[go: up one dir, main page]

CN113542264B - File transmission control method, device and equipment and readable storage medium - Google Patents

File transmission control method, device and equipment and readable storage medium Download PDF

Info

Publication number
CN113542264B
CN113542264B CN202110789018.4A CN202110789018A CN113542264B CN 113542264 B CN113542264 B CN 113542264B CN 202110789018 A CN202110789018 A CN 202110789018A CN 113542264 B CN113542264 B CN 113542264B
Authority
CN
China
Prior art keywords
file
target
confidential
complete
traffic
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110789018.4A
Other languages
Chinese (zh)
Other versions
CN113542264A (en
Inventor
童志超
范渊
黄进
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
DBAPPSecurity Co Ltd
Original Assignee
DBAPPSecurity Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by DBAPPSecurity Co Ltd filed Critical DBAPPSecurity Co Ltd
Priority to CN202110789018.4A priority Critical patent/CN113542264B/en
Publication of CN113542264A publication Critical patent/CN113542264A/en
Application granted granted Critical
Publication of CN113542264B publication Critical patent/CN113542264B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)
  • Information Transfer Between Computers (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application discloses a file transmission control method, a device, equipment and a readable storage medium, wherein the method comprises the following steps: performing flow packet capturing on all external links of the target network card to obtain a flow packet; screening a target flow packet with a file suffix name from the flow packets; merging the traffic fragments with the same file name in a plurality of target traffic packets to obtain a complete file; if the complete file is a confidential file, acquiring destination information corresponding to the complete file; and if the destination terminal information is not matched with the external connection white list, blocking network transmission corresponding to the complete file. The method and the device can protect the confidential document from being leaked.

Description

一种文件传输控制方法、装置、设备及可读存储介质A file transmission control method, apparatus, device and readable storage medium

技术领域technical field

本申请涉及存储安全技术领域,特别是涉及一种文件传输控制方法、装置、设备及可读存储介质。The present application relates to the technical field of storage security, and in particular, to a file transmission control method, apparatus, device, and readable storage medium.

背景技术Background technique

公司内部或机构内部的关键文件,内部文件,核心文件等机密文件会随着公司的运营,机构的运转逐渐增多。这些文档经过定稿后封板后,基本不再修改。随着而来的就是如何存储,如何防止外泄的问题。The key documents, internal documents, core documents and other confidential documents within the company or within the organization will gradually increase with the operation of the company and the operation of the organization. After these documents are finalized and sealed, they will basically not be revised. With that comes the question of how to store it and how to prevent it from leaking.

通常将文件存放在SVN,FTP等文件存储服务器上,然后再通过分配不同用户的不同权限访问这些机密文件,也可以通过限制某些IP的登录服务器来减少访问机密文件的可能。但是,这种访问限制策略,无法防止存在有权限的用户或白名单IP登录,通过外设或网络传输的方式,导致机密文件的外泄。Usually, files are stored on file storage servers such as SVN and FTP, and then access these confidential files by assigning different permissions to different users, or by restricting the login server of certain IPs to reduce the possibility of accessing confidential files. However, this access restriction strategy cannot prevent the existence of privileged users or whitelisted IPs from logging in, resulting in the leakage of confidential files through peripheral devices or network transmission.

综上所述,如何有效地解决文件防泄漏等问题,是目前本领域技术人员急需解决的技术问题。To sum up, how to effectively solve the problem of document leakage prevention is a technical problem that those skilled in the art urgently need to solve.

发明内容SUMMARY OF THE INVENTION

本申请的目的是提供一种文件传输控制方法、装置、设备及可读存储介质,通过对网络传输进行有效监管,将非法网络传输进行阻断,从而保护机密文件不被泄漏。The purpose of this application is to provide a file transmission control method, device, device and readable storage medium, which can block illegal network transmission by effectively supervising network transmission, thereby protecting confidential files from being leaked.

为解决上述技术问题,本申请提供如下技术方案:In order to solve the above-mentioned technical problems, the application provides the following technical solutions:

一种文件保护方法,包括:A method of file protection comprising:

对目标网卡的所有外联进行流量抓包,得到流量包;Capture traffic packets for all outreach of the target network card to obtain traffic packets;

从所述流量包中筛选出带有文件后缀名的目标流量包;Filter out the target traffic packet with the file suffix from the traffic packet;

对多个所述目标流量包中同一文件名称的流量分片进行合并处理,得到完整文件;Merging the traffic fragments of the same file name in the multiple target traffic packets to obtain a complete file;

若所述完整文件为机密文件,则获取所述完整文件对应的目的端信息;If the complete file is a confidential file, obtain the destination information corresponding to the complete file;

若所述目的端信息与外联白名单不匹配,则阻断所述完整文件对应的网络传输。If the destination terminal information does not match the outreach whitelist, the network transmission corresponding to the complete file is blocked.

优选地,所述获取所述完整文件对应的目的端信息,包括:Preferably, the obtaining the destination information corresponding to the complete file includes:

从所述完整文件对应的目标流量包中获取目的端信息;所述目的端信息包括目的IP地址和/或目的MAC地址。The destination information is obtained from the target traffic packet corresponding to the complete file; the destination information includes the destination IP address and/or the destination MAC address.

优选地,还包括:Preferably, it also includes:

接收并解析文件复制请求,确定出待复制的目标文件和外设存储;Receive and parse the file copy request, and determine the target file and peripheral storage to be copied;

判断所述目标文件是否为机密文件;Determine whether the target file is a confidential file;

如果是,则验证所述外设存储是否在外设存储白名单中;If so, verify that the peripheral storage is in the peripheral storage whitelist;

若在,则向所述外设存储复制所述目标文件;若不在,则禁止复制所述目标文件至所述外设存储。If there is, copy the target file to the peripheral storage; if not, prohibit copying the target file to the peripheral storage.

优选地,所述外设存储不在所述外设存储白名单,还包括:Preferably, the peripheral storage is not in the peripheral storage whitelist, further comprising:

对所述外设存储进行注册;registering the peripheral storage;

如果注册成功,则向所述外设存储复制所述目标文件;If the registration is successful, copy the target file to the peripheral storage;

如果注册失败,则禁止复制所述目标文件至所述外设存储。If the registration fails, copying the object file to the peripheral storage is prohibited.

优选地,判断所述目标文件是否为机密文件,包括:Preferably, judging whether the target file is a confidential file includes:

计算所述目标文件的目标MD5值;Calculate the target MD5 value of the target file;

若所述目标MD5值在机密文件对应的MD5值中,则确定所述目标文件为机密文件。If the target MD5 value is in the MD5 value corresponding to the confidential file, it is determined that the target file is a confidential file.

优选地,判断所述目标文件是否为机密文件,包括:Preferably, judging whether the target file is a confidential file includes:

读取所述目标文件的头文件信息;Read the header file information of the target file;

若所述头文件信息中具有机密标识,则确定所述目标文件为机密文件。If the header file information has a confidential identifier, it is determined that the target file is a confidential file.

优选地,还包括:Preferably, it also includes:

从EDR中心服务器中下载白名单;Download the whitelist from the EDR center server;

标注并锁定机密文件。Label and lock confidential documents.

