data, deploying an SDC on an enterprise employee terminal by adopting a virtualization technology, and setting a network policy and access rights according to enterprise requirements; according to the invention, the functions of avoiding extranet attacks and stealing enterprise research and development data are realized by arranging the MCK and the staff terminal on hardware equipment operated by the enterprise research and development core data transmission anti-disclosure system, arranging the SDC on the server, establishing enterprise VPN communication transmission data information and establishing a trusted environment for enterprise data transmission, and by adopting the core data identification module, the sensitive identification and identification functions of the enterprise research and development core data are increased and the core data dynamic encryption processing of the identification data dynamic encryption module is combined.
Description
Technical Field
The invention relates to the technical field of digital information transmission, in particular to a transmission anti-disclosure method and system based on enterprise research and development core data.
Background
Along with the continuous development of technology informatization technology, many mechanical manufacturing enterprises combine intelligent digital-to-analog technology, insert edited programs into hardware equipment to run, so that manufactured products have intelligent, intelligent and automatic running, and enterprises always need to invest money cost, time and technical schemes created by staff mental when developing software data matched with the products, so that research and development data of core teams of the enterprises are important, and are important for enterprise development and product manufacturing, and the research and development data of the core teams of the enterprises need to be strictly controlled in the communication transmission process, so that the phenomena of invasion of external hackers and leakage of internal staff are avoided.
In the prior art, although there are methods and systems for preventing secret leakage in the transmission of enterprise research and development core data, including setting an encryption algorithm for data transmission, performing end-to-end encryption transmission on data by using an encryption protocol and a security protocol, adopting a secure communication protocol, or performing authentication on personnel in the enterprise, and establishing rights management and access control policies, there are still limitations and limitations in the communication transmission of enterprise research and development core data, and the secret leakage of enterprise research and development core data can be perceived by exposing the enterprise research and development core data for a period of time, so that the sensitivity and monitoring timeliness of monitoring the enterprise research and development core data are poor, for example, the insufficient consideration of data classification and identification, the non-comprehensive balance between security and convenience, the non-innovation of encryption algorithm curing mode, the failure of real-time monitoring and detection during data transmission, the non-security of network communication protocol, the non-authentication and the slow iteration speed of optimization and updating of protection measures all cause the problem that the research and development core data is leaked in the transmission process, and the cost of monitoring and the enterprise research and development core data is not lost in time.
Disclosure of Invention
Technical problem to be solved
Aiming at the defects of the prior art, the invention provides a transmission anti-leakage method and a transmission anti-leakage system based on enterprise research and development core data, wherein the server deploys an MCK and an employee terminal deploys an SDC on hardware equipment of an enterprise operation network and a data transmission system, and utilizes enterprise VPN communication to transmit data information, so as to establish an enterprise trusted environment.
In order to achieve the above purpose, the invention is realized by the following technical scheme: the transmission anti-disclosure method based on enterprise research and development core data comprises the following steps:
s1, deploying an MCK on a server operated by enterprise research and development core data, deploying an SDC on an enterprise employee terminal by adopting a virtualization technology, and setting a network policy and access rights according to enterprise requirements;
S2, establishing a data identification model on a server operated by enterprise research and development data, performing sensitive identification and identification on the research and development core data by using a core data identification module, and distinguishing the core data by using a metadata marking method;
s3, the dynamic encryption module of the identification data adopts a hybrid encryption algorithm to carry out real-time encryption and decryption operation processing on the research and development core data of the identified enterprise, and carries out enterprise internal office, resource sharing and data transmission through an enterprise private network technology;
s4, an authorized employee terminal meeting the requirements of enterprise set network policies and access rights still needs to implement a multiple identity authentication mechanism to access, download and transmit the core data of the encrypted identifier;
s5, a safety monitoring and detecting management module adopts a random forest algorithm in a behavior analysis and machine learning technology to monitor and detect safety events and abnormal behaviors of enterprise research and development core data in the transmission process between the server and the employee terminal in real time.
Further, the MCK is based on a trusted computing technology, performs mirror image snapshot on a transmission anti-disclosure system of enterprise research and development core data by establishing a secure container, saves independent entities of enterprise files, configuration and application programs, performs signature reinforcement on a host operating system and the application programs, and performs verification audit on access of data to be transmitted; the SDC is configured and operated in a customized mode according to the requirements and targets of a specific enterprise operation system, and provides a virtualization environment for safely testing and isolating malicious activities, so that enterprise staff and users of the mobile terminal can operate application programs and codes related to research and development data in an isolated container, and observe and analyze the behaviors of the application programs and the codes.
Further, the data identification model classifies research and development data in a large data environment of enterprise research and development data, classifies the research and development data according to the value of the enterprise research and development data, the importance degree of business influence, the confidentiality of the data and the integrity of available data, classifies the data according to the sensitivity degree in the data use process, adopts the UEBA analysis model to carry out safety protection on the classification result as enterprise research and development core data, and particularly establishes a behavior benchmark of normal input and output of the enterprise core data by analyzing the behavior mode, access mode and authority use information of enterprise staff and entities through the UEBA model, and identifies, analyzes and warns the behaviors which are inconsistent with the benchmark.
Further, the private network technology is that an enterprise establishes an encryption isolation network specific to enterprise VPN communication on the basis of a public network, provides a safe and reliable internal communication and resource sharing environment for the enterprise, combines an encryption technology and an access control mechanism to protect confidentiality and integrity of research and development core data of the enterprise, and establishes the VPN of the enterprise as follows: a1, configuring a VPN server;
a2, configuring a VPN employee terminal;
a3, authentication and encryption;
And A4, configuring VPN routing.
