Summary of the invention
For addressing the above problem, the invention provides a kind of definite method and system of the event that leaks, leak for solving prior art that the confirmation of event not only easily makes mistakes but also operating efficiency is low.
For this reason, the invention provides a kind of definite method of the event that leaks, described definite method comprises: from event to be determined, extract metadata; Described metadata is mated with the data in metadatabase; If the success of the Data Matching in described metadata and metadatabase, determines that described event to be determined is the event of leaking.
Preferably, before the described step of extracting metadata from event to be determined, comprise: the strategy of described event to be determined is mated with the strategy in violation policy library; If the strategy of described event to be determined is successful with the strategy matching in violation policy library, determine that described event to be determined is the event of leaking; If the strategy of described event to be determined is unsuccessful with the strategy matching in violation policy library, described in carrying out, from event to be determined, extract the step of metadata.
Preferably, described definite method also comprises: if the Data Matching in described metadata and metadatabase is unsuccessful, described event to be determined is mated with the event of leaking leaking in event base; If described event to be determined and the event matches success that leaks leaking in event base, determine that described event to be determined is the event of leaking.
Preferably, described definite method also comprises: if the Data Matching in described metadata and metadatabase is unsuccessful, the strategy of described event to be determined is mated with the strategy in violation policy library; If the strategy of described event to be determined is successful with the strategy matching in violation policy library, determine that described event to be determined is the event of leaking.
Preferably, described definite method also comprises: if the strategy of described event to be determined is unsuccessful with the strategy matching in violation policy library, described event to be determined is mated with the event of leaking leaking in event base; If described event to be determined and the event matches success that leaks leaking in event base, determine that described event to be determined is the event of leaking.
Preferably, described definite method also comprises: the metadata of extracting data assets storehouse forms described metadatabase.
Preferably, described definite method also comprises: form policy library in violation of rules and regulations according to predefined violation strategy.
Preferably, described definite method also comprises: form according to the event that leaks of manual confirmation the event base that leaks.
The present invention also provides the one event fixed system really that leaks, and described definite system comprises: extraction unit, for extracting metadata from event to be determined; The first matching unit, for mating described metadata with the data of metadatabase; The first determining unit, time determines that described event to be determined is the event of leaking for the Data Matching success when described metadata and metadatabase.
Preferably, described definite system also comprises: the second matching unit, for the strategy of described event to be determined is mated with the strategy of violation policy library; The second determining unit, for determining that described event to be determined is the event of leaking when the strategy matching success of the strategy of described event to be determined and policy library in violation of rules and regulations.
Preferably, described definite system also comprises: the 3rd matching unit, for described event to be determined being mated with the event of leaking leaking in event base in the time that the Data Matching of described metadata and metadatabase is unsuccessful; The 3rd determining unit, for time determining that described event to be determined is the event of leaking when described event to be determined and the event matches success that leaks of the event base that leaks.
Preferably, described definite system also comprises: the 4th matching unit, for the strategy of described event to be determined being mated with the strategy in policy library in violation of rules and regulations in the time that the Data Matching of described metadata and metadatabase is unsuccessful; The 4th determining unit, for determining that described event to be determined is the event of leaking when the strategy matching success of the strategy of described event to be determined and policy library in violation of rules and regulations.
Preferably, described definite system also comprises: the 5th matching unit, for described event to be determined being mated with the event of leaking leaking in event base when the strategy of described event to be determined and when the strategy matching of policy library is unsuccessful in violation of rules and regulations; The 5th determining unit, for time determining that described event to be determined is the event of leaking when described event to be determined and the event matches success that leaks of the event base that leaks.
The present invention has following beneficial effect:
In definite method and system of the event that leaks provided by the invention, the metadata of extracting from event to be determined is mated with the data in metadatabase, thereby determine whether event to be determined is the event of leaking.Metadata based on event to be determined is identified automatically to the event of leaking, thereby has reduced the workload of manual confirmation, has improved accuracy and operating efficiency.
Embodiment
For making those skilled in the art understand better technical scheme of the present invention, below in conjunction with accompanying drawing, definite method and system of the event that leaks provided by the invention is described in detail.
