HTTP protocol data leak prevention method and system based on deep content analysis

Abstract

The invention discloses an HTTP protocol data leak prevention method and system based on deep content analysis, and relates to the field of data protection. The method comprises the steps that a data leak prevention system for blocking secret-associated data is connected into a network boundary in series; the data leak prevention system is utilized for capturing an outgoing message and determining a protocol type of the outgoing message; when the protocol type of the outgoing message is determined to be an HTTP protocol, whether the outgoing message contains secret-associated data or not is judged; if it is determined that the outgoing message contains the secret-associated data, secret-associated data leak is blocked. According to the method and system, effective blockage of network boundary HTTP protocol sensitive data is achieved, deep analysis and real-time matching functions are provided for the outgoing message, the leak resistance phenomenon is avoided, enterprise data assets safety is effectively protected, transparency to users is achieved, user experience is not affected, and the method and system are easy for users to accept.

Description

technical field [0001] The invention relates to the field of data protection, in particular to an HTTP protocol data leakage prevention method and system based on deep content analysis. Background technique [0002] Today, with the rapid development of information technology, enterprises rely more and more on information systems, and the stability and security of information systems are directly related to the core competitiveness of enterprises. [0003] Enterprise users use WEB browsers to send and receive emails, post on social networks such as Weibo, Tianya, Tieba, etc., and use network disks to store files, etc., which will cause active or passive information leakage and bring huge economic losses to the enterprise. [0004] WEB browsers mainly use Hypertext Transfer Protocol (HyperTextTransferProtocol, HTTP) for data transmission. At present, the problem of preventing sensitive data leakage of HTTP protocol at the network border is mainly based on the four main streams...

AI Technical Summary

Problems solved by technology

[0005] Among them, firewalls and gateways work below the network layer, and only a few advanced firewalls can simply filter data such as ID numbers and bank account numbers in application layer data. , transport layer and network layer protocol characteristics, and for specific applications and file types, simple matching and filtering of data such as ID numbers and bank account numbers in application layer data, but advanced firewalls do not have the depth of application layer protocols Parsing and matching functions, unable to block emails with illegal content, and only support limited applications, poor scalability, difficult for users to configure, and opaque to the network

The proxy mode sacrifices speed in exchange for higher security performance, but it will become the bottleneck of the network when the network throughput is large, and corresponding proxy needs to be set up, which affects user experience and is difficult to implement and promote

The bypass mode is connected to the network through the port mirroring of the switch, and the TCP protocol can be blocked from sending TCP_RESET messages, but due to the lag of the TCP_RESET message, it is easy to lose control of the network, resulting in the leakage of protected data

Images