Further, the random forest algorithm is a classification and regression algorithm for classifying enterprise core data by constructing a plurality of decision trees, and the calculation formula is as followsWherein t is i Is decision tree, t i Prob (x) is the prediction of the ith tree to x, the output is the prediction probability of the enterprise research and development core data in each input and output category, k is the forest rule number, x is the input and output frequency characteristic quantity of the given enterprise research and development core data between the server and the employee terminal, and y is the probability prediction mean value of each tree;
the random forest is trained by a model and is given with characteristic weight, and the calculation formula given with the characteristic weight is as followsWherein s is a feature score, s i Scoring vector of input and output characteristics of each core data for ith tree, and s i =[s 1 ,s 2 ,…,s i ]I.e. s i Counting the number of nodes which are split into input and output characteristics of the enterprise research and development core data between a server and staff terminals in all trees of a random forest;
judging security events and abnormal behaviors in the process of transmitting enterprise research and development core data by setting a threshold, namely setting a threshold range of probability prediction mean value y and feature score s, and then y E [ y ] min ,y max ],s∈[s min ,s max ]When the probability prediction mean y or the feature score s exceeds the threshold value, judging that the behavior is abnormal; comprehensively evaluating the scores S of the input and output characteristics between the server and the employee terminals by combining a plurality of enterprise research and development core data, weighting and summing the scores S of the characteristics to obtain a comprehensive score S, and setting S epsilon S again min ,S max ]Further judging whether the input and output of the enterprise research and development core data between the server and the employee terminal are abnormal behaviors, wherein the higher the feature weight is, the more important the core data in the enterprise research and development data is, and the greater the influence on decision results is.
Further, the method comprises the steps of: the MCK is deployed in hardware server equipment for transmitting the operation of the anti-disclosure system;
SDC sand box management and control terminal module: an SDC sandbox is deployed in enterprise employee terminal equipment and is connected with an MCK reinforcement server module in an end-to-end manner through a virtual network VPN;
the core data identification module: receiving research and development data of the MCK reinforcement server module, classifying, identifying and marking core data, and transmitting the marked data to the marking data dynamic encryption module for data encryption processing;
identification data dynamic encryption module: receiving enterprise research and development core data identified by the core data identification module, adopting a dynamic encryption algorithm to the enterprise research and development core data, and carrying out communication transmission on the enterprise research and development core data processed by the encryption algorithm through a VPN technology in an enterprise VPN communication module;
enterprise VPN communication module: transmitting the enterprise research and development core data encrypted by the identification data dynamic encryption module to an enterprise employee terminal, wherein multiple identity verification is required by a user of the enterprise employee terminal;
Multiple identity verification modules: the terminal user adopts a plurality of different verification factors to carry out identity verification;
the safety monitoring and detection management module: abnormal behaviors, security events and threats of input and output of enterprise core data in the transmission anti-disclosure system are monitored and detected in real time, and corresponding management and response measures are adopted.
Further, the core data identification module comprises definition sensitive data, scan analysis data, classification and marking data, verification core data and periodic scan update core data,
the definition sensitive data is the enterprise research and development data, and is sensitively defined according to the scientific research cost, investment proportion, operation effect, product adaptation degree, function effect, privacy degree, industry standard and industry standard of business requirement;
the scanning analysis data is characterized in that a machine learning algorithm is adopted to scan, search and identify the characteristics of the sensitive data for the enterprise research and development data after the sensitive data are defined;
the classifying and marking data is used for classifying and identifying the core data identified in the enterprise research and development data;
the verification core data is used for further analyzing and verifying abnormal behaviors of data transmission by combining the times and environments of data input and output of enterprise research and development;
The periodic scanning updating core data is a data scanning and updating mechanism for setting periodic time intervals, and the periodic scanning and updating are carried out on enterprise research and development data identified by classification and classification.
Further, the identification data dynamic encryption module comprises a mixed encryption rule making, dynamic encryption and key management; the limiting encryption criterion for formulating the hybrid encryption rule is that the enterprise research and development core data are respectively subjected to a symmetric encryption algorithm and an asymmetric encryption algorithm after being identified according to hierarchical classification, namely the sensitive data of the hierarchical identification adopts an AES encryption algorithm; and adopting an RSA encryption algorithm to the sensitive data of the classified identification.
Further, the multiple identity verification module comprises user name password verification, biological characteristic verification, token verification and short message/mail verification.
Further, the security monitoring and detecting management module comprises a security event monitoring unit, a log management analysis unit, a threat information vulnerability management unit, a real-time alarm response unit and a real-time monitoring management unit for data transmission;
the security event monitoring unit is used for monitoring the security event of intrusion attempt, malicious software attack and abnormal access behaviors in the transmission anti-disclosure system in real time;
The log management analysis unit is used for collecting, storing and analyzing log data of the system and the application program and comprehensively analyzing security events and abnormal conditions;
the threat information vulnerability management unit is used for collecting and evaluating threat information and system vulnerabilities from internal and external sources and managing security patches;
the real-time alarm response unit generates alarm notification and takes corresponding automatic response measures such as log recording, data access suspension or limitation, audit flow triggering and the like when a safety event or abnormal activity is detected;
the real-time monitoring management unit for data transmission is used for monitoring and managing the input and output of enterprise research and development core data in a server and a terminal in real time.