The flow chart of definite method of a kind of event that leaks that Fig. 1 provides for the embodiment of the present invention one.As shown in Figure 1, described method comprises:
Step 101, the strategy of described event to be determined is mated with the strategy in policy library in violation of rules and regulations, if perform step 104 when the strategy matching success in the strategy of described event to be determined and policy library in violation of rules and regulations, if the strategy of described event to be determined performs step 102 when unsuccessful with strategy matching in policy library in violation of rules and regulations.
Optionally, before step 101, form policy library in violation of rules and regulations according to predefined violation strategy.In the present embodiment, described strategy is that content-based sensitive data discovery technique is formulated and formed, and wherein the recognition correct rate of part strategy is high especially, once event violates to be determined this part strategy, described event to be determined must be the event of leaking.For example, the recognition correct rate of data fingerprint strategy is just very high.Data fingerprint is the unique digital fragment generating according to target data, thereby data fingerprint has the unique characteristic of the original target data content of confirmation, that is to say, unique target data has unique data fingerprint, once target data changes, the data fingerprint of target data must change, and therefore utilizes data fingerprint to identify as strategy the event of leaking and has very high accuracy.Therefore, the policy definition that the event accuracy that identification can be leaked is high is violation strategy, then these violation strategies are sorted out, thereby forms described violation policy library.As long as the strategy of event to be determined just can determine that with the strategy matching success in violation policy library described event to be determined is the event of leaking, thereby reduce as much as possible the workload that manually event to be determined is defined as to the event of leaking, improve accuracy and operating efficiency.
Step 102, from event to be determined, extract metadata.
Step 103, described metadata is mated with the data in metadatabase, if perform step 104 when the success of the Data Matching in described metadata and metadatabase, if perform step 105 when the Data Matching in described metadata and metadatabase is unsuccessful.
Optionally, the metadata of extracting data assets storehouse before step 103 forms described metadatabase.In the present embodiment, metadata (Meta Data) is the data about other data, refers to the relevant data source definition producing in generated data process, object definition, the critical data that transformation rule etc. are relevant.Metadata comprises the information of relevant document author, document summary and multiple other types information.In the time of user's spanned file or interpolation additional data, system can generate associated metadata automatically.In addition, user also can or generate the metadata of specific file or document by related tool editor.Because metadata has particular community, therefore can utilize metadata to identify the event of leaking.If the success of the Data Matching in the metadata of event to be determined and metadatabase, can determine that described event to be determined is the event of leaking, thereby reduces the workload that manually event to be determined is defined as to the event of leaking as much as possible, improve accuracy and operating efficiency.
Step 104, determine that described event to be determined is the event of leaking.
Step 105, described event to be determined is mated with the event of leaking leaking in event base, if described event to be determined time performs step 104 with the event matches success that leaks leaking in event base, if described event to be determined when unsuccessful with the event matches that leaks leaking in event base flow process finish.
Optionally, before step 105, form according to the event that leaks of manual confirmation the event base that leaks.In the present embodiment, the event of leaking of in the past manually determining is sorted out, thereby described in forming, leaked event base.Event to be determined is mated with the event of leaking leaking in event base, if described event to be determined and the event matches success that leaks leaking in event base, just can determine that described event to be determined is the event of leaking, thereby improve accuracy and the operating efficiency of identifying the event that leaks.
In definite method of event that what the present embodiment provided leak, the metadata of extracting from event to be determined is mated with the data in metadatabase, thereby determine whether event to be determined is the event of leaking.Metadata based on event to be determined is identified automatically to the event of leaking, thereby has reduced the workload of manual confirmation, has improved accuracy and operating efficiency.
The flow chart of definite method of a kind of event that leaks that Fig. 2 provides for the embodiment of the present invention two.As shown in Figure 2, described method comprises:
Step 201, from event to be determined, extract metadata.
Step 202, described metadata is mated with the data in metadatabase, if perform step 203 when the success of the Data Matching in described metadata and metadatabase, if perform step 204 when the Data Matching in described metadata and metadatabase is unsuccessful.
