CN102456032A - Database security protection method and device - Google Patents
Database security protection method and device Download PDFInfo
- Publication number
- CN102456032A CN102456032A CN2010105233067A CN201010523306A CN102456032A CN 102456032 A CN102456032 A CN 102456032A CN 2010105233067 A CN2010105233067 A CN 2010105233067A CN 201010523306 A CN201010523306 A CN 201010523306A CN 102456032 A CN102456032 A CN 102456032A
- Authority
- CN
- China
- Prior art keywords
- critical field
- model
- access
- exception
- critical
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention provides a database security protection method and device, relating to the network technology field and solving the problem of low database security. The method comprises the following steps: receiving and analyzing a data message and extracting operations to preset key fields and operation related information from the data message; carrying out statistics on the operation frequency of each key field and generating a key field detection model according to the statistical results and the operation related information; and detecting key field access exception and key field operation exception by the key field detection model. The technical scheme provided by the invention is applicable to large databases.
Description
Technical field
The present invention relates to networking technology area, relate in particular to a kind of database security guard method and device.
Background technology
The development of information society makes and need organize, store and protect for lot of data that the thing followed is exactly a large amount of commercial data bases and the use on a large scale in private data storehouse, like DB2, Oracle, MySQL or the like.A large amount of uses of database have brought many safety problems.Intrusion detection and firewall system can solve from the threat of outside and attack, and still threat operation or the violation operation for database inside is helpless.And the data bank service auditing system of current popular can be loyal all database manipulations of record, but be to lack to find and protective capability for whether there being unusual or potential safety hazard among these operations.
In the middle of fields such as finance, telecommunications, always comprising some sensitive datas in the mass data of storing in the large database is must be protected to avoid increasing, delete or distorting of some violations.Especially for the significant data of some value type, exercisable scope normally has certain limitation, and present safety product is the certain operations that can't find to run counter to these restrictions.What for example certain telecom operators inside had that the office worker takes advantage of one's position and power just increases integration on the number of the account of oneself, though each number of points that increases is few, for the modification number of times of this critical field showed increased under the normal condition more at ordinary times.What and for example certain Corporate Finance personnel took advantage of one's position and power just appropriates public funds for personal use on individual number of the account, and number is huge, well beyond the numerical range of its number of the account regular job.These cases have explained that all the internal user of only can auditing is far from being enough for the operation of database; It all is normal being similar to central its operation of above-mentioned case; And the unusual hidden danger of wherein hiding has often caused the consequence that can't remedy when coming to light.This shows that there are security breaches in available data storehouse method of operating, safeness of Data Bank is lower.
Summary of the invention
Embodiments of the invention provide a kind of database security guard method, have solved the low problem of database security.
A kind of database security guard method comprises:
Receive and the resolution data message, extract in this data message operation the critical field that presets, and the operation relevant information;
Add up the operated number of times of each critical field, and, generate the critical field detection model according to statistics and said operation relevant information;
Detect critical field access exception and critical field operation exception according to said critical field detection model.
Further, above-mentioned database security guard method also comprises:
Select part or all of field as critical field according to database protocol form and predetermined word segment value.
Further, said operation relevant information comprises access time, calling party, visit IP and operand value.
Further, said critical field detection model comprises critical field Access Model and critical field operation model, saidly generates the critical field detection model according to statistics and comprises:
According to the statistics of a plurality of observation cycles in the last measurement period of current time, use the self study mode, generate the critical field Access Model, comprise the Access Model threshold value in the said critical field Access Model;
According to the operand value that comprises in the said operation relevant information of extracting in the last sample window of current time, use the self study mode, generate the critical field operation model, comprise predicted value and error prediction value in the said critical field operation model.
Further, comprise according to said critical field detection model detection critical field access exception and critical field operation exception:
With the actual value to the number of operations of critical field of adding up in the observation cycle, compare with the critical field Access Model threshold value of this critical field, judge according to departure degree whether current visit to this critical field exists unusually; With,
, compare the operand value of critical field each time, judge according to departure degree whether current operation to this critical field exists unusually with the predicted value and the error prediction value of the critical field operation model of this critical field.
Further, above-mentioned database security guard method also comprises:
When detecting critical field access exception or critical field operation exception, send alarm.
