[go: up one dir, main page]

CN109063487A - A kind of cloud service information leakage detection method and system - Google Patents

A kind of cloud service information leakage detection method and system Download PDF

Info

Publication number
CN109063487A
CN109063487A CN201810863196.5A CN201810863196A CN109063487A CN 109063487 A CN109063487 A CN 109063487A CN 201810863196 A CN201810863196 A CN 201810863196A CN 109063487 A CN109063487 A CN 109063487A
Authority
CN
China
Prior art keywords
cloud
customer
service
page
client
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201810863196.5A
Other languages
Chinese (zh)
Inventor
段安婧
江柳
其他发明人请求不公开姓名
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Changsha Topology Lu Chuan New Mstar Technology Ltd
Original Assignee
Changsha Topology Lu Chuan New Mstar Technology Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Changsha Topology Lu Chuan New Mstar Technology Ltd filed Critical Changsha Topology Lu Chuan New Mstar Technology Ltd
Priority to CN201810863196.5A priority Critical patent/CN109063487A/en
Publication of CN109063487A publication Critical patent/CN109063487A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention discloses a kind of cloud service information leakage detection method, at least part of the method is by including that the calculating equipment of at least one processor executes, which comprises identifies service based on cloud, provides remote software service for customer organization;The customer list using service based on cloud is extracted from the publicly accessible page of service based on cloud;The link of at least one to the customer page in service based on cloud, the method for the remote software service that chained representation client access is provided by service based on cloud are retrieved for each client in customer list;Analyze each at least one risk factors of identified customer page;According to the risk score of analytical calculation service, which indicates to estimate the overall of the security risk for the customer organization for using service based on cloud.