Optionally, the metadata in extraction data assets storehouse forms described metadatabase.In the present embodiment, metadata is the data about other data, refers to the relevant data source definition producing in generated data process, object definition, the critical data that transformation rule etc. are relevant.Metadata comprises the information of relevant document author, document summary and multiple other types information.In the time of user's spanned file or interpolation additional data, system can generate associated metadata automatically.In addition, user also can or generate the metadata of specific file or document by related tool editor.Because metadata has particular community, therefore can utilize metadata to identify the event of leaking.If the success of the Data Matching in the metadata of event to be determined and metadatabase, can determine that described event to be determined is the event of leaking, thereby reduces the workload that manually event to be determined is defined as to the event of leaking as much as possible, improve accuracy and operating efficiency.
Step 203, determine that described event to be determined is the event of leaking.
Step 204, the strategy of described event to be determined is mated with the strategy in policy library in violation of rules and regulations, if perform step 203 when the strategy matching success in the strategy of described event to be determined and policy library in violation of rules and regulations, if the strategy of described event to be determined performs step 205 when unsuccessful with strategy matching in policy library in violation of rules and regulations.
Optionally, before step 204, form policy library in violation of rules and regulations according to predefined violation strategy.In the present embodiment, described strategy is that content-based sensitive data discovery technique is formulated and formed, and wherein the recognition correct rate of part strategy is high especially, once event violates to be determined this part strategy, described event to be determined must be the event of leaking.For example, the recognition correct rate of data fingerprint strategy is just very high.Data fingerprint is the unique digital fragment generating according to target data, thereby data fingerprint has the unique characteristic of the original target data content of confirmation, that is to say, unique target data has unique data fingerprint, once target data changes, the data fingerprint of target data must change, and therefore utilizes data fingerprint to identify as strategy the event of leaking and has very high accuracy.Therefore, the policy definition that the event accuracy that identification can be leaked is high is violation strategy, then these violation strategies are sorted out, thereby forms described violation policy library.As long as the strategy of event to be determined just can determine that with the strategy matching success in violation policy library described event to be determined is the event of leaking, thereby reduce as much as possible the workload that manually event to be determined is defined as to the event of leaking, improve accuracy and operating efficiency.
Step 205, described event to be determined is mated with the event of leaking leaking in event base, if described event to be determined time performs step 203 with the event matches success that leaks leaking in event base, if described event to be determined when unsuccessful with the event matches that leaks leaking in event base flow process finish.
Optionally, form according to the event that leaks of manual confirmation the event base that leaks.In the present embodiment, the event of leaking of in the past manually determining is sorted out, thereby formed the event base that leaks.Event to be determined is mated with the event of leaking leaking in event base, if described event to be determined and the event matches success that leaks leaking in event base, just can determine that described event to be determined is the event of leaking, thereby improve accuracy and the operating efficiency of identifying the event that leaks.
In definite method of event that what the present embodiment provided leak, the metadata of extracting from event to be determined is mated with the data in metadatabase, thereby determine whether event to be determined is the event of leaking.Metadata based on event to be determined is identified automatically to the event of leaking, thereby has reduced the workload of manual confirmation, has improved accuracy and operating efficiency.
A kind of event structural representation of fixed system really that leaks that Fig. 3 provides for the embodiment of the present invention three.As shown in Figure 3, the event that leaks described in really fixed system comprises extraction unit 303, the first matching unit 304 and the first determining unit 305.Described the first matching unit 304 is connected with extraction unit 303 and the first determining unit 305 respectively.Described extraction unit 303 is for extracting metadata from event to be determined, the first matching unit 304 is for described metadata is mated with the data of metadatabase, and the first determining unit 305 for determining that described event to be determined is the event of leaking in the time that described the first matching unit 304 is successful by the Data Matching of described metadata and metadatabase.
In the present embodiment, described in leak event really fixed system also comprise the second matching unit 301 and the second determining unit 302.Described the second matching unit 301 is connected with the second determining unit 302 and extraction unit 303 respectively.Described the second matching unit 301 is for the strategy of described event to be determined is mated with the strategy of policy library in violation of rules and regulations, and described the second determining unit 302 is for determining that described event to be determined is the event of leaking when described the second matching unit 301 when successful the strategy matching of the strategy of described event to be determined and policy library in violation of rules and regulations.