The present invention also provides a kind of database security protective device, comprises protocol resolver, Data Generator, detection model maker and abnormality detection module;
Said protocol resolver is used for receiving and the resolution data message;
Data Generator is used for extracting the operation of said data message to the critical field that presets, and the operation relevant information, adds up the operated number of times of each critical field;
The detection model maker is used for statistics and said operation relevant information according to said Data Generator, generates the critical field detection model;
Said abnormality detection module is used for detecting critical field access exception and critical field operation exception according to said critical field detection model.
Further, said detection model maker comprises critical field Access Model generation unit and critical field operation model generation unit;
Said critical field Access Model generation unit is used for the statistics according to a plurality of observation cycles in the last measurement period of current time, uses the self study mode, generates the critical field Access Model, comprises the Access Model threshold value in the said critical field Access Model;
Said critical field operation model generation unit; Be used for the operand value that comprises according to the said operation relevant information of extracting in the last sample window of current time; Use the self study mode; Generate the critical field operation model, comprise predicted value and error prediction value in the said critical field operation model.
Further, said abnormality detection module comprises access exception detecting unit and operation exception detecting unit;
Said access exception detecting unit is used for the statistics according to said critical field Access Model and the operated number of times of each critical field, judges whether to produce the critical data access exception;
Said operation exception detecting unit is used for the operand value that comprises according to said critical field operation model and said operation relevant information, judges whether to produce the critical data operation exception.
Further, said Data Generator also is used for selecting part or all of field as critical field according to database protocol form and predetermined word segment value.
Database security guard method provided by the invention and device when receiving data message, are resolved this data message; Extract in this data message operation to the critical field that presets, and the operation relevant information, operated number of times of each critical field and operation relevant information added up; And according to statistics generation critical field detection model; And, detect critical field access exception and critical field operation exception, through the means of self study according to the statistics of said critical field detection model, the operated number of times of each critical field and operation relevant information; Make the real-time discovery database of system unusual, solved the low problem of database security.
Description of drawings
The structural representation of a kind of database security protective device that Fig. 1 provides for embodiments of the invention;
The process flow diagram of a kind of database security guard method that Fig. 2 provides for embodiments of the invention.
Embodiment
Embodiments of the invention provide a kind of database security guard method and device that is used for the critical field of appointment in the middle of the Database Systems is carried out security protection; Described data base key section safety protection technique can satisfy: under the actual database service environment, pass through record and statistics to the various operations of this critical field; Set up the critical field Access Model and the critical field operation model of this critical field; And respectively the visit behavior and the operation behavior of this critical field are detected with two kinds of models that generate, these two kinds of models all can carry out model modification to adapt to the needs of detection through the self study mode simultaneously.Database security guard method and device that the embodiment of the invention provided; Can be according in the database environment of actual acquisition the operation information of designated key field being set up the Access Model machine operation model of this data base key section and dynamically model being adjusted with the self study mode; Can find the abnormal behaviour hidden in the middle of all kinds of visits of this data base key section and the operation behavior; Thereby reflect that to a certain extent the potential safety hazard that possibly exist reports user or keeper, for Database Systems provide safeguard function.
At first combine accompanying drawing, a kind of database security protective device that embodiments of the invention are provided describes.Of Fig. 1, this database security protective device comprises: protocol resolver 101, Data Generator 102, detection model maker 103 and abnormal detector 104.
Said protocol resolver 101 is used for receiving and the resolution data message;
Data Generator 102 is used for extracting the operation of said data message to the critical field that presets, and the operation relevant information, adds up the operated number of times of each critical field;
Detection model maker 103 is used for statistics and said operation relevant information according to said Data Generator 102, generates the critical field detection model;
Said abnormal detector 104 is used for statistics and operation relevant information according to said critical field detection model, the operated number of times of each critical field, detects critical field access exception and critical field operation exception.
Further, said detection model maker 103 comprises critical field Access Model generation unit 1031 and critical field operation model generation unit 1032;
Said critical field Access Model generation unit 1031 is used for the statistics according to a plurality of observation cycles in the measurement period, generates the critical field Access Model, comprises the Access Model threshold value in the said critical field Access Model;
Said critical field operation model generation unit 1032 is used for the operand value that comprises according to said operation relevant information, generates the critical field operation model, comprises predicted value and error prediction value in the said critical field operation model.