Description

A kind of cloud service information leakage detection method and system
Technical field
The present invention relates to cloud service field of information security technology, detect in particular to a kind of cloud service information leakage Method and system.
Background technique
The client in user environment is a variety of despite the use of at present prevents reversible, and the method for anti-debugging prevents privacy of user from believing Breath leakage, the anti-source code leakage of client and the main method for avoiding the important informations such as key from leaking are to pass through in the prior art:
Code obfuscation: by the code of application by replacement variable, increase some identical variations, the modes such as change sequence allow Source code is unreadable;Shell adding: the binary file of client is replaced, and is packaged, and some binary system protection are inserted directly into;Add It is close: important content is prevented from directly exposing password by modes such as encryptions;Anti-debug: it is examined by starting the process mutually supervised It surveys to apply and itself whether be debugged.
However, the method for the current anti-information leakage is mainly defensive approach, i.e., by increase the difficulty cracked come Reduce a possibility that important informations such as the source code of client are intercepted and captured by attacker.However, defensive approach can not avoid letter completely Breath leakage, as long as client, which stays in attacker's hand, the sufficiently long time, still can inevitably suffer from the life being cracked Fortune, client save important information as key etc. can if be compromised away.
Summary of the invention
The invention proposes a kind of cloud service information leakage detection method, at least part of the method is by including at least The calculating equipment of one processor executes, which comprises
It identifies service based on cloud, provides remote software service for customer organization;
The customer list using service based on cloud is extracted from the publicly accessible page of service based on cloud;
The link of at least one to the customer page in service based on cloud is retrieved for each client in customer list, it should The method for the remote software service that chained representation client access is provided by service based on cloud;
Analyze each at least one risk factors of identified customer page;
According to the risk score of analytical calculation service, which is indicated to the customer organization for using service based on cloud Security risk overall estimation.
The method, wherein the risks and assumptions for analyzing the customer page include determining that the customer page includes following At least one of:
Telephone number;
E-mail address;
Be directed toward the link of other customer pages, the customer page indicate that client accesses that service based on cloud provides other are remote The other methods of journey software service;
It is directed toward the link of the spare customer page of other services based on cloud;
It has been confirmed as the information with the associated client-aware of customer page;
A kind of encrypted form that customer page uses.
The method, wherein the risks and assumptions for analyzing the customer page include: that retrieval is associated with customer page Hypertext transfer protocol (HTTP) header;Analyze the hypertext transfer protocol head of risk factors;Retrieve the customer page Link includes identifying the tissue specific sub-domains of the service based on cloud.
The method, further includes: at subsequent time point:
Retrieve each client in customer list, the customer page being linked in service based on cloud;
Subsequent analysis is carried out to understand risk factors to each customer page retrieved;
According to subsequent analysis, the risk score of more new demand servicing.
The method identifies that the service based on cloud includes:
Search for the public page of customer organization;
The public page face for determining customer organization includes at least one of the following:
It is directed toward the link of the subdomain of service based on cloud;
Approval to service based on cloud.
The method, further includes: for the particular customer of service based on cloud:
It determines other services based on cloud, additional remote software service is provided for client;
For other each identified services based on cloud, other customer pages are analyzed, these customer pages represent visitor The method that family accesses other remote software services that other services based on cloud provide;
Unified customer risk score is calculated for the client of service based on cloud, the fraction representation is across each clothes based on cloud It is engaged in estimating the overall of security risk of client.
A kind of cloud service information leakage detection system, the system include:
Identification module stored in memory identifies to customer organization and provides the clothes based on cloud of remote software service Business;
Extraction module stored in memory is extracted from the publicly accessible page of service based on cloud and is used The list of the client of service based on cloud;
Retrieval module stored in memory is retrieved for each client in customer list to service based on cloud Customer page at least one link, the method for remote software service that chained representation client access is provided by client;
Analysis module stored in memory, analyze the customer page of each identification with obtain at least one risk because Son;
Computing module stored in memory is indicated to utilizing base based on the risk score of analytical calculation service In the overall estimation of the security risk of the client tissue of the service of cloud;
At least one processor executes identification module, extraction module, retrieval module, analysis module and computing module.
The system, the analysis module are analyzed by the way that the determination customer page includes at least one of the following The risk factors of the customer page:
Telephone number;
E-mail address;
Be directed toward the link of other customer pages, the customer page indicate that client accesses that service based on cloud provides other are remote The other methods of journey software service;
It is directed toward the link of the spare customer page of other services based on cloud;
It has been confirmed as the information with the associated client-aware of customer page;
A kind of encrypted form that customer page uses.
The system, analysis module analyze the risk factors of customer page in the following manner:
Retrieve hypertext transfer protocol (HTTP) header associated with customer page;
Analyze the hypertext transfer protocol head of risk factors.
The system, the retrieval module are retrieved by identifying the tissue specific sub-domains of the service based on cloud The link of the customer page;At subsequent time point:
Retrieval module retrieves the link of the customer page in service based on cloud for each client in customer list;
Analysis module executes subsequent analysis to each customer page retrieved to find risk factors;
Computing module is according to the risk score of subsequent analysis more new demand servicing;The identification module identifies base in the following manner In the service of cloud:
Search for the public page of customer organization;
The public page face for determining customer organization includes at least one of the following:
It is directed toward the link of the subdomain of service based on cloud;
Approval to service based on cloud;
Identification module identifies other services based on cloud, and additional remote software service is provided for client;
For the additional service based on cloud of each identification, analysis module analysis indicates that client's access is based on by additional The additional client page of the method for the additional long-range software service that the service of cloud provides;
Computing module is that the client of service based on cloud calculates unified customer risk score, and the fraction representation is across each base The overall of security risk of client is estimated in the service of cloud.
Detailed description of the invention
From following description with reference to the accompanying drawings it will be further appreciated that the present invention.Component in figure is not drawn necessarily to scale, But it focuses on and shows in the principle of embodiment.In the figure in different views, identical appended drawing reference is specified to be corresponded to Part.