In the present embodiment, described in leak event really fixed system also comprise the 3rd matching unit 306 and the 3rd determining unit 307.Described the 3rd matching unit 306 is connected with the first matching unit 304 and the 3rd determining unit 307 respectively.Described the 3rd matching unit 306 is in the time that the Data Matching of described metadata and metadatabase is unsuccessful, described event to be determined being mated with the event of leaking leaking in event base, and the 3rd determining unit 307 is for determining that by leaking when event matches success of described event to be determined and the event base that leaks described event to be determined is the event of leaking when described the 3rd matching unit 306.
Optionally, the event that leaks described in really fixed system also comprises metadatabase unit, violation policy library unit and the event base unit that leaks.Described metadatabase unit is connected with the first matching unit 304, and described violation policy library unit is connected with the second matching unit 301, described in the event base unit that leaks be connected with the 3rd matching unit 306.Described metadatabase unit is for forming described metadatabase according to the metadata of extracting from data assets storehouse.Described violation policy library unit is for forming policy library in violation of rules and regulations according to predefined violation strategy.The described event base unit that leaks is for forming according to the event that leaks of manual confirmation the event base that leaks.
Event that what the present embodiment provided leak really in fixed system, is mated the metadata of extracting from event to be determined, thereby is determined whether event to be determined is the event of leaking with the data in metadatabase.Metadata based on event to be determined is identified automatically to the event of leaking, thereby has reduced the workload of manual confirmation, has improved accuracy and operating efficiency.
A kind of event structural representation of fixed system really that leaks that Fig. 4 provides for the embodiment of the present invention four.As shown in Figure 4, the event that leaks described in really fixed system comprises extraction unit 401, the first matching unit 402 and the first determining unit 403.Described the first matching unit 402 is connected with extraction unit 401 and the first determining unit 403 respectively.Described extraction unit 401 is for extracting metadata from event to be determined, the first matching unit 402 is for described metadata is mated with the data of metadatabase, and the first determining unit 403 for determining that described event to be determined is the event of leaking in the time that described the first matching unit 402 is successful by the Data Matching of described metadata and metadatabase.
In the present embodiment, described in leak event really fixed system also comprise the 4th matching unit 404 and the 4th determining unit 405.Described the 4th matching unit 404 is connected with the 4th determining unit 405 and the first matching unit 402 respectively.Described the 4th matching unit 404 is in the time that the Data Matching of described metadata and metadatabase is unsuccessful, the strategy of described event to be determined being mated with the strategy in policy library in violation of rules and regulations, and the 4th determining unit 405 is for determining that described event to be determined is the event of leaking when described the 4th matching unit 404 when successful the strategy matching of the strategy of described event to be determined and policy library in violation of rules and regulations.
In the present embodiment, described in leak event really fixed system also comprise the 5th matching unit 406 and the 5th determining unit 407.Described the 5th matching unit 406 is connected with the 4th matching unit 404 and the 5th determining unit 407 respectively.Described the 5th matching unit 406 is for when the strategy of described event to be determined and when the strategy matching of policy library is unsuccessful in violation of rules and regulations, described event to be determined being mated with the event of leaking leaking in event base, and the 5th determining unit 407 is for determining that described event to be determined is the event of leaking when described the 5th matching unit 406 when successful the event matches that leaks of described event to be determined and the event base that leaks.
Optionally, the event that leaks described in really fixed system also comprises metadatabase unit, violation policy library unit and the event base unit that leaks.Described metadatabase unit is connected with the first matching unit 402, and described violation policy library unit is connected with the 4th matching unit 404, described in the event base unit that leaks be connected with the 5th matching unit 406.Described metadatabase unit is for forming described metadatabase according to the metadata of extracting from data assets storehouse.Described violation policy library unit is for forming policy library in violation of rules and regulations according to predefined violation strategy.The described event base unit that leaks is for forming according to the event that leaks of manual confirmation the event base that leaks.
Event that what the present embodiment provided leak really in fixed system, is mated the metadata of extracting from event to be determined, thereby is determined whether event to be determined is the event of leaking with the data in metadatabase.Metadata based on event to be determined is identified automatically to the event of leaking, thereby has reduced the workload of manual confirmation, has improved accuracy and operating efficiency.
Be understandable that, above execution mode is only used to principle of the present invention is described and the illustrative embodiments that adopts, but the present invention is not limited thereto.For those skilled in the art, without departing from the spirit and substance in the present invention, can make various modification and improvement, these modification and improvement are also considered as protection scope of the present invention.