一种文件传输控制装置,包括:A file transmission control device, comprising:

抓包模块,用于对目标网卡的所有外联进行流量抓包,得到流量包;The packet capture module is used to capture traffic packets for all outreach of the target network card to obtain traffic packets;

流量包筛选模块,用于从所述流量包中筛选出带有文件后缀名的目标流量包;a traffic packet filtering module, used for filtering out the target traffic packet with the file suffix name from the traffic packet;

文件合并模块,用于对多个所述目标流量包中同一文件名称的流量分片进行合并处理,得到完整文件;The file merging module is used for merging the traffic fragments of the same file name in the multiple target traffic packets to obtain a complete file;

信息获取模块,用于若所述完整文件为机密文件,则获取所述完整文件对应的目的端信息;an information acquisition module, configured to acquire destination information corresponding to the complete file if the complete file is a confidential file;

传输阻断模块,用于若所述目的端信息与外联白名单不匹配,则阻断所述完整文件对应的网络传输。A transmission blocking module, configured to block the network transmission corresponding to the complete file if the destination terminal information does not match the outreach whitelist.

一种电子设备,包括:An electronic device comprising:

存储器,用于存储计算机程序;memory for storing computer programs;

处理器,用于执行所述计算机程序时实现上述文件传输控制方法的步骤。The processor is configured to implement the steps of the above-mentioned file transmission control method when executing the computer program.

一种可读存储介质,所述可读存储介质上存储有计算机程序,所述计算机程序被处理器执行时实现上述文件传输控制方法的步骤。A readable storage medium, on which a computer program is stored, and when the computer program is executed by a processor, implements the steps of the above-mentioned file transmission control method.

应用本申请实施例所提供的方法,对目标网卡的所有外联进行流量抓包,得到流量包;从流量包中筛选出带有文件后缀名的目标流量包;对多个目标流量包中同一文件名称的流量分片进行合并处理,得到完整文件;若完整文件为机密文件,则获取完整文件对应的目的端信息;若目的端信息与外联白名单不匹配,则阻断完整文件对应的网络传输。By applying the method provided by the embodiment of the present application, the traffic packets are captured on all the external links of the target network card to obtain the traffic packets; the target traffic packets with the file suffix name are filtered out from the traffic packets; The traffic shards of the file name are merged to obtain the complete file; if the complete file is a confidential file, the destination information corresponding to the complete file is obtained; if the destination information does not match the outreach whitelist, the corresponding information of the complete file is blocked. network transmission.

首先,针对需要目标网卡的所有外联都进行流量抓包,然后对所得的流量包进行筛选,留下带有文件后缀名的目标流量包。对目标流量包中涉及提一个文件名称的流量分片进行合并处理,进而得到正在传输/即将传输的完整文件。检验一下该完整文件是否为机密文件,如果是机密文件,则进一步获取该完整文件对应的目的端信息,如果的端信息与外联白名单不匹配,则直接将完整文件对应的网络传输进行阻断,从而保障属于机密文件的完整文件不被非法传输,保护机密文件不被泄漏。First, traffic packets are captured for all outreach that requires the target network card, and then the obtained traffic packets are filtered to leave the target traffic packets with the file suffix. Merge the traffic shards that involve a file name in the target traffic packet, and then obtain the complete file being transmitted/to be transmitted. Check whether the complete file is a confidential file. If it is a confidential file, further obtain the destination terminal information corresponding to the complete file. If the terminal information does not match the external whitelist, directly block the network transmission corresponding to the complete file. In order to protect the complete files belonging to the confidential documents from being illegally transmitted, and to protect the confidential documents from being leaked.

相应地,本申请实施例还提供了与上述文件传输控制方法相对应的文件传输控制装置、设备和可读存储介质,具有上述技术效果,在此不再赘述。Correspondingly, the embodiments of the present application also provide a file transmission control apparatus, device, and readable storage medium corresponding to the above-mentioned file transmission control method, which have the above-mentioned technical effects, and are not repeated here.

附图说明Description of drawings

为了更清楚地说明本申请实施例或相关技术中的技术方案,下面将对实施例或相关技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to illustrate the technical solutions in the embodiments of the present application or related technologies more clearly, the following briefly introduces the accompanying drawings that are used in the description of the embodiments or related technologies. Obviously, the drawings in the following description are only the For some embodiments of the application, for those of ordinary skill in the art, other drawings can also be obtained according to these drawings without any creative effort.

图1为本申请实施例中一种文件传输控制方法的实施流程图;Fig. 1 is the implementation flow chart of a kind of file transmission control method in the embodiment of the application;

图2为本申请实施例中一种文件传输控制方法的具体实施示意图;2 is a schematic diagram of a specific implementation of a file transmission control method in an embodiment of the present application;

图3为本申请实施例中一种多维度文件保护实施示意图;3 is a schematic diagram of a multi-dimensional file protection implementation in an embodiment of the present application;

图4为本申请实施例中一种文件传输控制装置的结构示意图;4 is a schematic structural diagram of a file transmission control device in an embodiment of the present application;

图5为本申请实施例中一种电子设备的结构示意图;5 is a schematic structural diagram of an electronic device in an embodiment of the application;

图6为本申请实施例中一种电子设备的具体结构示意图。FIG. 6 is a schematic diagram of a specific structure of an electronic device in an embodiment of the present application.

具体实施方式Detailed ways

为了使本技术领域的人员更好地理解本申请方案,下面结合附图和具体实施方式对本申请作进一步的详细说明。显然,所描述的实施例仅仅是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。In order to make those skilled in the art better understand the solution of the present application, the present application will be further described in detail below with reference to the accompanying drawings and specific embodiments. Obviously, the described embodiments are only a part of the embodiments of the present application, but not all of the embodiments. Based on the embodiments in the present application, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present application.

请参考图1,图1为本申请实施例中一种文件传输控制方法的流程图,该方法可以应用到具有文件传输的任一终端中。下面以应用于EDR客户端中对文件传输控制方法进行举例说明。其中,EDR(Endpoint Detection Response,端点检测与响应)是一种主动的安全方法,可以实时监控端点,并搜索渗透到公司防御系统中的威胁。Please refer to FIG. 1 . FIG. 1 is a flowchart of a file transmission control method in an embodiment of the present application, and the method can be applied to any terminal with file transmission. The following is an example of the file transmission control method applied to the EDR client. Among them, EDR (Endpoint Detection Response, Endpoint Detection and Response) is a proactive security method that monitors endpoints in real time and searches for threats that infiltrate a company's defenses.

该方法包括以下步骤:The method includes the following steps:

S101、对目标网卡的所有外联进行流量抓包,得到流量包。S101. Perform traffic packet capture on all outreaches of the target network card to obtain traffic packets.

EDR客户端可以对其载体计算机中的网卡进行流量抓包。为了避免文件泄漏,在本实施例中,在对目标网卡进行流量抓包处理时,可对目标网卡的所有外联都进行流量抓包,进而得到待传输/正在传输的若干流量包。The EDR client can capture traffic from the network card in its carrier computer. In order to avoid file leakage, in this embodiment, when the traffic packet capture process is performed on the target network card, traffic packet capture can be performed on all external connections of the target network card, thereby obtaining several traffic packets to be transmitted/transmitting.