Fig. 1 is a kind of schematic diagram of cloud service information leakage detection method of the invention.
Specific embodiment
In order to enable the objectives, technical solutions, and advantages of the present invention are more clearly understood, below in conjunction with embodiment, to this Invention is further elaborated;It should be appreciated that described herein, the specific embodiments are only for explaining the present invention, and does not have to It is of the invention in limiting.To those skilled in the art, after access is described in detail below, other systems of the present embodiment System, method and/or feature will become obvious.All such additional systems, method, feature and advantage are intended to be included in It in this specification, is included within the scope of the invention, and by the protection of the appended claims.In description described in detail below The other feature of the disclosed embodiments, and these characteristic roots will be apparent according to described in detail below.
The invention proposes a kind of cloud service information leakage detection method, at least part of the method is by including at least The calculating equipment of one processor executes, which comprises
It identifies service based on cloud, provides remote software service for customer organization;
The customer list using service based on cloud is extracted from the publicly accessible page of service based on cloud;
The link of at least one to the customer page in service based on cloud is retrieved for each client in customer list, it should The method for the remote software service that chained representation client access is provided by service based on cloud;
Analyze each at least one risk factors of identified customer page;
According to the risk score of analytical calculation service, which is indicated to the customer organization for using service based on cloud Security risk overall estimation.
The method, wherein the risks and assumptions for analyzing the customer page include determining that the customer page includes following At least one of:
Telephone number;
E-mail address;
Be directed toward the link of other customer pages, the customer page indicate that client accesses that service based on cloud provides other are remote The other methods of journey software service;
It is directed toward the link of the spare customer page of other services based on cloud;
It has been confirmed as the information with the associated client-aware of customer page;
A kind of encrypted form that customer page uses.
The method, wherein the risks and assumptions for analyzing the customer page include: that retrieval is associated with customer page Hypertext transfer protocol (HTTP) header;Analyze the hypertext transfer protocol head of risk factors;Retrieve the customer page Link includes identifying the tissue specific sub-domains of the service based on cloud.
The method, further includes: at subsequent time point:
Retrieve each client in customer list, the customer page being linked in service based on cloud;
Subsequent analysis is carried out to understand risk factors to each customer page retrieved;
According to subsequent analysis, the risk score of more new demand servicing.
The method identifies that the service based on cloud includes:
Search for the public page of customer organization;
The public page face for determining customer organization includes at least one of the following:
It is directed toward the link of the subdomain of service based on cloud;
Approval to service based on cloud.
The method, further includes: for the particular customer of service based on cloud:
It determines other services based on cloud, additional remote software service is provided for client;
For other each identified services based on cloud, other customer pages are analyzed, these customer pages represent visitor The method that family accesses other remote software services that other services based on cloud provide;
Unified customer risk score is calculated for the client of service based on cloud, the fraction representation is across each clothes based on cloud It is engaged in estimating the overall of security risk of client.
A kind of cloud service information leakage detection system, the system include:
Identification module stored in memory identifies to customer organization and provides the clothes based on cloud of remote software service Business;
Extraction module stored in memory is extracted from the publicly accessible page of service based on cloud and is used The list of the client of service based on cloud;
Retrieval module stored in memory is retrieved for each client in customer list to service based on cloud Customer page at least one link, the method for remote software service that chained representation client access is provided by client;
Analysis module stored in memory, analyze the customer page of each identification with obtain at least one risk because Son;
Computing module stored in memory is indicated to utilizing base based on the risk score of analytical calculation service In the overall estimation of the security risk of the client tissue of the service of cloud;
At least one processor executes identification module, extraction module, retrieval module, analysis module and computing module.
The system, the analysis module are analyzed by the way that the determination customer page includes at least one of the following The risk factors of the customer page:
Telephone number;
E-mail address;
Be directed toward the link of other customer pages, the customer page indicate that client accesses that service based on cloud provides other are remote The other methods of journey software service;
It is directed toward the link of the spare customer page of other services based on cloud;
It has been confirmed as the information with the associated client-aware of customer page;
A kind of encrypted form that customer page uses.
The system, analysis module analyze the risk factors of customer page in the following manner:
Retrieve hypertext transfer protocol (HTTP) header associated with customer page;
Analyze the hypertext transfer protocol head of risk factors.
The system, the retrieval module are retrieved by identifying the tissue specific sub-domains of the service based on cloud The link of the customer page;At subsequent time point:
Retrieval module retrieves the link of the customer page in service based on cloud for each client in customer list;
Analysis module executes subsequent analysis to each customer page retrieved to find risk factors;
Computing module is according to the risk score of subsequent analysis more new demand servicing;The identification module identifies base in the following manner In the service of cloud:
Search for the public page of customer organization;
The public page face for determining customer organization includes at least one of the following:
It is directed toward the link of the subdomain of service based on cloud;
Approval to service based on cloud;
Identification module identifies other services based on cloud, and additional remote software service is provided for client;
For the additional service based on cloud of each identification, analysis module analysis indicates that client's access is based on by additional The additional client page of the method for the additional long-range software service that the service of cloud provides;
Computing module is that the client of service based on cloud calculates unified customer risk score, and the fraction representation is across each base The overall of security risk of client is estimated in the service of cloud.
Although describing the present invention by reference to various embodiments above, but it is to be understood that of the invention not departing from In the case where range, many changes and modifications can be carried out.Therefore, be intended to foregoing detailed description be considered as it is illustrative and It is unrestricted, and it is to be understood that following following claims (including all equivalents) is intended to limit spirit and model of the invention It encloses.The above embodiment is interpreted as being merely to illustrate the present invention rather than limit the scope of the invention.It is reading After the content of record of the invention, technical staff can be made various changes or modifications the present invention, these equivalence changes and Modification equally falls into the scope of the claims in the present invention.

