Most security tools for data classification are based on pattern matching and relative sensitivity, and then record the results in the repository or as tags or tags on documents. Sensitive data recognition strategy is a core capability point of data recognition.

Most of the tools on the market choose to cut in from data with obvious data characteristics. For example, the ID card number has a fixed code, the mobile phone number has a fixed digit format, the name, nationality and so on all have the meaning that is easy to define and distinguish, and the recognition strategy is easy to design.

Customer-specific and growing business data often do not have obvious data characteristics and may even have ambiguity under the framework of data classification and classification. For example, a name, which may be an employee or a user, has different importance and sensitivity in different business scenarios and data categories. For example, the number 35 can be a house number, temperature-virtually anything, and when data classification and grading products are limited to pattern matching for discovery and classification, it is almost impossible to find out what a business data is without obvious data features.

Through user-defined rules, sensitive data is automatically identified, and its structured tables or unstructured files are scanned as a whole using its own rules or custom rules.

Identify sensitive fields (periodic triggers) by periodically scanning the entire library. If tables and fields are added or modified and sensitive fields are identified by incremental scanning, it is necessary to monitor the operation of the database on tables or fields to specify tables or fields for sensitive identification scanning, combined with database agent service.

Bank card number, certificate number, mobile phone number, there are clear rules, can be matched according to regular expressions and algorithms; names, special fields, no clear information, may be any string, can be matched by configuring keywords; business licenses, addresses, pictures, etc., without clear rules, can be identified through natural language algorithms, using open source algorithm libraries.

For customers who have done metadata carding or manual classification and grading, you can derive the field names of sensitive data, enter the names of sensitive data corresponding to table fields in the database in the data classification and grading tool, and directly match 100% of sensitive data to sensitive data, which can avoid repetitive work.

The results identified by technical tools are not as accurate as manual, so the manual secondary confirmation should be reserved in the process of sensitive data identification to improve the accuracy.

Idealized technical tools for data classification and classification should have the semantic ability of data classification-to determine the actual situation of the data and business scenarios, rather than relying on preconfigured identifiers.

Machine learning is one of the trends of strategic technology in the future. today's most advanced machine learning and artificial intelligence systems are surpassing the traditional rule-based algorithms. Machine learning plays an important role in the current big data technology. Machine learning is devoted to studying how to improve the performance of the system by means of computing and using experience. In computer systems, "experience" usually exists in the form of "data". Therefore, the main content of machine learning is about the algorithm of generating "model" from data on computer, that is, "learning algorithm".

First of all, the document fingerprint features are extracted manually or by perceptual algorithm to detect the retrieved parts, drafts or different versions of the protected document of the original document. The second step is to learn and train sensitive documents. When obtaining documents with sensitive content, we use the technology of semantic analysis to segment words, put forward the fingerprint model of sensitive information documents that need to be studied and trained, and then use the same method to capture the fingerprints of the tested documents or contents, and compare the obtained fingerprints with the trained fingerprints. Confirm whether the detected document is a sensitive information document according to the preset similarity threshold.

The supervised learning algorithm needs to collect a certain amount of training data and label the data manually, such as sensitive / non-sensitive tags (two classification scenarios). Then select the corresponding supervised learning algorithm, such as support vector, decision tree, random forest, neural network and so on, and then train the training data and adjust the parameters. After the completion of the training, the output model is applied to the new data for intelligent identification and prediction, and the data type-sensitive / non-sensitive data is output automatically.

At present, some companies claim to use machine learning and clustering algorithms to achieve large-scale data classification to automatically discover personal data and other sensitive data, but the efficiency, recognition accuracy and scalability of the algorithm are still a series of challenging key issues.

Deep learning is a major branch of machine learning. In natural language processing, it is necessary to apply deep learning models, such as convolution neural network, cyclic neural network, etc., to complete the process of natural language classification and understanding by learning the generated word vectors.

Compared with traditional machine learning, natural language processing technology based on deep learning has the following advantages:

Automatic classification and classification of data. The identified data assets are analyzed with the built-in identification model and configured classification and classification rules, and sensitive data identification and data classification are completed automatically.

The results of classification and classification are displayed. After completing the automatic marking of classification and classification, it is necessary to display the list of data classification and classification results that are automatically identified for review and approval, and support manual modification.