S102、从流量包中筛选出带有文件后缀名的目标流量包。S102. Filter out target traffic packets with file suffixes from the traffic packets.

一般地,携带了文件的流量包会含有文件后缀名,而本实施例也主要是为了防止机密文件的泄漏,因而可首先从若干流量包中筛选出带有文件后缀名的目标流量包。在本实施例中,对于文件后缀名可以具有为机密文件对应的文件类型的后缀名(如docx,doc,xlsx,xls,pptx,ppt,txt等)。Generally, a traffic packet carrying a file will contain a file suffix, and this embodiment is mainly to prevent leakage of confidential files, so a target traffic packet with a file suffix can be filtered out of several traffic packets first. In this embodiment, the file suffix name may have a file type suffix name corresponding to the confidential file (eg, docx, doc, xlsx, xls, pptx, ppt, txt, etc.).

S103、对多个目标流量包中同一文件名称的流量分片进行合并处理,得到完整文件。S103 , merging the traffic fragments with the same file name in the multiple target traffic packets to obtain a complete file.

在筛选好目标流量包之后,考虑到文件一般都需要进行分片,从而实现传输。为了有效甄别文件是否为机密文件,还需将目标流量包中文件对应的零散流量分片进行合并处理。具体的,对于如何将同一文件名称的流量分别进行合并处理,从而得到完整文件,可以参考文件分片传输与文件分片合并的具体实现方案,在此不再一一赘述。After filtering the target traffic packets, consider that files generally need to be fragmented to achieve transmission. In order to effectively identify whether a file is a confidential file, it is also necessary to merge the scattered traffic fragments corresponding to the file in the target traffic packet. Specifically, for how to combine the traffic of the same file name respectively to obtain a complete file, you can refer to the specific implementation scheme of file segment transmission and file segment merging, which will not be repeated here.

需要注意的是,若一个目标流量包即对应了一个完整文件,则无需进行合并处理。对于需要合并处理的文件,对其涉及的目标流量包的数量不做限定。即,对完整文件的具体大小不做限定。It should be noted that if a target traffic packet corresponds to a complete file, it is not necessary to perform merging processing. For files that need to be merged, the number of target traffic packets involved is not limited. That is, the specific size of the complete file is not limited.

S104、若完整文件为机密文件,则获取完整文件对应的目的端信息。S104. If the complete file is a confidential file, obtain destination information corresponding to the complete file.

在本实施例中,可以预先为机密文件打上标签,也可以预先将机密文件对应的唯一标识(如MD5值)进行统一记录,在得到完整文件之后,便可基于文件标签或统一记录的机密文件唯一标识确定该完整文件是否为机密文件。In this embodiment, the confidential files can be labeled in advance, or the unique identifiers (such as MD5 values) corresponding to the confidential files can be uniformly recorded in advance. The unique identifier determines whether the complete file is a confidential file.

其中,MD5值即利用MD5算法对文件进行计算后得到的输出内容。MD5(MessageDigest Algorithm 5,消息摘要算法第5版)算法的输入是一个任意长度的字符串(长度大于等于0,在本实施例中具体为文件),输出是一个128比特(bit)(或者说16个bytes)的字符串(即MD5值)。Among them, the MD5 value is the output content obtained after calculating the file by using the MD5 algorithm. The input of the MD5 (MessageDigest Algorithm 5, Message Digest Algorithm 5th Edition) algorithm is a character string of any length (the length is greater than or equal to 0, in this embodiment, it is specifically a file), and the output is a 128-bit (bit) (or 16 bytes) string (ie MD5 value).

确定该完整文件是机密文件之后,便可获取该完整文件对应的目的端信息。该目的端信息即指本次抓包识别得到的传输该完整文件对应的目的端的相关信息。After it is determined that the complete file is a confidential file, the destination terminal information corresponding to the complete file can be obtained. The destination end information refers to the relevant information of the destination end corresponding to the transmission of the complete file identified by the current packet capture.

具体的,从完整文件对应的目标流量包中获取目的端信息;目的端信息包括目的IP地址和/或目的MAC地址。即,目的端信息可以仅为传输该完整文件所对应的目的端的IP地址,也可以仅为传输该完整文件所对应的目的端的MAC地址,当然也可以对应包括目的端的IP地址和MAC地址。具体的,目的IP地址和目的MAC地址可以直接从目标流量包中的五元组信息中解析得到。Specifically, the destination end information is obtained from the target traffic packet corresponding to the complete file; the destination end information includes the destination IP address and/or the destination MAC address. That is, the destination terminal information may only be the IP address of the destination terminal corresponding to the transmission of the complete file, or may only be the MAC address of the destination terminal corresponding to the transmission of the complete file. Of course, it may also correspond to the IP address and MAC address of the destination terminal. Specifically, the destination IP address and the destination MAC address can be directly obtained by parsing from the quintuple information in the target traffic packet.

S105、若目的端信息与外联白名单不匹配,则阻断完整文件对应的网络传输。S105. If the destination terminal information does not match the outreach whitelist, block the network transmission corresponding to the complete file.

在本实施例中,可以预先设置一个外联白名单,在外联白名单中记录允许机密文件传输的外联终端的相关信息,如IP地址,或MAC地址。In this embodiment, an outreach whitelist may be preset, and relevant information of an outreach terminal that allows confidential file transmission, such as an IP address or a MAC address, is recorded in the outreach whitelist.

具体的,可以从EDR中心服务器中下载白名单;标注并锁定机密文件。其中,白名单可具体指外联白名单,也可以具体指外联白名单和外设存储白名单。标注机密文件即指事先标记好哪些文件为机密文件。锁定机密文件即指不再允许对其进行修改。Specifically, the whitelist can be downloaded from the EDR central server; the confidential files can be marked and locked. The whitelist may specifically refer to the outreach whitelist, or may specifically refer to the outreach whitelist and the peripheral storage whitelist. Marking confidential documents refers to marking which documents are confidential in advance. Locking a confidential file means that modification of it is no longer allowed.

在得到目的端信息之后,将该目的端信息与外联白名单进行对应匹配查找。例如,目标的信息为目标IP地址,在外联白名单中找到了该目标IP地址,则确定匹配成功;目的端信息为目标MAC地址,在外联白名单中找到了该MAC地址,则确定匹配成功;目的端地址为目标IP地址+目标MAC地址的组合,在外联白名单中找到了该组合,则确定匹配成功。After obtaining the destination end information, the destination end information is matched and searched with the outreach whitelist. For example, if the target information is the target IP address, and the target IP address is found in the outreach whitelist, the match is determined to be successful; the destination information is the target MAC address, and the MAC address is found in the outreach whitelist, then the match is determined to be successful. ; The destination address is the combination of the destination IP address and the destination MAC address. If the combination is found in the external whitelist, the match is determined to be successful.