Further, said abnormal detector 104 comprises access exception detecting unit 1041 and operation exception detecting unit 1042;
Said access exception detecting unit 1041 is used for the statistics according to said critical field Access Model and the operated number of times of each critical field, judges whether to produce the critical data access exception;
Said operation exception detecting unit 1042 is used for the operand value that comprises according to said critical field operation model and said operation relevant information, judges whether to produce the critical data operation exception.
Below in conjunction with database security protective device shown in Figure 1, a kind of database security guard method that embodiments of the invention are provided describes.
The database security guard method of using embodiments of the invention to provide, the flow process of database being carried out safeguard protection is as shown in Figure 2, comprising:
In this step; Data message according to actual acquisition carries out protocol analysis; Extract each field in the message; The critical field that is preset in each field and the embodiments of the invention is compared, in finding message, exist when presetting the identical field of critical field, the operation relevant information of this field is provided.
Concrete, at first, the data message of catching is operated, carry out the corresponding database operation behavior according to different database protocol forms and extract.The information of for example extracting possibly be:
SELECT?fname,lname,pcode?FROM?cust?WHERE?id=:cust_no;
exec:cust_no:=674;
SELECT?fname,lname,pcode?FROM?cust?WHERE?id=:cust_no;
exec:cust_no:=836;
Suppose that predefined critical field is that table name is employees, field is called salary, then SQL statement
UPDATE?EMPLOYEES?SET?GRADE=16,SALARY=40000WHERE?FIRST_NAME=′Indiana′AND?LAST_NAME=′Jones′;
Will be as the object of this step process.
Need statistics to meet the operation relevant information of all database manipulations of critical field setting in the middle of this step.SQL statement like above-mentioned example; Need to generate access time to this field, calling party, visit IP etc.; Concrete operation relevant information of gathering can be provided with adjustment according to user's request; These operation relevant informations will offer the detection model maker in order to generate the critical field Access Model, need write down numerical value for the operation of this critical field in addition, and as above in the example, this numerical value is 40000.What count at every turn will offer the detection model maker in order to generate the critical field operation model for the numerical value of the operation of this critical field.
In the embodiment of the invention, the critical field detection model comprises critical field Access Model and critical field operation model, and the critical field Access Model is used to find the critical field access exception, and the critical field operation model is used to find the critical field operation exception.
The method that generates the critical field Access Model is following:
The access time of the critical field that generates in the last step of foundation, calling party, visit IP etc. carry out each observation cycle, and (the observation cycle here is predefined; As 5 minutes; Need to add up the access times within 5 minutes; Here need write down the access times in each observation cycle, when generation model, use.The interior statistics of observation cycle is a sampling.The time range of setting according to baseline, as 1 hour be 1 baseline, the observation cycle that produces within this hour is 12.If measurement period was got 5 days, then 60 statisticss that observation cycle write down in 5 days all need to keep.Substituted 12 data of first day afterwards by 12 data of the 6th day, number of samples remains 60) statistics of interior number of operations, the Access Model of generation critical field.
Adopt the self study mode to carry out the generation of model in the embodiment of the invention, can adopt periodic mode of learning or acyclic mode of learning to carry out the generation of detection model as required.Be without loss of generality, embodiment of the invention hypothesis adopts periodic mode of learning to carry out the generation of critical field Access Model, the data object that this model is set up as Access Model according to the database manipulation statistics of the 8:00-9:00 in past 5 days.Observation cycle in this time period is 5 minutes, and then should the observation cycle in the time period be 12 every day, and total observation cycle in past 5 days is 60.With this generate should be in the time period (8:00-9:00) to the critical field Access Model of this critical field.In the embodiment of the invention, calculate the Access Model threshold value according to expression formula one:
Wherein, N is the quantity that comprises the observation cycle of data in the measurement period, xi be in each observation cycle to this critical field number of operations.
σ as the Access Model threshold value, is used to detect the critical field access exception.
In the embodiment of the invention, adopted periodic self-learning algorithm, and reference is 5 days in the past data, then this model threshold will be that unit upgrades according to the difference of historical data with the sky.Be as the criterion with up-to-date critical field detection model when conducting interviews abnormality detection.
