阅读说明：本技术 一种计算机外接设备数据审计过滤的方法 (Method for auditing and filtering data of computer external equipment ) 是由 李云飞 于 2021-08-22 设计创作，主要内容包括：本发明涉及一种计算机外接设备数据审计过滤的方法,包括以下步骤：S1：首先,对计算机内数据进行分类标识,把敏感数据标识出来,标识方式可以以文件类型进行区分,也可以根据文件内容进行区分标识,标识打在文件头上；S2：然后对外设的设备驱动的数据通信进行记录、跟踪和继续标识；其中,所述数据通信包括对数据的读取、内存操作；S3：当数据到达设备驱动过滤模块时,进行比对识别,符合规则的数据则通过,发现存在标识的敏感数据则进行拦截或告警,任何发给设备驱动的数据都将被进行记录。(The invention relates to a method for auditing and filtering data of computer peripheral equipment, which comprises the following steps: s1: firstly, classifying and marking data in a computer, and marking sensitive data, wherein the marking mode can be distinguished by file types, and can also be distinguished and marked according to file contents, and the mark is printed on a file header; s2: then recording, tracking and continuing to mark the data communication of the peripheral equipment drive; the data communication comprises reading of data and memory operation; s3: when the data reaches the equipment drive filtering module, the comparison and identification are carried out, the data which accords with the rule passes, the sensitive data with the identification is found to be intercepted or alarmed, and any data sent to the equipment drive is recorded.)

1. A method for auditing and filtering data of a computer peripheral device comprises the following steps:

s1: firstly, classifying and marking data in a computer, marking sensitive data, and marking the sensitive data on a file header;

s2: then recording, tracking and continuing to mark the data communication of the peripheral equipment drive;

s3: when the data reaches the equipment drive filtering module, the comparison and identification are carried out, the data which accords with the rule passes, the sensitive data with the identification is found to be intercepted or alarmed, and any data sent to the equipment drive is recorded.

2. The method for performance amplification of cryptographic chips of claim 1, wherein: in step S1, the classification flag may be distinguished by file type, or may be distinguished according to file content.

3. The method for performance amplification of cryptographic chips of claim 1 or 2, wherein: in step S2, the peripheral device driver may be one or more of a USB driver, a serial driver, a network interface driver, and a parallel driver.

4. The method for performance amplification of cryptographic chips of claim 1 or 2, wherein: in step S2, the data communication includes reading data and performing a memory operation.

5. The method for performance amplification of cryptographic chips of claim 1, wherein: the sensitive data is a dwg file.

Technical Field

The invention relates to a method for recording, auditing and filtering when external equipment of a computer is accessed into the computer through a USB port, a network port, a serial port and a parallel port and data is transmitted from the computer to the external equipment.

Background

Because of the requirements of the scene, some external devices often need to access the computer through a USB port, a serial port, a network port and a parallel port, and perform communication and data transmission with the computer, and at this time, the communication content and the transmission data cannot be monitored. Like the embedded research and development scene of unmanned aerial vehicle research and development, research and development personnel often need to debug and burn computer and unmanned aerial vehicle's control panel through USB line or net twine connection, and just can save any data on the computer to the embedded development board through the mode of copying or burning, uploading this moment, unable supervision, have the data to reveal the risk. The existing method is usually to forbid the USB port, the serial port, the network port and the parallel port, and cannot allow the USB port, the serial port, the network port and the parallel port to be used and perform data filtering and auditing, because if the USB port, the serial port, the network port and the parallel port are only forbidden, the development efficiency is greatly damaged.

Disclosure of Invention

The invention aims at the situation that external equipment is frequently accessed into a computer through a USB port, a serial port, a network port and a parallel port, the technology carries out data interception and identification before all external communication drivers receive data through a monitoring module and a communication information filtering module of the external equipment driver in a computer operating system, refuses or warns according to rules when finding that the data which is not allowed by the rules are transmitted, only allows necessary data to be issued to the external drivers, and records all data behaviors.

The technical scheme of the invention is as follows:

a method for auditing and filtering data of a computer peripheral device comprises the following steps:

s1: firstly, classifying and marking data in a computer, and marking sensitive data, wherein the marking mode can be distinguished by file types, and can also be distinguished and marked according to file contents, and the mark is printed on a file header;

s2: then recording, tracking and continuously identifying the data communication of peripheral equipment drivers (USB driver, serial port driver, network port driver and parallel port driver); the data communication comprises reading of data and memory operation;

s3: when the data reaches the device driver filtering module, the comparison and identification are carried out, the data which accords with the rule passes, the sensitive data (such as dwg files) with the identification is found to be intercepted or alarmed, and any data sent to the device driver is recorded.

The invention has the beneficial technical effects that:

before the invention, data leakage, particularly data leakage in an embedded research and development scene, can be controlled only by forbidding external equipment of a computer, so that the working efficiency is greatly reduced, and direct debugging cannot be carried out.

By the method, research personnel can use the external equipment, all data flow directions are supervised in the using process of the external equipment, and the work efficiency of the research personnel is improved.

Drawings

FIG. 1 is a schematic diagram of a data audit filtering method for a computer peripheral device.

FIG. 2 is a schematic diagram of a data audit filtering process of a computer peripheral device.

Detailed Description

To more clearly illustrate the above objects, features and advantages of the present invention, a detailed description of the embodiments of the present invention is provided in this section in conjunction with the accompanying drawings. As the present invention may be embodied in several forms other than the embodiments described in this section, those skilled in the art should appreciate that they may readily use the present invention as a basis for modifying or modifying other embodiments of the present invention without departing from the spirit or scope of the present invention. The protection scope of the present invention shall be subject to the claims.

In the following description, for clarity and conciseness of description, not all of the various components shown in the figures have been described in detail. The various components that one of ordinary skill in the art would be fully capable of carrying out the present invention are shown in the figures, the operation of many of which is familiar and obvious to those skilled in the art.

As shown in fig. 1-2, a method for auditing and filtering data of a computer peripheral device includes the following steps:

s1: firstly, classifying and marking data in a computer, and marking sensitive data, wherein the marking mode can be distinguished by file types, and can also be distinguished and marked according to file contents, and the mark is printed on a file header;

s2: then recording, tracking and continuously identifying the data communication of peripheral equipment drivers (USB driver, serial port driver, network port driver and parallel port driver); the data communication comprises reading of data and memory operation;

s3: when the data reaches the device driver filtering module, the comparison and identification are carried out, the data which accords with the rule passes, the sensitive data (such as dwg files) with the identification is found to be intercepted or alarmed, and any data sent to the device driver is recorded.

While the foregoing is directed to embodiments of the present invention, some of which are illustrated and described in detail herein, it will be apparent to those skilled in the art that the present invention may be embodied in many other forms without departing from the spirit or scope of the invention. Accordingly, the present examples and embodiments are to be considered as illustrative and not restrictive, and various modifications and substitutions may be made therein without departing from the spirit and scope of the present invention as defined by the appended claims.