在从外联白名单中找到与目的端信息匹配的内容时,则确定向目的端信息对应的终端传输该完整文件是合法的,此时可对完整文件对应的目标流量包进行放行;否则,确定相目的端信息对应的终端传输该完整文件是非法的,此时阻断该完整文件对应的网络传输,即拦截完整文件对应的目标流量包的传输。When the content matching the destination information is found from the outreach whitelist, it is determined that it is legal to transmit the complete file to the terminal corresponding to the destination information, and the target traffic packet corresponding to the complete file can be released at this time; otherwise, It is determined that it is illegal for the terminal corresponding to the destination terminal information to transmit the complete file. In this case, the network transmission corresponding to the complete file is blocked, that is, the transmission of the target traffic packet corresponding to the complete file is blocked.

应用本申请实施例所提供的方法,对目标网卡的所有外联进行流量抓包,得到流量包;从流量包中筛选出带有文件后缀名的目标流量包;对多个目标流量包中同一文件名称的流量分片进行合并处理,得到完整文件;若完整文件为机密文件,则获取完整文件对应的目的端信息;若目的端信息与外联白名单不匹配,则阻断完整文件对应的网络传输。By applying the method provided by the embodiment of the present application, the traffic packets are captured on all the external links of the target network card to obtain the traffic packets; the target traffic packets with the file suffix name are filtered out from the traffic packets; The traffic shards of the file name are merged to obtain the complete file; if the complete file is a confidential file, the destination information corresponding to the complete file is obtained; if the destination information does not match the outreach whitelist, the corresponding information of the complete file is blocked. network transmission.

首先,针对需要目标网卡的所有外联都进行流量抓包,然后对所得的流量包进行筛选,留下带有文件后缀名的目标流量包。对目标流量包中涉及提一个文件名称的流量分片进行合并处理,进而得到正在传输/即将传输的完整文件。检验一下该完整文件是否为机密文件,如果是机密文件,则进一步获取该完整文件对应的目的端信息,如果的端信息与外联白名单不匹配,则直接将完整文件对应的网络传输进行阻断,从而保障属于机密文件的完整文件不被非法传输,保护机密文件不被泄漏。First, traffic packets are captured for all outreach that requires the target network card, and then the obtained traffic packets are filtered to leave the target traffic packets with the file suffix. Merge the traffic shards that involve a file name in the target traffic packet, and then obtain the complete file being transmitted/to be transmitted. Check whether the complete file is a confidential file. If it is a confidential file, further obtain the destination terminal information corresponding to the complete file. If the terminal information does not match the external whitelist, directly block the network transmission corresponding to the complete file. In order to protect the complete files belonging to the confidential documents from being illegally transmitted, and to protect the confidential documents from being leaked.

需要说明的是,基于上述实施例,本申请实施例还提供了相应的改进方案。在优选/改进实施例中涉及与上述实施例中相同步骤或相应步骤之间可相互参考,相应的有益效果也可相互参照,在本文的优选/改进实施例中不再一一赘述。It should be noted that, based on the foregoing embodiments, the embodiments of the present application also provide corresponding improvement solutions. In the preferred/improved embodiments, the same steps or corresponding steps in the above-mentioned embodiments can be referred to each other, and corresponding beneficial effects can also be referred to each other, which will not be repeated in the preferred/improved embodiments herein.

在本申请中的一种具体实施方式中,考虑到文件的传输不仅有网络传输,还有外设存储(如优盘、硬盘等)的拷贝传输。因而,在上述实施例的基础上,还提出对外设存储对应的拷贝传输进行有效控制,从外设存储的拷贝传输这一维度,对机密文件进行有效的防泄漏保护。In a specific implementation manner of the present application, it is considered that the transmission of files includes not only network transmission, but also copy transmission of peripheral storage (such as a USB flash drive, a hard disk, etc.). Therefore, on the basis of the above-mentioned embodiment, it is also proposed to effectively control the copy transmission corresponding to the external storage, and to perform effective anti-leak protection for confidential files from the dimension of the copy transmission of the external storage.

请参考图2,图2为本申请实施例中一种文件传输控制方法的具体实施示意图。具体的实现过程,包括:Please refer to FIG. 2 , which is a schematic diagram of a specific implementation of a file transmission control method in an embodiment of the present application. The specific implementation process includes:

S201、接收并解析文件复制请求,确定出待复制的目标文件和外设存储。S201. Receive and analyze the file copy request, and determine the target file to be copied and the peripheral storage.

在本实施例中,可以接收并解析文件复制请求,从而确定出需要进行复制的目标文件,以及目标文件复制到哪个外设存储中。在本实施例中,外设存储可以为优盘、优盘等常见的计算机外部可移动的存储设备。In this embodiment, a file copy request can be received and parsed, so as to determine the target file to be copied and to which peripheral storage the target file is copied. In this embodiment, the peripheral storage may be a common removable storage device external to a computer, such as a USB flash drive and a USB flash drive.

S202、判断目标文件是否为机密文件。S202. Determine whether the target file is a confidential file.

确定出待复制的目标文件之后,首先确定该目标文件是否为机密文件。After the target file to be copied is determined, it is first determined whether the target file is a confidential file.

在本实施例中,判断完整文件是否为机密文件的方式包括但不限于以下两种方式:In this embodiment, the ways of judging whether the complete file is a confidential file include but are not limited to the following two ways:

方式1:基于MD5值进行判断,具体实现过程,包括:Method 1: Judging based on MD5 value, the specific implementation process includes:

步骤一、计算目标文件的目标MD5值;Step 1. Calculate the target MD5 value of the target file;

步骤二、若目标MD5值在机密文件对应的MD5值中,则确定目标文件为机密文件。Step 2: If the target MD5 value is in the MD5 value corresponding to the confidential file, the target file is determined to be a confidential file.

为便于描述,下面将上述两个步骤结合起来进行说明。For the convenience of description, the above two steps are combined for description below.

首先,计算出目标文件的目标MD5值。然后,读取机密文件对应的MD5值,并检测该目标MD5值是否在机密文件对应的MD5值中,如果在,则确定目标文件为机密文件,反之,则确定目标文件为非机密文件。First, calculate the target MD5 value of the target file. Then, read the MD5 value corresponding to the confidential file, and check whether the target MD5 value is in the MD5 value corresponding to the confidential file.

方式2:基于头文件信息来确定目标文件是否为机密文件,具体实现过程,包括:Method 2: Determine whether the target file is a confidential file based on the header file information. The specific implementation process includes:

步骤一、读取目标文件的头文件信息;Step 1: Read the header file information of the target file;

步骤二、若头文件信息中具有机密标识,则确定目标文件为机密文件。Step 2: If the header file information has a confidential identifier, it is determined that the target file is a confidential file.

为便于描述,下面将上述两个步骤结合起来进行说明。For the convenience of description, the above two steps are combined for description below.

需要注意的是,实施方式2中,需要在头文件信息的自定义字段预先定义出机密标识。如此,便可通过读取目标文件的头文件信息,判断其是否具有对应的机密标识的方式,来确定目标文件是否为机密文件。It should be noted that, in Embodiment 2, a secret identifier needs to be pre-defined in the custom field of the header file information. In this way, it can be determined whether the target file is a confidential file by reading the header file information of the target file and judging whether it has a corresponding confidential identifier.

若目标文件是机密文件,则进入步骤S203中,如果目标文件非机密文件,则可直接将其拷贝至外设存储中,即进入步骤S204的操作。If the target file is a confidential file, proceed to step S203 , and if the target file is not a confidential file, it can be directly copied to the peripheral storage, that is, the operation of step S204 is entered.