This step generates the critical field operation model simultaneously, and concrete grammar is following:
According to the operand value that provides in the last step, generate the operation model of this critical field for this critical field.In the embodiment of the invention, adopt the self study mode to carry out the generation of model, can adopt periodic mode of learning or acyclic mode of learning to carry out the generation of detection model as required.Be without loss of generality; The embodiment of the invention with adopt acyclic mode of learning carry out model be generated as example the time row explanation; The principle that the mode of learning of periodic carries out the model generation is identical with the principle of above-mentioned generation critical field Access Model, is not described in detail in this.When adopting acyclic self study mode to carry out the model generation; Need not set the self study cycle; But need to set the data area of self study, promptly stipulate the length (sample window) of self study sequence, as specifying 50 times nearest in historical data operations as the self study object.Using EWMA (Exponentially Weighted Moving Average, exponentially weighted moving average (EWMA)) algorithm to carry out model in the embodiment of the invention generates.
The fundamental formular of EWMA is shown in expression formula two:
S
t=α x
t+ (1-α) S
T-1Expression formula two
Wherein, S
tBe t phase smooth value, α is a smoothing factor, and span is (0,1), x
tIt is t phase actual observed value.
At first select a suitable smoothing factor α (for example 0.3 expression currency weight 0.3, historical data weight 0.7), make first predicted value equal first actual value of observation sequence, the entering one-period is the prediction initialization of L (as previously mentioned 50).Then according to expression formula two and 50 nearest sample x
iCan obtain 50 sequence prediction value { S
1.S
50.
While error of calculation sequence, first observed reading is because be initial value, and then actual observed value is identical with desired value, and error is 0, afterwards at S of every calculating
iThe time calculate the error amount e of this observation sample simultaneously
i=x
i-S
iLike this at forecasting sequence { S
1.S
50When producing, also produced error sequence { e
1.e
50. we calculate the error prediction value of next sample by 50 nearest observation samples
According to the EWMA fundamental formular, calculate the predicted value of next observation sample simultaneously:
S
L=αx
L-1+(1-α)S
L-1
Here the threshold value that the error prediction value that calculates and the predicted value of next observation sample detect when arriving as next observation sample (operand value that a pair of critical field is operated promptly).In the middle of system's operational process, 50 nearest sample cycle's dynamic calculation current detection threshold values of basis that this step is real-time are promptly calculated current period error prediction value rate, upgrade predicted value and error sequence.The error prediction value and the sample predicted value that comprise with up-to-date critical field operation model when conducting interviews abnormality detection are as the criterion.
In this step, the critical field Access Model critical field operation model of having set up according to step 202 carries out abnormality detection.
At first, the detection to the critical field access exception describes.At real-time monitor stages; With the actual value to the number of operations of this critical field of adding up in certain observation cycle; The critical field Access Model threshold value corresponding with this critical field compares, and judges according to departure degree whether current visit to this critical field exists unusually.Further, also can the Access Model threshold value be refined as mile abnormality threshold value, the unusual threshold value of moderate and the unusual threshold value of severe, to improve the precision of abnormality detection, mile abnormality threshold value, the unusual threshold value of moderate and the unusual threshold value accord with normal distribution of severe.Concrete determination methods is following:
For example, suppose that current point in time is 6:30, the critical field Access Model threshold value of the 6:00-7:00 that need set up with the self study stage the access times of this critical field in the current observation cycle compares.Suppose that this threshold value is: the access times average is 100, and variance is 10, and criterion is default standard (is mile abnormality, moderate are unusual, severely subnormal standard be respectively 2 σ, 3 σ and 4 σ).
Suppose in the current observation cycle that observe access times to this critical field and be 120 times then according to threshold decision: therefore 120-100=20=2 * 10 are mile abnormality.This step is with this testing result report of user or keeper.
Detection method to the critical field operation exception is specific as follows:
At real-time monitor stages,, compare the operand value of this critical field each time with the predicted value and the error prediction value of its model, judge according to departure degree whether current operation to this critical field exists unusually.
Concrete,
| S
n-x
n|<2 σ: normal;
2 σ≤| S
n-x
n|<3 σ:; Mile abnormality
3 σ≤| S
n-x
n|<4 σ:; Moderate is unusual
| S
n-x
n|>=4 σ:; Severe is unusual
Output result of calculation, time window gets into next step detection, judgement to one step of front slide.
For example, suppose that specifying the critical field of certain numeric type is the statistical study object, setting cycle is L=5, smoothing factor α=0.3.Suppose the 1st moment, this field operations numerical value is x
0=50, then force error classifies that { 0} provides down predicted value S constantly simultaneously as
1=50;
In the 2nd moment, this field operations numerical value is x
1=40, error of calculation predicted value then:
e
1=x
1-S
1=40-50=-10, force error classify as 0 ,-10}.