The invention provides a transmission anti-disclosure method and a transmission anti-disclosure system based on enterprise research and development core data, which have the following beneficial effects:
according to the invention, the MCK and the staff terminal are deployed on the hardware equipment operated by the transmission anti-leakage system of the enterprise research and development core data, the SDC is deployed by the server, the enterprise VPN communication transmission data information is established, the trusted environment of the enterprise data transmission is established, the functions of avoiding extranet attack and stealing the enterprise research and development data are realized, the sensitive identification and identification functions of the enterprise research and development core data are increased by adopting the core data identification module, the core data dynamic encryption processing of the identification data dynamic encryption module is combined, the anti-leakage stability of the enterprise research and development core data transmission is further increased, the multiple identity verification module is arranged, the limit use of the enterprise internal authority is increased, the information leakage is avoided, and the multiple encryption anti-leakage protection effect of the enterprise research and development core data transmission process is achieved.
Drawings
Fig. 1 is a flowchart of a method for preventing disclosure of transmission based on enterprise development core data according to the present invention.
Fig. 2 is a schematic diagram of a server deployment MCK and a terminal deployment SDC sandbox of the present invention.
Fig. 3 is a block diagram of the transmission anti-disclosure system based on enterprise development core data of the present invention.
Fig. 4 is a schematic diagram of a core data identifier module according to the present invention.
Fig. 5 is a schematic diagram of an identification data dynamic encryption module according to the present invention.
Fig. 6 is a schematic diagram of a multiple authentication module according to the present invention.
Fig. 7 is a schematic diagram of a security monitoring and detection management module according to the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Example 1
Referring to fig. 1-2, the present invention provides a transmission anti-disclosure method based on enterprise research and development core data, comprising the following steps:
S1, deploying an MCK on a server operated by enterprise research and development core data, deploying an SDC on an enterprise employee terminal by adopting a virtualization technology, and setting a network policy and access rights according to enterprise requirements;
according to the enterprise environment and the requirements, the enterprise employee terminals which can contact the enterprise development core data definitely protect the development core data, namely, the deployment targets are determined; then ensuring that the enterprise employee terminal has a virtualization technology, carrying out corresponding configuration and preparation on the terminal, and then installing SDC software on a core server and carrying out corresponding configuration; limiting access rights of enterprise staff, and establishing a security isolation environment for the SDC to ensure that external network attacks cannot directly contact core data; and finally, after the deployment of the enterprise employee terminal is completed, ensuring the safety and performance of the data by optimizing and adjusting the system, and verifying the functionality and safety of the SDC by testing, so as to protect the enterprise research and development core data from the threat of malicious software and network attack.
S2, establishing a data identification model on a server operated by enterprise research and development data, performing sensitive identification and identification on the research and development core data by using a core data identification module, and distinguishing the core data by using a metadata marking method;
S3, the dynamic encryption module of the identification data adopts a hybrid encryption algorithm to carry out real-time encryption and decryption operation processing on the research and development core data of the identified enterprise, and carries out enterprise internal office, resource sharing and data transmission through an enterprise private network technology;
s4, an authorized employee terminal meeting the requirements of enterprise set network policies and access rights still needs to implement a multiple identity authentication mechanism to access, download and transmit the core data of the encrypted identifier;
s5, a safety monitoring and detecting management module adopts a random forest algorithm in a behavior analysis and machine learning technology to monitor and detect safety events and abnormal behaviors of enterprise research and development core data in the transmission process between the server and the employee terminal in real time.
In a preferred embodiment, the MCK is based on a trusted computing technology, and performs mirror image snapshot on a transmission anti-disclosure system of enterprise research and development core data by establishing a secure container, and saves separate entities of enterprise files, configuration and application programs, performs signature reinforcement on a host operating system and application programs, and performs verification audit on access of data to be transmitted, thereby preventing illegal data use, enhancing security of a computer network and an information system, detecting, preventing and eliminating malicious software, helping enterprises defend malicious software and network attacks, wherein the deployment step of an MCK reinforcement server comprises system requirement assessment, installation and configuration, database and log configuration, network interface configuration and deployment strategy and rule, and is used for supporting reliable and secure server environment of the enterprise research and development core data transmission anti-disclosure system, providing a stable operation platform for the system, and having functions of data transmission encryption and decryption, user identity verification and authority management, data transmission monitoring and audit, real-time alarm and response, and log recording and analysis; the SDC is configured and operated in a customized manner according to the requirements and targets of a specific enterprise operation system, provides a virtualized environment for security testing and malicious activity isolation, enables enterprise staff and users of the mobile terminal to operate application programs and codes related to research and development data in an isolated container, observes and analyzes the behaviors of the application programs and codes, is used for detecting and preventing potential security threats, and has the functions of analyzing malicious software, testing loopholes, security audit and compliance.