S203、验证外设存储是否在外设存储白名单中。S203. Verify whether the peripheral storage is in the peripheral storage whitelist.

为方便管理,在本实施例中,可以预先设置好外设存储白名单,在该外设存储白名单中记录合法注册的外设存储,即允许拷贝机密文件的外设存储。For the convenience of management, in this embodiment, a peripheral storage whitelist may be preset, and legally registered peripheral storages, that is, peripheral storages that allow copying of confidential files, are recorded in the peripheral storage whitelist.

确定目标文件为机密文件后,便可验证该外设存储是否在外设存储白名单中,如果是,则表明本次拷贝目标文件是合法的,后续执行步骤S204的操作,否则是非法的,后续执行步骤S205的操作。After it is determined that the target file is a confidential file, it can be verified whether the peripheral storage is in the peripheral storage whitelist. If it is, it means that the target file copied this time is legal, and the operation of step S204 is performed subsequently, otherwise it is illegal, and the subsequent The operation of step S205 is performed.

S204、向外设存储复制目标文件。S204: Copy the target file to the external storage.

即允许本次向外设存储复制目标文件。That is, the target file is allowed to be copied to the external storage this time.

S205、禁止复制目标文件至外设存储。S205 , copying the target file to the peripheral storage is prohibited.

即仅在本次向外设存储复制目标文件。That is, the target file is copied to the external storage only this time.

优选地,考虑到在实际应用中,随着实际需求的不断变化,可能会需要向外设存储白名单之外的外设存储拷贝机密文件。为应对此需求,在本实施例中,还可以向外设存储白名单注册新的外设存储。具体的,外设存储不在外设存储白名单,还可以执行以下步骤:Preferably, considering that in practical applications, with the constant change of actual requirements, it may be necessary to store and copy confidential files to peripheral devices other than the external device storage whitelist. To meet this requirement, in this embodiment, a new peripheral storage device may also be registered in the peripheral storage whitelist. Specifically, if the peripheral storage is not in the peripheral storage whitelist, you can also perform the following steps:

步骤一、对外设存储进行注册;Step 1. Register the external storage;

步骤二、如果注册成功,则向外设存储复制目标文件;Step 2. If the registration is successful, copy the target file to the external storage;

步骤三、如果注册失败,则禁止复制目标文件至外设存储。Step 3. If the registration fails, it is forbidden to copy the target file to the peripheral storage.

为便于描述,下面将上述三个步骤结合起来进行说明。For the convenience of description, the above three steps are combined for description below.

对外设存储进行注册,即尝试将外设存储添加至外设存储白名单中。或注册后的外设存储将自动添加至外设存储白名单中。Registering the peripheral storage, i.e., attempting to add the peripheral storage to the peripheral storage whitelist. Or the registered peripheral storage will be automatically added to the peripheral storage whitelist.

注册是否通过,可以采用人工审计的方式进行。在注册成功的情况下,则表明该外设存储可以合法取得目标文件,因而可向该外设存储复制目标文件;在注册失败的情况下,则表明该外设存储无法合法取得目标文件,因而可禁止向该外设存储复制目标文件。Whether the registration is approved or not can be carried out by manual auditing. If the registration is successful, it means that the peripheral storage can legally obtain the target file, so the target file can be copied to the peripheral storage; if the registration fails, it means that the peripheral storage cannot legally obtain the target file, so Copying target files to this peripheral store can be disabled.

在实际应用中,对机密文件进行网络传输维度和文件复制拷贝至外设存储的维度的防泄漏维护的策略可以同时启动,从而实现全方位的保护。为了便于本领域技术人员更好地理解如何具体实施,下面结合具体的应用场景为例,对文件传输控制方法进行详细说明。In practical applications, the anti-leak maintenance strategy of network transmission dimension and file copy copy to peripheral storage dimension for confidential files can be activated at the same time, so as to achieve all-round protection. In order to facilitate those skilled in the art to better understand how to implement it, the file transmission control method will be described in detail below with reference to a specific application scenario as an example.

请参考图3,图3为本申请实施例中一种多维度文件保护实施示意图。Please refer to FIG. 3 , which is a schematic diagram of implementing multi-dimensional file protection in an embodiment of the present application.

在实施文件传输控制方法之前,需进行以下预备工作:Before implementing the file transfer control method, the following preparatory work is required:

1、部署EDR中心服务器软件,通过Web服务访问EDR资产管控中心。下载EDR客户端安装包。1. Deploy the EDR center server software and access the EDR asset management and control center through web services. Download the EDR client installation package.

2、在需要监控的计算机上安装EDR客户端软件,建立客户端与中心的通信连接。2. Install the EDR client software on the computer that needs to be monitored, and establish the communication connection between the client and the center.

3、用户登录中心服务器Web界面,对客户端设置外联白名单IP或IP段。3. The user logs in to the web interface of the central server, and sets the external whitelist IP or IP segment for the client.

4、用户在中心服务器通过遍历客户端的目录,选中需要标注的机密文件(通过对文件名称加文件MD5匹配等方式进行标注)。选中的机密文件用客户端进程进行独占模式占用,即不可再编辑。另外,设置不允许同一文件落地。即不可对机密文件在本地磁盘复制。4. On the central server, the user selects the confidential file that needs to be marked by traversing the directory of the client (marking by adding MD5 matching to the file name). The selected confidential file is occupied by the client process in exclusive mode, that is, it cannot be edited. Also, the settings do not allow the same file to land. That is, it is not possible to copy confidential files on the local disk.

5、外设存储(如:U盘)连接到服务器后,先通过客户端发起注册外设存储到中心服务器,中心服务器接收到注册申请后,人工审批。审批通过后,该外设存储即为外设存储白名单。5. After the peripheral storage (such as: U disk) is connected to the server, the client first initiates the registration of the peripheral storage to the central server, and the central server receives the registration application and manually approves it. After approval, the peripheral storage is the peripheral storage whitelist.

上述准备工作完成之后,便可实施本申请实施例所提供的文件传输控制方法。After the above preparations are completed, the file transmission control method provided by the embodiment of the present application can be implemented.

即,用户插入外设存储(如:U盘),复制机密文件到外设存储内的具体实施:客户端进程先判断该外设存储是否经过注册,如果没有注册则不允许复制操作。如果注册则允许复制操作,即允许将机密文件复制到外设存储。用户未注册的外设存储,可以在客户端界面发起申请注册操作。中心服务器接收到外设存储注册信息后,经过人工审批。人工审批通过即为白名单注册过的外设存储,则可以存储机密文件。That is, the user inserts the peripheral storage (eg: U disk), and the specific implementation of copying the confidential file to the peripheral storage: the client process first determines whether the peripheral storage is registered, and if it is not registered, the copy operation is not allowed. Allow copy operations if registered, i.e. allow copying of confidential files to peripheral storage. For peripheral storage that is not registered by the user, you can initiate an application for registration operation on the client interface. After the central server receives the peripheral storage registration information, it undergoes manual approval. If the manual approval is passed, the peripheral storage that has been registered in the whitelist can store confidential files.