Following predicted value: S constantly
2=α x
1+ (1-α) S
1=0.3 * 40+0.7 * 50=47;
In the 3rd moment, this field operations numerical value is x
2=50, error of calculation predicted value then:
e
2=x
2-S
2=50-47=3, force error classify as 0 ,-10,3}.
Following predicted value: S constantly
3=α x
2+ (1-α) S
2=0.3 * 50+0.7 * 47=48;
In the 4th moment, this field operations numerical value is x
3=60, in like manner can obtain the error formation 0 ,-10,3,12}, the following S of predicted value constantly
4=52.
In the 5th moment, this field operations numerical value is x
4=55, in like manner can obtain the error formation 0 ,-10,3,12,3}, the following S of predicted value constantly
5=53.Because these moment force error row are full (L=5); Get into and judge flow process, calculate square error
In the 6th moment, calculating the source address entropy is x
5=65, because | x
5-S
5|=12<2 σ, so current entropy distributes normally, upgrade force error and classify as: 10,3,12,3,12}, following predicted value S constantly
6=57, calculate new square error
After this each corresponding desired value and error sequence constantly of cycle calculations, and compare with the error current of actual observed value and desired value and the historical error variance that calculates and to draw current whether exist unusually and with testing result report of user or keeper.
The database security guard method that embodiments of the invention provide combines with the data security protecting device that the embodiment of the invention is provided, when receiving data message; This data message is resolved; Extract in this data message operation to the critical field that presets, and the operation relevant information, operated number of times of each critical field and operation relevant information added up; And according to statistics generation critical field detection model; And, detect critical field access exception and critical field operation exception, through the means of self study according to the statistics of said critical field detection model, the operated number of times of each critical field and operation relevant information; Make the real-time discovery database of system unusual, solved the problem that general fire wall or intrusion detection product can't be protected database inside critical field.In addition, also solved the problem that general data bank service auditing system only can show that the operation information to the designated key field but can't therefrom note abnormalities simultaneously.The Access Model and the operation model that have adopted abnormality detection technology and self study technology to produce for the specified database critical field carry out abnormality detection and have realized the self study update functions for two kinds of models.Perfect to a certain extent safeguard function for the data base key section; Can be promptly and accurately show contingent attack or potential safety hazard for user or managerial personnel; Help management system or managerial personnel comprehensive assurance and protection to the sensitive data of current database system; Have good performance and accuracy, can be widely used in the database security product.
The all or part of step that the one of ordinary skill in the art will appreciate that the foregoing description program circuit that can use a computer is realized; Said computer program can be stored in the computer-readable recording medium; Said computer program (like system, unit, device etc.) on the relevant hardware platform is carried out; When carrying out, comprise one of step or its combination of method embodiment.
Alternatively, all or part of step of the foregoing description also can use integrated circuit to realize, these steps can be made into integrated circuit modules one by one respectively, perhaps a plurality of modules in them or step is made into the single integrated circuit module and realizes.Like this, the present invention is not restricted to any specific hardware and software combination.
Each device/functional module/functional unit in the foregoing description can adopt the general calculation device to realize, they can concentrate on the single calculation element, also can be distributed on the network that a plurality of calculation element forms.
Each device/functional module/functional unit in the foregoing description is realized with the form of software function module and during as independently production marketing or use, can be stored in the computer read/write memory medium.The above-mentioned computer read/write memory medium of mentioning can be a ROM (read-only memory), disk or CD etc.
Any technician who is familiar with the present technique field can expect changing or replacement in the technical scope that the present invention discloses easily, all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the described protection domain of claim.
Claims (10)
1. a database security guard method is characterized in that, comprising:
Receive and the resolution data message, extract in this data message operation the critical field that presets, and the operation relevant information;
Add up the operated number of times of each critical field, and, generate the critical field detection model according to statistics and said operation relevant information;
Detect critical field access exception and critical field operation exception according to said critical field detection model.
2. database security guard method according to claim 1 is characterized in that, this method also comprises:
Select part or all of field as critical field according to database protocol form and predetermined word segment value.
3. database security guard method according to claim 1 is characterized in that, said operation relevant information comprises access time, calling party, visit IP and operand value.