In a preferred embodiment, the data recognition model classifies research and development data in a large data environment of enterprise research and development data in a grading manner, and adopts a keyword matching algorithm, a regular expression, a machine learning algorithm or a context analysis algorithm, wherein the keyword matching algorithm is used for detecting whether the text contains sensitive data or not through the keyword matching algorithm by using a predefined sensitive word library such as codes; the regular expression is a mode of matching by using a regular expression pattern, and sensitive data conforming to a specific pattern is searched; the machine learning algorithm is to train a model by using the machine learning algorithm, and identify potentially sensitive data of enterprise development data; the context analysis algorithm is a manual identification mode for carrying out semantic analysis by combining text information; the method comprises the steps of carrying out specific mode and feature training on known sensitive data and non-sensitive data, classifying the known sensitive data, automatically identifying and marking the sensitive data, specifically further screening the identified sensitive data, classifying the sensitive data according to the value of enterprise research and development data, the importance degree of business influence, the confidentiality of the data and the integrity of available data, classifying the data according to the sensitivity degree in the data using process, and carrying out safety protection on the classified result as enterprise research and development core data by adopting a UEBA analysis model for detecting marked abnormity and potential safety threat of the enterprise core data, wherein the UEBA model is a large data analysis and machine learning technology, and is used for establishing a normal behavior model by collecting, analyzing and comparing a large amount of information of behavior modes, access modes and authority use of enterprise staff and entities, detecting abnormal activities deviated from the normal behavior model, providing alarms and reports for detecting and identifying abnormal behaviors of users and entities so as to help defend network attacks and internal threats, analyzing user behaviors, analyzing entity correlations and integrating threat information.
In a preferred embodiment, the private network technology is that an enterprise establishes an encrypted isolation network specific to VPN communication of the enterprise on the basis of a public network, which can provide a secure and reliable internal communication and resource sharing environment for the enterprise, and then combines the encryption technology and an access control mechanism to protect confidentiality and integrity of research and development core data of the enterprise, and the steps of establishing VPN of the enterprise are as follows: a1, configuring a VPN server: configuring a server specially used as an entrance and an exit of VPN in an enterprise internal network and a server running system operation, wherein the server is responsible for processing all VPN connection requests and encrypted communication in the enterprise;
a2, configuring VPN employee terminals: the VPN client software used for establishing and managing the connection with the VPN server is installed and configured on the enterprise employee terminal equipment, the VPN client software is an application program which provides a user interface, enables a user to conveniently configure and control the VPN connection and perform identity verification and encrypted communication, and can use a socket library in python to establish the VPN connection, and the editing codes are as follows:
importsocket
IP address and port number of a# VPN server
server_ip= 'IP address of VPN server'
server_port=vpn server port number
IP address and port number of# local monitor
local_ip='0.0.0.0'
local_port=1234
# create local socket object
local_socket=socket.socket(socket.AF_INET,socket.SOCK_STREAM)local_socket.bind((local_ip,local_port))
local_socket.listen(1)
print (f 'local socket starts listening { local_ip }: { local_port }.,')
whileTrue:
# waiting client connection
client_socket,client_addr=local_socket.accept()
print (f 'establishes a connection with client { client_addr [0] }: { client_addr [1] }) and') # connects to VPN server
vpn_socket=socket.socket(socket.AF_INET,socket.SOCK_STREAM)vpn_socket.connect((server_ip,server_port))
print (f' establishes a connection with VPN server { server_ip }: { server_port })
# initiate data forwarding thread: reading data from the client and sending to VPN server deffforward_client_to_vpn ():
whileTrue:
data=client_socket.recv(1024)
ifnotdata:
break vpn_socket.sendall(data)
client_socket.close()
print ('disconnected from client')
# initiate data forwarding thread: reading data from VPN server and sending to client
defforward_vpn_to_client():
whileTrue:
data=vpn_socket.recv(1024)
ifnotdata:
break
client_socket.sendall(data)
vpn_socket.close()
print ('disconnected from VPN server')
# initiate two data forwarding threads
fromthreadingimportThread
Thread(target=forward_client_to_vpn).start()
Thread(target=forward_vpn_to_client).start();
A3, authentication and encryption: when establishing VPN connection, the identity of the enterprise employee terminal needs to be verified, so that only authorized users can access the enterprise network, the VPN encrypts communication data by using an encryption algorithm, and the safe transmission of the data is ensured;
a4, configuring VPN routing: the routing tables of the enterprise network devices are configured to ensure that VPN traffic is properly transported and routed to the target locations.
In a preferred embodiment, the behavior analysis and machine learning technology is to perform deep data mining on the behavior patterns and features of historical data and existing information developed by enterprises, and perform prediction processing by using a statistical and machine learning method; wherein, the behavior analysis and machine learning techniques can be any one of random forest, support vector machine, neural network, naive Bayes and shrinkage inference tree, and are not specifically limited herein, and the computer has the ability of learning and improving from data, and is used for inputting core data of enterprise research and development The output behavior is monitored, identified, analyzed and processed, and the output of enterprise core data is predicted, judged and decision blocked, wherein the data mining is a technology for mining valuable information from big data, including classification, clustering and association rules; statistics is to identify regular trends and modes through statistical analysis of historical data, and predict the future; machine learning is to predict by training a model and using various algorithms; the random forest algorithm is a classification and regression algorithm for constructing a plurality of decision trees to carry out enterprise core data, and the calculation formula is as followsWherein t is i Is decision tree, t i Prob (x) is the prediction of the ith tree to x, the output is the prediction probability of the enterprise research and development core data in each input and output category, k is the forest rule number, x is the input and output frequency characteristic quantity of the given enterprise research and development core data between the server and the employee terminal, y is the probability prediction mean value of each tree, the random forest is trained by a model and is given with characteristic weight, and the calculation formula given with the characteristic weight isWherein s is a feature score, s i Scoring vector of input and output characteristics of each core data for ith tree, and s i =[s 1 ,s 2 ,…,s i ]I.e. s i Counting the number of nodes which are split into input and output characteristics of the enterprise research and development core data between a server and staff terminals in all trees of a random forest; judging security events and abnormal behaviors in the process of transmitting enterprise research and development core data by setting a threshold, namely setting a threshold range of probability prediction mean value y and feature score s, and then y E [ y ] min ,y max ],s∈[s min ,s max ]Wherein, when the probability prediction mean y or the feature score s exceeds the threshold value, the abnormal behavior is judged, and the comprehensive evaluation is carried out by combining the scores s of the input and output features of a plurality of enterprise research and development core data between the server and the employee terminalEstimating, weighting and summing the scores S of all the features to obtain a comprehensive score S, and setting S epsilon S again min ,S max ]Further judging whether the input and output of the enterprise research and development core data between the server and the employee terminal are abnormal behaviors, wherein the higher the feature weight is, the more important the core data in the enterprise research and development data is, and the greater the influence on decision results is.