用户在计算机传输文件,通过SVN,FTP,SCP,邮件附件,http/https的POST上传等各类网络传输。EDR客户端通过对计算机内网卡的所有网络流量监控。并对每个TCP外联进行流量抓包分析。先解析出是否带有附件的机密文件的流量,即客户端进程会对每个TCP外联的流量进行解析,将TCP流量带文件后缀名的流量单独处理,并对多个流量中同一文件名称的流量分片进行合并处理,将合并出来的流量提取成一个完整的文件,再判断文件的MD5值来判断该完整文件是否为机密文件;如果是机密文件再对该流量的目的IP提取,否则就丢弃该流量数据。通过解析出来的目的IP和MAC地址中的至少一项,再匹配外联白名单,是否存在白名单库内,若存在,则表示该网上传输的目的为白名单地址即可以允许该网络传输。若不存在,则阻断该网络传输,不允许传输。Users transfer files on the computer through various network transmissions such as SVN, FTP, SCP, email attachments, and http/https POST uploads. The EDR client monitors all network traffic of the network card in the computer. And perform traffic capture and packet analysis for each TCP outreach. First parse out the traffic of confidential files with attachments, that is, the client process will parse each TCP outbound traffic, process the TCP traffic with file suffix name separately, and analyze the same file name in multiple traffic flows. The traffic fragments are merged, and the merged traffic is extracted into a complete file, and then the MD5 value of the file is judged to determine whether the complete file is a confidential file; if it is a confidential file, then extract the destination IP of the traffic, otherwise The traffic data is discarded. By analysing at least one of the destination IP and MAC address, and then matching the outbound whitelist, whether it exists in the whitelist database, if it exists, it means that the purpose of the online transmission is the whitelist address, and the network transmission can be allowed. If it does not exist, the network transmission is blocked and the transmission is not allowed.

相应于上面的方法实施例,本申请实施例还提供了一种文件传输控制装置,下文描述的文件传输控制装置与上文描述的文件传输控制方法可相互对应参照。Corresponding to the above method embodiments, the embodiments of the present application further provide a file transmission control apparatus, and the file transmission control apparatus described below and the file transmission control method described above may refer to each other correspondingly.

参见图4所示,该装置包括以下模块:Referring to Figure 4, the device includes the following modules:

抓包模块101,用于对目标网卡的所有外联进行流量抓包,得到流量包;The packet capture module 101 is used to capture traffic packets for all external connections of the target network card to obtain traffic packets;

流量包筛选模块102,用于从流量包中筛选出带有文件后缀名的目标流量包;A traffic packet screening module 102, configured to filter out a target traffic packet with a file suffix from the traffic packet;

文件合并模块103,用于对多个目标流量包中同一文件名称的流量分片进行合并处理,得到完整文件;The file merging module 103 is used for merging the traffic fragments of the same file name in the multiple target traffic packets to obtain a complete file;

信息获取模块104,用于若完整文件为机密文件,则获取完整文件对应的目的端信息;The information acquisition module 104 is configured to acquire destination information corresponding to the complete file if the complete file is a confidential file;

传输阻断模块105,用于若目的端信息与外联白名单不匹配,则阻断完整文件对应的网络传输。The transmission blocking module 105 is configured to block the network transmission corresponding to the complete file if the destination terminal information does not match the outreach whitelist.

应用本申请实施例所提供的装置,对目标网卡的所有外联进行流量抓包,得到流量包;从流量包中筛选出带有文件后缀名的目标流量包;对多个目标流量包中同一文件名称的流量分片进行合并处理,得到完整文件;若完整文件为机密文件,则获取完整文件对应的目的端信息;若目的端信息与外联白名单不匹配,则阻断完整文件对应的网络传输。By applying the device provided by the embodiment of the present application, the traffic packets are captured on all the external links of the target network card to obtain the traffic packets; the target traffic packets with the file suffix are filtered out from the traffic packets; The traffic shards of the file name are merged to obtain the complete file; if the complete file is a confidential file, the destination information corresponding to the complete file is obtained; if the destination information does not match the outreach whitelist, the corresponding information of the complete file is blocked. network transmission.

首先,针对需要目标网卡的所有外联都进行流量抓包,然后对所得的流量包进行筛选,留下带有文件后缀名的目标流量包。对目标流量包中涉及提一个文件名称的流量分片进行合并处理,进而得到正在传输/即将传输的完整文件。检验一下该完整文件是否为机密文件,如果是机密文件,则进一步获取该完整文件对应的目的端信息,如果的端信息与外联白名单不匹配,则直接将完整文件对应的网络传输进行阻断,从而保障属于机密文件的完整文件不被非法传输,保护机密文件不被泄漏。First, traffic packets are captured for all outreach that requires the target network card, and then the obtained traffic packets are filtered to leave the target traffic packets with the file suffix. Merge the traffic shards that involve a file name in the target traffic packet, and then obtain the complete file being transmitted/to be transmitted. Check whether the complete file is a confidential file. If it is a confidential file, further obtain the destination terminal information corresponding to the complete file. If the terminal information does not match the external whitelist, directly block the network transmission corresponding to the complete file. In order to protect the complete files belonging to the confidential documents from being illegally transmitted, and to protect the confidential documents from being leaked.

在本申请的一种具体实施方式中,信息获取模块104,具体用于从完整文件对应的目标流量包中获取目的端信息;目的端信息包括目的IP地址和/或目的MAC地址。In a specific implementation of the present application, the information acquisition module 104 is specifically configured to acquire destination information from the target traffic packet corresponding to the complete file; the destination information includes the destination IP address and/or the destination MAC address.

在本申请的一种具体实施方式中,还包括:In a specific embodiment of the present application, it also includes:

拷贝传输控制模块,用于接收并解析文件复制请求,确定出待复制的目标文件和外设存储;判断目标文件是否为机密文件;如果是,则验证外设存储是否在外设存储白名单中;若在,则向外设存储复制目标文件;若不在,则禁止复制目标文件至外设存储。The copy transmission control module is used to receive and parse the file copy request, determine the target file to be copied and the peripheral storage; determine whether the target file is a confidential file; if so, verify whether the peripheral storage is in the peripheral storage whitelist; If it is, copy the target file to the external storage; if not, then prohibit copying the target file to the external storage.

在本申请的一种具体实施方式中,拷贝传输控制模块,还用于外设存储不在外设存储白名单,对外设存储进行注册;如果注册成功,则向外设存储复制目标文件;如果注册失败,则禁止复制目标文件至外设存储。In a specific embodiment of the present application, the copy transmission control module is also used to register the peripheral storage if the peripheral storage is not in the peripheral storage whitelist; if the registration is successful, copy the target file to the peripheral storage; If it fails, copying the target file to the peripheral storage is prohibited.

在本申请的一种具体实施方式中,拷贝传输控制模块,具体用于计算目标文件的目标MD5值;若目标MD5值在机密文件对应的MD5值中,则确定目标文件为机密文件。In a specific embodiment of the present application, the copy transmission control module is specifically used to calculate the target MD5 value of the target file; if the target MD5 value is in the MD5 value corresponding to the confidential document, the target document is determined to be a confidential document.