Claims (10)

1. a kind of cloud service information leakage detection method, which is characterized in that at least part of the method is by including at least one The calculating equipment of a processor executes, which comprises
It identifies service based on cloud, provides remote software service for customer organization;
The customer list using service based on cloud is extracted from the publicly accessible page of service based on cloud;
The link of at least one to the customer page in service based on cloud, the link are retrieved for each client in customer list The method for indicating the remote software service that client's access is provided by service based on cloud;
Analyze each at least one risk factors of identified customer page;
According to the risk score of analytical calculation service, which indicates the peace to the customer organization for using service based on cloud The overall estimation of full blast danger.
2. the method according to claim 1, wherein the risks and assumptions for wherein analyzing the customer page include true The fixed customer page includes at least one of the following:
Telephone number;
E-mail address;
Be directed toward the link of other customer pages, the customer page indicate that client accesses that service based on cloud provides other are long-range soft The other methods of part service;
It is directed toward the link of the spare customer page of other services based on cloud;
It has been confirmed as the information with the associated client-aware of customer page;
A kind of encrypted form that customer page uses.
3. the method according to claim 1, wherein the risks and assumptions for wherein analyzing the customer page include: Retrieve hypertext transfer protocol (HTTP) header associated with customer page;Analyze the hypertext transfer protocol of risk factors Head;The link for retrieving the customer page includes identifying the tissue specific sub-domains of the service based on cloud.
4. the method as described in claim 1, which is characterized in that further include: at subsequent time point:
Retrieve each client in customer list, the customer page being linked in service based on cloud;
Subsequent analysis is carried out to understand risk factors to each customer page retrieved;
According to subsequent analysis, the risk score of more new demand servicing.
5. the method according to claim 1, wherein the identification service based on cloud includes:
Search for the public page of customer organization;
The public page face for determining customer organization includes at least one of the following:
It is directed toward the link of the subdomain of service based on cloud;
Approval to service based on cloud.
6. the method as described in claim 1, which is characterized in that further include: for the particular customer of service based on cloud:
It determines other services based on cloud, additional remote software service is provided for client;
For other each identified services based on cloud, other customer pages are analyzed, these customer pages represent client's visit The method for asking other other remote software services that service based on cloud provides;
Unified customer risk score is calculated for the client of service based on cloud, the fraction representation is across each service pair based on cloud The overall estimation of the security risk of client.
7. a kind of cloud service information leakage detection system, which is characterized in that the system includes:
Identification module stored in memory identifies to customer organization and provides the service based on cloud of remote software service;
Extraction module stored in memory extracts use from the publicly accessible page of service based on cloud and is based on The list of the client of the service of cloud;
Retrieval module stored in memory is retrieved for each client in customer list to the visitor in service based on cloud At least one link of the family page, the method for the remote software service that chained representation client access is provided by client;
Analysis module stored in memory analyzes the customer page of each identification to obtain at least one risks and assumptions;
Computing module stored in memory is indicated based on the risk score of analytical calculation service to using based on cloud Service client tissue security risk overall estimation;
At least one processor executes identification module, extraction module, retrieval module, analysis module and computing module.
8. system as claimed in claim 7, which is characterized in that the analysis module by determine the customer page include with At least one of lower risk factors to analyze the customer page:
Telephone number;
E-mail address;
Be directed toward the link of other customer pages, the customer page indicate that client accesses that service based on cloud provides other are long-range soft The other methods of part service;
It is directed toward the link of the spare customer page of other services based on cloud;
It has been confirmed as the information with the associated client-aware of customer page;
A kind of encrypted form that customer page uses.
9. system as claimed in claim 7, which is characterized in that analysis module analyzes the risk of customer page in the following manner Factor:
Retrieve hypertext transfer protocol (HTTP) header associated with customer page;
Analyze the hypertext transfer protocol head of risk factors.
10. system as claimed in claim 9, which is characterized in that the retrieval module is by identifying the service based on cloud Tissue specific sub-domains retrieve the link of the customer page;At subsequent time point:
Retrieval module retrieves the link of the customer page in service based on cloud for each client in customer list;
Analysis module executes subsequent analysis to each customer page retrieved to find risk factors;
Computing module is according to the risk score of subsequent analysis more new demand servicing;The identification module is identified in the following manner based on cloud Service:
Search for the public page of customer organization;
The public page face for determining customer organization includes at least one of the following:
It is directed toward the link of the subdomain of service based on cloud;
Approval to service based on cloud;
Identification module identifies other services based on cloud, and additional remote software service is provided for client;
For the additional service based on cloud of each identification, analysis module analysis indicates client's access by additional based on cloud The additional client page of the method for the additional long-range software service provided is provided;
Computing module is that the client of service based on cloud calculates unified customer risk score, which is based on cloud across each Service the overall of the security risk of client is estimated.
CN201810863196.5A 2018-08-01 2018-08-01 A kind of cloud service information leakage detection method and system Withdrawn CN109063487A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810863196.5A CN109063487A (en) 2018-08-01 2018-08-01 A kind of cloud service information leakage detection method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810863196.5A CN109063487A (en) 2018-08-01 2018-08-01 A kind of cloud service information leakage detection method and system