Example 2
Referring to fig. 3-7, the present invention provides a transmission anti-disclosure system based on enterprise development core data, which is further disclosed in embodiment 1, and includes an MCK reinforcement server module: the method comprises the steps that an MCK is deployed in hardware server equipment for transmitting the anti-disclosure system to operate, the transmission safety of research and development core data of an enterprise operating on a host is reinforced, network flow and file transmission can be monitored in real time, the transmission of malicious software is detected and prevented by using a malicious software feature recognition technology, a server for deploying the MCK can automatically alarm to notify and trigger corresponding quick response measures when the malicious software or other security threats are detected according to preset security policies and rules, and security event logs can be recorded and stored, and detailed security reports are generated for monitoring and decision-making by enterprise security supervision teams and management layer personnel;
SDC sand box management and control terminal module: an SDC sandbox is deployed in enterprise employee terminal equipment and is connected with an MCK reinforcement server module in an end-to-end manner through a virtual network VPN for detecting and preventing potential security threats in a transmission anti-disclosure system, malicious codes and application program test samples are required to be prepared and run in the SDC sandbox, the behavior of the test samples is monitored in real time, and the characteristics and the behavior of malicious activities are analyzed, so that the security risks in the transmission anti-disclosure system are evaluated, and a detailed attack chain and suggested countermeasure report is generated;
the core data identification module: receiving research and development data of the MCK reinforcement server module, classifying, identifying and marking core data, performing data demanding on big data generated in the server, customizing and adjusting according to data characteristics, evaluating and judging characteristics and weight of sensitive information in enterprise research and development data, and transmitting the marked data to the identification data dynamic encryption module for data encryption processing;
identification data dynamic encryption module: receiving enterprise research and development core data identified by the core data identification module, adopting a dynamic encryption algorithm for preventing unauthorized access and transmission leakage, and carrying out communication transmission on the enterprise research and development core data processed by the encryption algorithm through a VPN technology in an enterprise VPN communication module;
Enterprise VPN communication module: the end-to-end interconnection and communication are safely realized through the internet technology, the safety and the privacy of communication data are protected through encryption and tunnel transmission in the communication transmission process, the safety and the leak resistance of the transmission data are ensured again when the communication is transmitted, particularly, enterprise research and development core data encrypted by an identification data dynamic encryption module are transmitted to an enterprise employee terminal, but multiple identity verification is required to be carried out on users of the enterprise employee terminal through multiple identity verification modules, and the safety of the transmission of the communication data is ensured layer by layer;
multiple identity verification modules: the enterprise VPN communication module transmits enterprise research and development core data to the function detection barrier of the SDC sandbox management and control terminal module, and is used for verifying by adopting a plurality of different verification factors when the terminal user performs identity verification, so as to improve the credibility and safety of the identity of the staff terminal user;
the safety monitoring and detection management module: the method comprises the steps of monitoring and detecting a server in an MCK reinforcement server module and an SDC sandbox management terminal module, hardware equipment of the terminal, monitoring and detecting abnormal behaviors, security events and threats of input and output of enterprise core data in a transmission anti-disclosure system in real time, taking corresponding management and response measures, including alarming, logging, suspending or limiting data access, triggering management and control measures of an audit process, and periodically reviewing and evaluating comprehensive monitoring results to optimize management and control strategies, wherein the management and control strategies are used for monitoring and managing the effectiveness of the transmission anti-disclosure system and guaranteeing the security transmission of research and development core data of enterprises.
In a preferred embodiment, the core data identification module includes defining sensitive data, scanning analysis data, sorting and tagging data, validating core data, and periodic scanning update core data; the definition sensitive data is to define enterprise research and development data sensitively according to scientific research cost, investment proportion, operation effect, product adaptation degree, function effect, privacy degree, industry standard and industry standard of business requirement; the scanning analysis data is characterized in that a machine learning algorithm is adopted to scan, search and identify the characteristics of the sensitive data for the enterprise research and development data after the sensitive data are defined; classifying and marking data is to perform classified identification and classified identification on core data identified in enterprise research and development data, and the classified identification is used for dividing the sensitivity degree and the security level of the data; the verification core data is used for further analyzing and verifying abnormal behaviors of data transmission by combining the times and the environment of data input and output of enterprise research and development, and is used for monitoring normal input and output of the enterprise core data so as to avoid leakage and theft; the periodic scanning updating of the core data is a data scanning and updating mechanism for setting periodic time intervals, and the enterprise research and development data of the grading and classifying identification are periodically scanned and updated so as to maintain the accuracy and timeliness of the core data identification, including timely finding new sensitive data types and changes in the later period, and carrying out corresponding identification and marking.