4. database security guard method according to claim 3 is characterized in that, said critical field detection model comprises critical field Access Model and critical field operation model, saidly generates the critical field detection model according to statistics and comprises:
According to the statistics of a plurality of observation cycles in the last measurement period of current time, use the self study mode, generate the critical field Access Model, comprise the Access Model threshold value in the said critical field Access Model;
According to the operand value that comprises in the said operation relevant information of extracting in the last sample window of current time, use the self study mode, generate the critical field operation model, comprise predicted value and error prediction value in the said critical field operation model.
5. according to claim 1 or 4 described database security guard methods, it is characterized in that, comprise according to said critical field detection model detection critical field access exception and critical field operation exception:
With the actual value to the number of operations of critical field of adding up in the observation cycle, compare with the critical field Access Model threshold value of this critical field, judge according to departure degree whether current visit to this critical field exists unusually; With,
, compare the operand value of critical field each time, judge according to departure degree whether current operation to this critical field exists unusually with the predicted value and the error prediction value of the critical field operation model of this critical field.
6. database security guard method according to claim 1 is characterized in that, this method also comprises:
When detecting critical field access exception or critical field operation exception, send alarm.
7. a database security protective device is characterized in that, comprises protocol resolver, Data Generator, detection model maker and abnormality detection module;
Said protocol resolver is used for receiving and the resolution data message;
Data Generator is used for extracting the operation of said data message to the critical field that presets, and the operation relevant information, adds up the operated number of times of each critical field;
The detection model maker is used for statistics and said operation relevant information according to said Data Generator, generates the critical field detection model;
Said abnormality detection module is used for detecting critical field access exception and critical field operation exception according to said critical field detection model.
8. database security protective device according to claim 7 is characterized in that, said detection model maker comprises critical field Access Model generation unit and critical field operation model generation unit;
Said critical field Access Model generation unit is used for the statistics according to a plurality of observation cycles in the last measurement period of current time, uses the self study mode, generates the critical field Access Model, comprises the Access Model threshold value in the said critical field Access Model;
Said critical field operation model generation unit; Be used for the operand value that comprises according to the said operation relevant information of extracting in the last sample window of current time; Use the self study mode; Generate the critical field operation model, comprise predicted value and error prediction value in the said critical field operation model.
9. database security protective device according to claim 8 is characterized in that, said abnormality detection module comprises access exception detecting unit and operation exception detecting unit;
Said access exception detecting unit is used for the statistics according to said critical field Access Model and the operated number of times of each critical field, judges whether to produce the critical data access exception;
Said operation exception detecting unit is used for the operand value that comprises according to said critical field operation model and said operation relevant information, judges whether to produce the critical data operation exception.
10. database security protective device according to claim 7 is characterized in that, said Data Generator also is used for selecting part or all of field as critical field according to database protocol form and predetermined word segment value.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010523306 CN102456032B (en) | 2010-10-22 | 2010-10-22 | Database security protection method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010523306 CN102456032B (en) | 2010-10-22 | 2010-10-22 | Database security protection method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102456032A true CN102456032A (en) | 2012-05-16 |
| CN102456032B CN102456032B (en) | 2013-06-19 |
Family
ID=46039229
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201010523306 Expired - Fee Related CN102456032B (en) | 2010-10-22 | 2010-10-22 | Database security protection method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102456032B (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104219103A (en) * | 2013-05-30 | 2014-12-17 | 腾讯科技(深圳)有限公司 | Method and device for adjusting monitoring sample size according to practical request volume |