Publications (1)

Publication Number Publication Date
CN109063487A true CN109063487A (en) 2018-12-21

Family

ID=64832244

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810863196.5A Withdrawn CN109063487A (en) 2018-08-01 2018-08-01 A kind of cloud service information leakage detection method and system

Country Status (1)

Country Link
CN (1) CN109063487A (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103763117A (en) * 2011-12-31 2014-04-30 华茂云天科技(北京)有限公司 Service and operation management system
CN104079568A (en) * 2014-06-27 2014-10-01 东湖软件产业股份有限公司 Method and system for preventing file leakage based on cloud storage technology
US9973525B1 (en) * 2016-06-14 2018-05-15 Symantec Corporation Systems and methods for determining the risk of information leaks from cloud-based services

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103763117A (en) * 2011-12-31 2014-04-30 华茂云天科技(北京)有限公司 Service and operation management system
CN104079568A (en) * 2014-06-27 2014-10-01 东湖软件产业股份有限公司 Method and system for preventing file leakage based on cloud storage technology
US9973525B1 (en) * 2016-06-14 2018-05-15 Symantec Corporation Systems and methods for determining the risk of information leaks from cloud-based services

Similar Documents

Publication Publication Date Title
CN110399925B (en) Account risk identification method, device and storage medium
JP6814017B2 (en) Computer implementation systems and methods that automatically identify attributes for anonymization
CN105590055B (en) Method and device for identifying user credible behaviors in network interaction system
ES2808954T3 (en) Procedure and device for use in risk management of application information
CN109690547A (en) For detecting the system and method cheated online
CN114117311A (en) Data access risk detection method and device, computer equipment and storage medium
CN117421753A (en) Dynamic data desensitizing method, device, electronic equipment and computer storage medium
CN112347457A (en) Abnormal account detection method and device, computer equipment and storage medium
CN117097571A (en) Method, system, device and medium for detecting network transmission sensitive data
CN117633783A (en) Attack defense method and device of database, storage medium and electronic equipment
CN110839003A (en) Method and device for identifying number stealing behavior, computer equipment and storage medium
CN115544558A (en) Sensitive information detection method and device, computer equipment and storage medium
CN110955890B (en) Method and device for detecting malicious batch access behaviors and computer storage medium
US20230133033A1 (en) System and method for processing a data subject rights request using biometric data matching
Wang et al. The danger of minimum exposures: Understanding cross-App information leaks on iOS through multi-side-channel learning
CN113395268A (en) Online and offline fusion-based web crawler interception method
CN116305130B (en) Dual-system intelligent switching method, system and medium based on system environment recognition
CN109063487A (en) A kind of cloud service information leakage detection method and system
Ban et al. Augmenting Android Malware Using Conditional Variational Autoencoder for the Malware Family Classification.
CN112528330B (en) Log scanning method, device and equipment
CN114143105B (en) Source tracing method and device for network air threat behavior bodies, electronic equipment and storage medium
CN114360085A (en) A method for identifying cheating in attendance, service system and terminal device thereof
KR20230077960A (en) Method and apparatus for encrypting confidention information based on artificial intelligence
CN114090650A (en) Sample data identification method and device, electronic equipment and storage medium
CN117708806B (en) Security authentication risk detection method, system, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20181221