In a preferred embodiment, the identification data dynamic encryption module includes formulating hybrid encryption rules, dynamic encryption and key management; the method comprises the steps of formulating a hybrid encryption rule, namely setting multiple encryption algorithms of AES, RSA and ECC based on the security requirement level of core data developed by enterprises, and intelligently and automatically matching the identification data with a proper encryption algorithm and a corresponding key for effectively protecting the security and privacy of the data; dynamic encryption is to automatically carry out personalized encryption or decryption operation on different data or data transmission according to actual conditions without intervention of a user, and has flexibility and safety; key management is to perform security management on key generation, distribution, storage and update; the encryption method comprises the steps of setting encryption rules, namely sensitive data classification, selecting an encryption algorithm, setting encryption conditions, setting access control, formulating a data protection strategy, managing keys and establishing a monitoring and auditing mechanism, so that the reliability, the effectiveness and the convenience of encryption are ensured; the limiting encryption criterion of the hybrid encryption rule is that the enterprise research and development core data are respectively subjected to a symmetric encryption algorithm and an asymmetric encryption algorithm according to the hierarchical classification identification, namely the sensitive data of the hierarchical identification are encrypted by adopting an AES encryption algorithm, so that the encryption and decryption speed is high, and the method is suitable for encrypting large data volume of the enterprise core data; the classified marked sensitive data adopts an RSA encryption algorithm, so that the security is higher, and the anti-disclosure risk of the encrypted enterprise core data is reduced in transmission.
In a preferred embodiment, the multiple identity verification module includes username-password verification, biometric verification, token verification, and short message/mail verification; user name password verification is to verify the correctness of a real name password provided by an end user; biometric authentication is the identification and authentication of biometric information of the end user's fingerprint, facial recognition or iris scan; token authentication is authentication using a physical or virtual token; the short message/mail verification is to send verification code or authentication link to the terminal user and to require the terminal user to perform feedback verification, and to use different verification factors in combination to improve the credibility and security of the terminal user identity when the terminal user is authenticated.
In a preferred embodiment, the security monitoring and detection management module comprises a security event monitoring unit, a log management analysis unit, a threat information vulnerability management unit, a real-time alarm response unit and a real-time monitoring management unit for data transmission; the security event monitoring unit is used for monitoring security events such as intrusion attempts, malicious software attacks, abnormal access behaviors and the like in the transmission anti-disclosure system in real time and is used for identifying and monitoring abnormal activities; the log management analysis unit is used for collecting, storing and analyzing log data of the system and the application program, comprehensively analyzing safety events and abnormal conditions, and is used for centrally managing and analyzing the log data to find potential safety problems; the threat information vulnerability management unit is used for collecting and evaluating threat information from internal and external sources, grasping known vulnerabilities and threats in time and detecting vulnerability information in time to carry out security patches so as to reduce security risks; the real-time alarm response unit is used for generating an alarm in time and taking corresponding response measures when detecting a safety event or abnormal activity, and is used for sending an alarm notification, triggering an automatic response mechanism, investigating the event and taking proper relieving measures; the data transmission real-time monitoring management unit is used for carrying out real-time monitoring and management on the transmission of the enterprise research and development core data, wherein the monitoring and management comprises the steps of monitoring network flow, detecting and encrypting data packets and controlling access and management authorities, and is used for constructing a comprehensive real-time monitoring and management system, guaranteeing the safety transmission of the core data, updating and maintaining safety equipment in time, adopting a proper safety strategy, and carrying out safety audit and exercise regularly so as to improve the safety and effectiveness of the data transmission.
The above embodiments may be implemented in whole or in part by software, hardware, firmware, or any other combination. When implemented in software, the above-described embodiments may be implemented in whole or in part in the form of a computer program product. The computer program product comprises one or more computer instructions or computer programs. When the computer instructions or computer program are loaded or executed on a computer, the processes or functions described in accordance with the embodiments of the present application are all or partially produced. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be transmitted from one website site, computer, server, or data center to another website site, computer, server, or data center by wired (e.g., infrared, wireless, microwave, etc.). The computer readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that contains one or more sets of available media. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium. The semiconductor medium may be a solid state disk.
The technical solution of the present application may be embodied in essence or a part contributing to the prior art or a part of the technical solution, in the form of a software product stored in a storage medium, including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the method described in the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a read-only memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, or other various media capable of storing program codes.
Finally: the above units and algorithm steps of the examples described in the embodiments of the present invention can be implemented by electronic hardware, or by a combination of computer software and electronic hardware, and are not intended to limit the present invention, but any modification, equivalent, improvement, etc. within the spirit and principle of the present invention, which are within the technical scope of the present disclosure, will be included in any person skilled in the art.
Claims (10)
1. The transmission anti-disclosure method based on enterprise research and development core data is characterized by comprising the following steps: the method comprises the following steps:
s1, deploying an MCK on a server operated by enterprise research and development core data, deploying an SDC on an enterprise employee terminal by adopting a virtualization technology, and setting a network policy and access rights according to enterprise requirements;
s2, establishing a data identification model on a server operated by enterprise research and development data, performing sensitive identification and identification on the research and development core data by using a core data identification module, and distinguishing the core data by using a metadata marking method;
s3, the dynamic encryption module of the identification data adopts a hybrid encryption algorithm to carry out real-time encryption and decryption operation processing on the research and development core data of the identified enterprise, and carries out enterprise internal office, resource sharing and data transmission through an enterprise private network technology;
s4, an authorized employee terminal meeting the requirements of enterprise set network policies and access rights still needs to implement a multiple identity authentication mechanism to access, download and transmit the core data of the encrypted identifier;
s5, a safety monitoring and detecting management module adopts a random forest algorithm in a behavior analysis and machine learning technology to monitor and detect safety events and abnormal behaviors of enterprise research and development core data in the transmission process between the server and the employee terminal in real time.