在本申请的一种具体实施方式中,拷贝传输控制模块,具体用于读取目标文件的头文件信息;若头文件信息中具有机密标识,则确定目标文件为机密文件。In a specific embodiment of the present application, the copy transmission control module is specifically configured to read the header file information of the target file; if the header file information has a confidential identifier, the target file is determined to be a confidential file.

在本申请的一种具体实施方式中,还包括:In a specific embodiment of the present application, it also includes:

预处理模块,用于从EDR中心服务器中下载白名单;标注并锁定机密文件。The preprocessing module is used to download the whitelist from the EDR center server; mark and lock confidential files.

相应于上面的方法实施例,本申请实施例还提供了一种电子设备,下文描述的一种电子设备与上文描述的一种文件传输控制方法可相互对应参照。Corresponding to the above method embodiments, the embodiments of the present application further provide an electronic device, and an electronic device described below and a file transmission control method described above can be referred to each other correspondingly.

参见图5所示,该电子设备包括:Referring to Figure 5, the electronic device includes:

存储器332,用于存储计算机程序;memory 332 for storing computer programs;

处理器322,用于执行计算机程序时实现上述方法实施例的文件传输控制方法的步骤。The processor 322 is configured to implement the steps of the file transmission control method of the above method embodiments when executing the computer program.

具体的,请参考图6,图6为本实施例提供的一种电子设备的具体结构示意图,该电子设备可因配置或性能不同而产生比较大的差异,可以包括一个或一个以上处理器(central processing units,CPU)322(例如,一个或一个以上处理器)和存储器332,存储器332存储有一个或一个以上的计算机应用程序342或数据344。其中,存储器332可以是短暂存储或持久存储。存储在存储器332的程序可以包括一个或一个以上模块(图示没标出),每个模块可以包括对数据处理设备中的一系列指令操作。更进一步地,中央处理器322可以设置为与存储器332通信,在电子设备301上执行存储器332中的一系列指令操作。Specifically, please refer to FIG. 6. FIG. 6 is a schematic diagram of a specific structure of an electronic device provided in this embodiment. The electronic device may vary greatly due to different configurations or performances, and may include one or more processors ( central processing units (CPU) 322 (eg, one or more processors) and memory 332 that stores one or more computer applications 342 or data 344 . Among them, the memory 332 may be short-lived storage or persistent storage. The programs stored in memory 332 may include one or more modules (not shown), each of which may include a series of instructions to operate on a data processing device. Furthermore, the central processing unit 322 may be configured to communicate with the memory 332 to execute a series of instruction operations in the memory 332 on the electronic device 301 .

电子设备301还可以包括一个或一个以上电源326,一个或一个以上有线或无线网络接口350,一个或一个以上输入输出接口358,和/或,一个或一个以上操作系统341。Electronic device 301 may also include one or more power supplies 326 , one or more wired or wireless network interfaces 350 , one or more input output interfaces 358 , and/or, one or more operating systems 341 .

上文所描述的文件传输控制方法中的步骤可以由电子设备的结构实现。The steps in the file transfer control method described above may be implemented by the structure of the electronic device.

相应于上面的方法实施例,本申请实施例还提供了一种可读存储介质,下文描述的一种可读存储介质与上文描述的一种文件传输控制方法可相互对应参照。Corresponding to the above method embodiments, the embodiments of the present application further provide a readable storage medium, and a readable storage medium described below and a file transmission control method described above may refer to each other correspondingly.

一种可读存储介质,可读存储介质上存储有计算机程序,计算机程序被处理器执行时实现上述方法实施例的文件传输控制方法的步骤。A readable storage medium, on which a computer program is stored, and when the computer program is executed by a processor, implements the steps of the file transmission control method in the above method embodiment.

该可读存储介质具体可以为U盘、移动硬盘、只读存储器(Read-Only Memory,ROM)、随机存取存储器(Random Access Memory,RAM)、磁碟或者光盘等各种可存储程序代码的可读存储介质。The readable storage medium may specifically be a USB flash drive, a mobile hard disk, a read-only memory (Read-Only Memory, ROM), a random access memory (Random Access Memory, RAM), a magnetic disk, or an optical disk, etc. that can store program codes. Readable storage medium.

本领域技术人员还可以进一步意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,能够以电子硬件、计算机软件或者二者的结合来实现,为了清楚地说明硬件和软件的可互换性,在上述说明中已经按照功能一般性地描述了各示例的组成及步骤。这些功能究竟以硬件还是软件方式来执行,取决于技术方案的特定应用和设计约束条件。本领域技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本申请的范围。Those skilled in the art may further realize that the units and algorithm steps of each example described in conjunction with the embodiments disclosed herein can be implemented in electronic hardware, computer software, or a combination of the two, in order to clearly illustrate the hardware and software In the above description, the components and steps of each example have been generally described according to their functions. Whether these functions are performed in hardware or software depends on the specific application and design constraints of the technical solution. Skilled artisans may use different methods for implementing the described functionality for each particular application, but such implementations should not be considered beyond the scope of this application.

Claims (10)

1. A file transfer control method, comprising:
performing flow packet capturing on all external links of the target network card to obtain a flow packet;
screening a target flow packet with a file suffix name from the flow packets;
merging the traffic fragments with the same file name in the target traffic packets to obtain a complete file;
if the complete file is a confidential file, acquiring destination end information corresponding to the complete file;
and if the destination terminal information is not matched with the external connection white list, blocking network transmission corresponding to the complete file.
2. The method according to claim 1, wherein the obtaining destination information corresponding to the complete file includes:
acquiring destination end information from a target flow packet corresponding to the complete file; the destination information includes a destination IP address and/or a destination MAC address.
3. The file transfer control method according to claim 1, further comprising:
receiving and analyzing a file copying request, and determining a target file to be copied and an external storage;
judging whether the target file is a confidential file or not;
if yes, verifying whether the peripheral storage is in a peripheral storage white list;
if so, copying the target file to the peripheral storage; if not, the target file is prohibited from being copied to the peripheral for storage.
4. The file transfer control method of claim 3, wherein the peripheral storage is not storing a white list at the peripheral storage, further comprising:
registering the peripheral storage;
if the registration is successful, copying the target file to the peripheral storage;
and if the registration fails, prohibiting copying the target file to the peripheral for storage.
5. The file transfer control method according to claim 3, wherein determining whether the target file is a confidential file comprises:
calculating a target MD5 value of the target file;
and if the target MD5 value is in the MD5 value corresponding to the machine-encrypted file, determining that the target file is a confidential file.
6. The file transfer control method according to claim 3, wherein determining whether the target file is a confidential file includes:
reading header file information of the target file;
and if the header file information has the confidential identification, determining that the target file is a confidential file.
7. The file transfer control method according to any one of claims 1 to 6, characterized by further comprising:
downloading a white list from an EDR center server;
confidential documents are marked and locked.
8. A file transfer control apparatus, comprising:
the packet capturing module is used for capturing the traffic of all external links of the target network card to obtain a traffic packet;
the flow packet screening module is used for screening a target flow packet with a file suffix name from the flow packets;
the file merging module is used for merging the traffic fragments with the same file name in the target traffic packets to obtain a complete file;
the information acquisition module is used for acquiring destination terminal information corresponding to the complete file if the complete file is a confidential file;
and the transmission blocking module is used for blocking the network transmission corresponding to the complete file if the destination terminal information is not matched with the external connection white list.
9. An electronic device, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the file transfer control method according to any one of claims 1 to 7 when executing the computer program.
10. A readable storage medium, characterized in that the readable storage medium has stored thereon a computer program which, when being executed by a processor, carries out the steps of the file transfer control method according to any one of claims 1 to 7.
CN202110789018.4A 2021-07-13 2021-07-13 File transmission control method, device and equipment and readable storage medium Active CN113542264B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110789018.4A CN113542264B (en) 2021-07-13 2021-07-13 File transmission control method, device and equipment and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110789018.4A CN113542264B (en) 2021-07-13 2021-07-13 File transmission control method, device and equipment and readable storage medium

