Manage detection models - Data Security Center - Alibaba Cloud Documentation Center

Detection models define rules on how to detect sensitive data in your assets. Data Security Center (DSC) provides built-in detection models and allows you to customize models. You can use these models to create your own methods of sensitive data detection. This topic describes how to view built-in detection models and create, edit, or delete custom detection models.

View built-in detection models

The built-in sensitive data detection models provided by DSC apply to regular sensitive data, such as mobile numbers and ID card numbers. You can view the model names, sensitivity levels, and rule information of the built-in detection models provided by DSC. To view the built-in models provided by DSC, perform the following steps:

Log on to the DSC console.
In the left-side navigation pane, choose Sensitive data discovery > Identification Rules.
On the Identification Rules page, click the Detection Models tab.
Select Built-in from the Rule source drop-down list.
View the list of built-in detection models.
You can view information on built-in detection models, such as the model names.
To view the details of a specific built-in detection model, find the model and click Details in the Operation column.

Note You cannot edit or delete built-in detection models.
In the ViewCustom Detection Model dialog box, view the details of the built-in detection model.
You can view the model name, sensitivity level, and rule information of the model.

Create a custom detection model

DSC detects sensitive data in objects or tables and generates alerts based on sensitive data detection rules defined in detection models. If the built-in detection models cannot meet your business requirements, perform the following steps to create a custom detection model:

Log on to the DSC console.
In the left-side navigation pane, choose Sensitive data discovery > Identification Rules.
On the Identification Rules page, click the Detection Models tab.
On the Detection Models tab, click Create Custom Detection Model.

In the AddCustom Detection Model dialog box, set the following parameters.


Parameter	Description
Model Name	The name of the custom detection model.
Sensitivity level	The sensitivity level of the sensitive data that is detected based on the rules defined by the custom detection model. Valid values: S1: level 1 sensitive data S2: level 2 sensitive data S3: level 3 sensitive data S4: level 4 sensitive data S5: level 5 sensitive data Note A larger suffix indicates a higher sensitivity level. S5 indicates the highest sensitivity level.
Rules	The rules on how to detect sensitive data. Valid values: Regular matching: uses a regular expression to detect sensitive data. Examples: `Exampleoo+a`: Data such as Exampleooa, Exampleoooa, and Exampleooooooa is detected as sensitive. The plus sign (`+`) indicates one or more repetitions of the preceding character. `Exampleooa`: Data such as Exampleoa, Exampleooa, and Exampleooooooa is detected as sensitive. The asterisk (``) indicates zero or more repetitions of the preceding character. `Exampleo?a`: Data such as Examplea and Exampleoa is detected as sensitive. The question mark (`?`) indicates zero or one repetition of the preceding character. Does not contain: detects data that does not contain the specified keyword. Contains: detects data that contains the specified keyword. You can create multiple detection rules in a detection model. To create multiple detection rules, click Create More. Notice If a custom model defines multiple rules, data is detected as sensitive only if the data meets all the rules of the model. The Does not contain rules can be used to reduce false positives. We recommend that you use this type of rules together with other rules. The built-in models provided by DSC apply to mobile numbers and ID card numbers. We recommend that you check whether the rules that you want to define have been covered by the built-in models provided by DSC before you create a custom model. For more information, see View built-in detection models.
Model Description	The description of the custom detection model.

Click OK.
After you create the detection model, you can view the information of the model in the model list.

View, edit, and delete a custom detection model

DSC allows you to view, edit, and delete custom detection models. This section describes how to view, edit, and delete a custom detection model.

Log on to the DSC console.
In the left-side navigation pane, choose Sensitive data discovery > Identification Rules.
On the Identification Rules page, click the Detection Models tab.
Select Customize from the Rule source dialog box.
Find the custom detection model that you want to manage and perform the following operations:
- View the details of the custom detection model
  Click Details in the Operation column. In the ViewCustom Detection Model dialog box, view the details of the custom detection model.
- Edit a custom detection model
  Click Edit in the Operation column. In the ModifyCustom Detection Model dialog box, modify the parameters and click OK. For more information about the parameters, see Parameter description.
  
  Notice If the custom detection model is used by a sensitive data detection template that is enabled, the modification takes effect the next time when DSC scans data. The sensitive data that was detected based on the original model is not affected.
- Delete a custom detection model
  Click Delete in the Operation column. In the message that appears, click OK.
  Notice
  
  Delete a custom detection model with caution. After you delete a custom detection model, DSC cannot use this model to detect sensitive data.
  
  After you delete a custom detection model, the sensitive data that was detected based on the model is not affected.