2. The method for preventing disclosure of transmission based on enterprise development core data according to claim 1, wherein: the MCK is based on a trusted computing technology, performs mirror snapshot on a transmission anti-disclosure system of enterprise research and development core data by establishing a secure container, saves independent entities of enterprise files, configuration and application programs, performs signature reinforcement on a host operating system and the application programs, and performs verification audit on access of data to be transmitted; the SDC is configured and operated in a customized mode according to the requirements and targets of a specific enterprise operation system, and provides a virtualization environment for safely testing and isolating malicious activities, so that enterprise staff and users of the mobile terminal can operate application programs and codes related to research and development data in an isolated container, and observe and analyze the behaviors of the application programs and the codes.
3. The method for preventing disclosure of transmission based on enterprise development core data according to claim 2, wherein: the data identification model classifies research and development data in a large data environment of enterprise research and development data in a grading manner according to the value of the enterprise research and development data, the importance degree of business influence, the confidentiality of the data and the integrity of available data, classifies the data according to the sensitivity degree in the data use process, adopts a UEBA analysis model to carry out safety protection on the grading result as enterprise research and development core data, and particularly establishes a behavior benchmark of normal input and output of the enterprise core data by analyzing the behavior modes, access modes and authority use information of enterprise staff and entities through the UEBA model, and identifies, analyzes and warns the behaviors which are inconsistent with the benchmark.
4. The method for preventing disclosure of transmission based on enterprise development core data according to claim 3, wherein: the private network technology is that an enterprise establishes an encryption isolation network specific to enterprise VPN communication on the basis of a public network, provides safe and reliable internal communication and resource sharing environment for the enterprise, combines an encryption technology and an access control mechanism to protect confidentiality and integrity of research and development core data of the enterprise, and establishes the VPN of the enterprise as follows: a1, configuring a VPN server;
a2, configuring a VPN employee terminal;
a3, authentication and encryption;
and A4, configuring VPN routing.
5. The method for preventing disclosure of transmission based on enterprise development core data according to claim 4, wherein: the random forest algorithm is a classification and regression algorithm for constructing a plurality of decision trees to carry out enterprise core data, and the calculation formula is as followsWherein t is i Is decision tree, t i Prob (x) is the prediction of the ith tree to x, the output is the prediction probability of the enterprise research and development core data in each input and output category, k is the forest rule number, x is the input and output frequency characteristic quantity of the given enterprise research and development core data between the server and the employee terminal, and y is the probability prediction mean value of each tree;
The random forest is trained by a model and is given with characteristic weight, and the calculation formula given with the characteristic weight is as followsWherein s is a feature score, s i Scoring vector of input and output characteristics of each core data for ith tree, and s i =[s 1 ,s 2 ,…,s i ]I.e. s i Is a statistical division in all trees of a random forestThe node quantity of input and output characteristics of the enterprise research and development core data between the server and the employee terminal is split;
judging security events and abnormal behaviors in the process of transmitting enterprise research and development core data by setting a threshold, namely setting a threshold range of probability prediction mean value y and feature score s, and then y E [ y ] min ,y max ],s∈[s min ,s max ]When the probability prediction mean y or the feature score s exceeds the threshold value, judging that the behavior is abnormal; comprehensively evaluating the scores S of the input and output characteristics between the server and the employee terminals by combining a plurality of enterprise research and development core data, weighting and summing the scores S of the characteristics to obtain a comprehensive score S, and setting S epsilon S again min ,S max ]Further judging whether the input and output of the enterprise research and development core data between the server and the employee terminal are abnormal behaviors, wherein the higher the feature weight is, the more important the core data in the enterprise research and development data is, and the greater the influence on decision results is.
6. The transmission anti-disclosure system based on enterprise research and development core data is applied to the transmission anti-disclosure method based on enterprise research and development core data according to any one of claims 1 to 5, and is characterized in that: the method comprises the following steps of: the MCK is deployed in hardware server equipment for transmitting the operation of the anti-disclosure system;
SDC sand box management and control terminal module: an SDC sandbox is deployed in enterprise employee terminal equipment and is connected with an MCK reinforcement server module in an end-to-end manner through a virtual network VPN;
the core data identification module: receiving research and development data of the MCK reinforcement server module, classifying, identifying and marking core data, and transmitting the marked data to the marking data dynamic encryption module for data encryption processing;
identification data dynamic encryption module: receiving enterprise research and development core data identified by the core data identification module, adopting a dynamic encryption algorithm to the enterprise research and development core data, and carrying out communication transmission on the enterprise research and development core data processed by the encryption algorithm through a VPN technology in an enterprise VPN communication module;
enterprise VPN communication module: transmitting the enterprise research and development core data encrypted by the identification data dynamic encryption module to an enterprise employee terminal, wherein multiple identity verification is required by a user of the enterprise employee terminal;
Multiple identity verification modules: the terminal user adopts a plurality of different verification factors to carry out identity verification;
the safety monitoring and detection management module: abnormal behaviors, security events and threats of input and output of enterprise core data in the transmission anti-disclosure system are monitored and detected in real time, and corresponding management and response measures are adopted.