Publications (2)

Publication Number Publication Date
CN113542264A CN113542264A (en) 2021-10-22
CN113542264B true CN113542264B (en) 2022-08-26

Family

ID=78098777

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110789018.4A Active CN113542264B (en) 2021-07-13 2021-07-13 File transmission control method, device and equipment and readable storage medium

Country Status (1)

Country Link
CN (1) CN113542264B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116112484A (en) * 2023-03-07 2023-05-12 芜湖雄狮汽车科技有限公司 File fragment upload method, device, vehicle and storage medium

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102957673A (en) * 2011-08-24 2013-03-06 腾讯科技(深圳)有限公司 Method, device and system for processing information
CN104869174A (en) * 2015-06-15 2015-08-26 北京邮电大学 File transmission method based on third party message-oriented middle-ware
CN105843916A (en) * 2016-03-24 2016-08-10 上海上讯信息技术股份有限公司 Sensitive data detection method and equipment based on file merging
CN106302383A (en) * 2016-07-22 2017-01-04 北京奇虎科技有限公司 The processing method of data access request and processing means
CN106453358A (en) * 2016-11-02 2017-02-22 四川秘无痕信息安全技术有限责任公司 MAC protocol realization method and device for adjusting working cycles based on energy states
CN106533836A (en) * 2016-11-29 2017-03-22 杭州迪普科技股份有限公司 Method and apparatus for displaying data packet contents
CN107733834A (en) * 2016-08-10 2018-02-23 中国移动通信集团甘肃有限公司 A kind of leakage prevention method and device
CN108881211A (en) * 2018-06-11 2018-11-23 杭州盈高科技有限公司 A kind of illegal external connection detection method and device
CN108933805A (en) * 2017-05-26 2018-12-04 武汉斗鱼网络科技有限公司 A kind of document transmission method and system
CN109361754A (en) * 2018-11-05 2019-02-19 中国广核电力股份有限公司 A kind of document transmission method and device based on browser
CN109804610A (en) * 2017-03-23 2019-05-24 柏思科技有限公司 Limit the method and system of the data traffic transmission of the equipment with network function
CN112398916A (en) * 2020-10-29 2021-02-23 北京华云安信息技术有限公司 File transmission method and device based on HTTP (hyper text transport protocol)

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4854000B2 (en) * 2005-11-02 2012-01-11 株式会社日立ソリューションズ Confidential file protection method
EP2963864B1 (en) * 2014-07-04 2019-04-24 Volkswagen Aktiengesellschaft Computing system and method for identifying files transmitted to an external network

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102957673A (en) * 2011-08-24 2013-03-06 腾讯科技(深圳)有限公司 Method, device and system for processing information
CN104869174A (en) * 2015-06-15 2015-08-26 北京邮电大学 File transmission method based on third party message-oriented middle-ware
CN105843916A (en) * 2016-03-24 2016-08-10 上海上讯信息技术股份有限公司 Sensitive data detection method and equipment based on file merging
CN106302383A (en) * 2016-07-22 2017-01-04 北京奇虎科技有限公司 The processing method of data access request and processing means
CN107733834A (en) * 2016-08-10 2018-02-23 中国移动通信集团甘肃有限公司 A kind of leakage prevention method and device
CN106453358A (en) * 2016-11-02 2017-02-22 四川秘无痕信息安全技术有限责任公司 MAC protocol realization method and device for adjusting working cycles based on energy states
CN106533836A (en) * 2016-11-29 2017-03-22 杭州迪普科技股份有限公司 Method and apparatus for displaying data packet contents
CN109804610A (en) * 2017-03-23 2019-05-24 柏思科技有限公司 Limit the method and system of the data traffic transmission of the equipment with network function
CN108933805A (en) * 2017-05-26 2018-12-04 武汉斗鱼网络科技有限公司 A kind of document transmission method and system
CN108881211A (en) * 2018-06-11 2018-11-23 杭州盈高科技有限公司 A kind of illegal external connection detection method and device
CN109361754A (en) * 2018-11-05 2019-02-19 中国广核电力股份有限公司 A kind of document transmission method and device based on browser
CN112398916A (en) * 2020-10-29 2021-02-23 北京华云安信息技术有限公司 File transmission method and device based on HTTP (hyper text transport protocol)

Also Published As

Publication number Publication date
CN113542264A (en) 2021-10-22

Similar Documents

Publication Publication Date Title
RU2680736C1 (en) Malware files in network traffic detection server and method
JP5396051B2 (en) Method and system for creating and updating a database of authorized files and trusted domains
JP7388613B2 (en) Packet processing method and apparatus, device, and computer readable storage medium
US20140096246A1 (en) Protecting users from undesirable content
JP5802848B2 (en) Computer-implemented method, non-temporary computer-readable medium and computer system for identifying Trojanized applications (apps) for mobile environments
CN112165455A (en) Data access control method and device, computer equipment and storage medium
JP2009543163A (en) Software vulnerability exploit prevention shield
CN110879891B (en) Vulnerability detection method and device based on web fingerprint information
CN112468520A (en) Data detection method, device and equipment and readable storage medium
US20080256634A1 (en) Target data detection in a streaming environment
CN110880983A (en) Penetration testing method and device based on scene, storage medium and electronic device
US10192262B2 (en) System for periodically updating backings for resource requests
CN110768951A (en) Method and device for verifying system vulnerability, storage medium, and electronic device
CN111030963A (en) Document tracking method, gateway device and server
CN111865996A (en) Data detection method and device and electronic equipment
KR101372906B1 (en) Method and system to prevent malware code
CN113542264B (en) File transmission control method, device and equipment and readable storage medium
CN110768950A (en) Method and device for sending penetration instruction, storage medium, and electronic device
CN110768947B (en) Penetration test password sending method and device, storage medium and electronic device
US10013237B2 (en) Automated approval
US8453239B2 (en) Secure third party scripting environment
CN111147447A (en) Data protection method and system
Foukarakis et al. Deep packet anonymization
CN117439739A (en) Security protection method and system for interface requests
CN114866532A (en) Method, device, equipment and medium for uploading security check result information of endpoint file

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20211022

Assignee: Hangzhou Anheng Information Security Technology Co.,Ltd.

Assignor: Dbappsecurity Co.,Ltd.

Contract record no.: X2024980043366

Denomination of invention: A file transfer control method, device, equipment, and readable storage medium

Granted publication date: 20220826

License type: Common License

Record date: 20241231

EE01 Entry into force of recordation of patent licensing contract