7. The enterprise development core data based transmission anti-disclosure system of claim 6, wherein: the core data identification module comprises definition sensitive data, scan analysis data, classification and marking data, verification core data and periodic scan update core data,
the definition sensitive data is the enterprise research and development data, and is sensitively defined according to the scientific research cost, investment proportion, operation effect, product adaptation degree, function effect, privacy degree, industry standard and industry standard of business requirement;
the scanning analysis data is characterized in that a machine learning algorithm is adopted to scan, search and identify the characteristics of the sensitive data for the enterprise research and development data after the sensitive data are defined;
the classifying and marking data is used for classifying and identifying the core data identified in the enterprise research and development data;
The verification core data is used for further analyzing and verifying abnormal behaviors of data transmission by combining the times and environments of data input and output of enterprise research and development;
the periodic scanning updating core data is a data scanning and updating mechanism for setting periodic time intervals, and the periodic scanning and updating are carried out on enterprise research and development data identified by classification and classification.
8. The enterprise development core data based transmission anti-disclosure system of claim 7, wherein: the identification data dynamic encryption module comprises the steps of formulating a hybrid encryption rule, dynamic encryption and key management; the limiting encryption criterion for formulating the hybrid encryption rule is that the enterprise research and development core data are respectively subjected to a symmetric encryption algorithm and an asymmetric encryption algorithm after being identified according to hierarchical classification, namely the sensitive data of the hierarchical identification adopts an AES encryption algorithm; and adopting an RSA encryption algorithm to the sensitive data of the classified identification.
9. The enterprise development core data based transmission anti-disclosure system of claim 8, wherein: the multiple identity verification module comprises user name password verification, biological characteristic verification, token verification and short message/mail verification.
10. The enterprise development core data based transmission anti-disclosure system of claim 9, wherein: the security monitoring and detecting management module comprises a security event monitoring unit, a log management analysis unit, a threat information vulnerability management unit, a real-time alarm response unit and a real-time monitoring management unit for data transmission;
The security event monitoring unit is used for monitoring the security event of intrusion attempt, malicious software attack and abnormal access behaviors in the transmission anti-disclosure system in real time;
the log management analysis unit is used for collecting, storing and analyzing log data of the system and the application program and comprehensively analyzing security events and abnormal conditions;
the threat information vulnerability management unit is used for collecting and evaluating threat information and system vulnerabilities from internal and external sources and managing security patches;
the real-time alarm response unit generates alarm notification and takes corresponding automatic response measures such as log recording, data access suspension or limitation, audit flow triggering and the like when a safety event or abnormal activity is detected;
the real-time monitoring management unit for data transmission is used for monitoring and managing the input and output of enterprise research and development core data in a server and a terminal in real time.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311335391.8A CN117478364A (en) | 2023-10-16 | 2023-10-16 | Transmission anti-disclosure method and system based on enterprise research and development core data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311335391.8A CN117478364A (en) | 2023-10-16 | 2023-10-16 | Transmission anti-disclosure method and system based on enterprise research and development core data |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117478364A true CN117478364A (en) | 2024-01-30 |
Family
ID=89630279
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311335391.8A Withdrawn CN117478364A (en) | 2023-10-16 | 2023-10-16 | Transmission anti-disclosure method and system based on enterprise research and development core data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117478364A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN118018332A (en) * | 2024-04-09 | 2024-05-10 | 山东慧贝行信息技术有限公司 | Machine learning-based network data leakage early warning system and method thereof |
-
2023
- 2023-10-16 CN CN202311335391.8A patent/CN117478364A/en not_active Withdrawn
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN118018332A (en) * | 2024-04-09 | 2024-05-10 | 山东慧贝行信息技术有限公司 | Machine learning-based network data leakage early warning system and method thereof |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Gera et al. | Dominant feature selection and machine learning‐based hybrid approach to analyze android ransomware | |
| Salem et al. | A survey of insider attack detection research | |
| CN114978584A (en) | Network security protection safety method and system based on unit cell | |
| Sandhu et al. | A survey of intrusion detection & prevention techniques | |
| CN117081868B (en) | Network security operation method based on security policy | |
| Repalle et al. | Intrusion detection system using ai and machine learning algorithm | |
| CN115314286A (en) | Safety guarantee system | |
| Araya et al. | Anomaly-based cyberattacks detection for smart homes: A systematic literature review | |
| Grover et al. | A Review on Block chain and Data Mining Based Data Security Methods | |
| Bin Ahmad et al. | Using genetic algorithm to minimize false alarms in insider threats detection of information misuse in windows environment | |
| CN113422776A (en) | Active defense method and system for information network security | |
| CN117708880A (en) | Intelligent security processing method and system for banking data | |
| Adeleke | Intrusion detection: issues, problems and solutions | |
| CN117675274A (en) | Data center system based on SOAR | |
| Agrawal et al. | A SURVEY ON ATTACKS AND APPROACHES OF INTRUSION DETECTION SYSTEMS. | |
| Moharamkhani et al. | Intrusion detection system based firefly algorithm‐random forest for cloud computing | |
| Hakkoymaz | Classifying database users for intrusion prediction and detection in data security | |
| KR102377784B1 (en) | Network security system that provides security optimization function of internal network | |
| CN117478364A (en) | Transmission anti-disclosure method and system based on enterprise research and development core data | |
| Deep et al. | Prevention and Detection of Intrusion in Cloud Using Hidden Markov Model | |
| Kishore et al. | Intrusion Detection System a Need | |
| Saeed et al. | Machine learning based intrusion detection system in cloud environment | |
| Guelzim et al. | Formal methods of attack modeling and detection | |
| Malek et al. | GUI-based user behavior intrusion detection | |
| Agrawal et al. | A review on intrusion detection system based data mining techniques |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20240130 |
|
| WW01 | Invention patent application withdrawn after publication |