| CN104580173A (en) * | 2014-12-25 | 2015-04-29 | 广东顺德中山大学卡内基梅隆大学国际联合研究院 | SDN (self-defending network) anomaly detection and interception method and system |
| CN104852824A (en) * | 2014-02-19 | 2015-08-19 | 联想(北京)有限公司 | Information processing method and device |
| CN105825137A (en) * | 2015-01-05 | 2016-08-03 | 中国移动通信集团江苏有限公司 | Method and device determining sensitive data diffusion behavior |
| CN105844176A (en) * | 2016-03-23 | 2016-08-10 | 上海上讯信息技术股份有限公司 | Security strategy generation method and equipment |
| CN112364348A (en) * | 2020-11-30 | 2021-02-12 | 杭州美创科技有限公司 | Database security exception identification method and system |
| CN113037724A (en) * | 2021-02-26 | 2021-06-25 | 中国银联股份有限公司 | Method and device for detecting illegal access |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101060444A (en) * | 2007-05-23 | 2007-10-24 | 西安交大捷普网络科技有限公司 | Bayesian statistical model based network anomaly detection method |
| CN101448007A (en) * | 2008-12-31 | 2009-06-03 | 中国电力科学研究院 | Attack prevention system based on structured query language (SQL) |
| CN101458751A (en) * | 2009-01-06 | 2009-06-17 | 华中科技大学 | Storage abnormal detecting method based on artificial immunity |
-
2010
- 2010-10-22 CN CN 201010523306 patent/CN102456032B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101060444A (en) * | 2007-05-23 | 2007-10-24 | 西安交大捷普网络科技有限公司 | Bayesian statistical model based network anomaly detection method |
| CN101448007A (en) * | 2008-12-31 | 2009-06-03 | 中国电力科学研究院 | Attack prevention system based on structured query language (SQL) |
| CN101458751A (en) * | 2009-01-06 | 2009-06-17 | 华中科技大学 | Storage abnormal detecting method based on artificial immunity |
Non-Patent Citations (1)
| Title |
|---|
| 郭建成 等: "《基于网络数据源的入侵检测系统的研究》", 《计算机科学》 * |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104219103A (en) * | 2013-05-30 | 2014-12-17 | 腾讯科技(深圳)有限公司 | Method and device for adjusting monitoring sample size according to practical request volume |
| CN104219103B (en) * | 2013-05-30 | 2018-12-07 | 腾讯科技(深圳)有限公司 | A kind of method and apparatus that monitoring sample size is adjusted according to actual request amount |
| CN104852824A (en) * | 2014-02-19 | 2015-08-19 | 联想(北京)有限公司 | Information processing method and device |
| CN104580173A (en) * | 2014-12-25 | 2015-04-29 | 广东顺德中山大学卡内基梅隆大学国际联合研究院 | SDN (self-defending network) anomaly detection and interception method and system |
| CN104580173B (en) * | 2014-12-25 | 2017-10-10 | 广东顺德中山大学卡内基梅隆大学国际联合研究院 | A kind of SDN abnormality detections are with stopping method and system |
| CN105825137A (en) * | 2015-01-05 | 2016-08-03 | 中国移动通信集团江苏有限公司 | Method and device determining sensitive data diffusion behavior |
| CN105825137B (en) * | 2015-01-05 | 2018-10-02 | 中国移动通信集团江苏有限公司 | A kind of method and device of determining sensitive data dispersal behavior |
| CN105844176A (en) * | 2016-03-23 | 2016-08-10 | 上海上讯信息技术股份有限公司 | Security strategy generation method and equipment |
| CN112364348A (en) * | 2020-11-30 | 2021-02-12 | 杭州美创科技有限公司 | Database security exception identification method and system |
| CN113037724A (en) * | 2021-02-26 | 2021-06-25 | 中国银联股份有限公司 | Method and device for detecting illegal access |
| CN113037724B (en) * | 2021-02-26 | 2023-12-15 | 中国银联股份有限公司 | Method and device for detecting illegal access |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102456032B (en) | 2013-06-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102456032B (en) | Database security protection method and device | |
| US9323837B2 (en) | Multiple domain anomaly detection system and method using fusion rule and visualization | |
| CN102480385B (en) | database security protection method and device | |
| US9912686B2 (en) | Methods and systems for enhancing data security in a computer network | |
| CN110445807A (en) | Network security situation sensing system and method | |
| CN105556526B (en) | Non-transitory machine readable media, the system and method that layering threatens intelligence are provided | |
| CN107666410A (en) | Network Safety Analysis system | |
| US20090106174A1 (en) | Methods, systems, and computer program products extracting network behavioral metrics and tracking network behavioral changes | |
| CN101436967A (en) | Method and system for evaluating network safety situation | |
| CN106911668A (en) | A kind of identity identifying method and system based on personal behavior model | |
| CN108985068A (en) | Loophole quick sensing, positioning and the method and system of verifying | |
| CN103336510A (en) | Comprehensive operation and maintenance management system for internet of things | |
| CN103581155A (en) | Information security situation analysis method and system | |
| CN101902366A (en) | Method and system for detecting abnormal service behaviors | |
| CN106415576A (en) | System for the measurement and automated accumulation of diverging cyber risks, and corresponding method thereof | |
| Connealy et al. | Risk factor and high-risk place variations across different robbery targets in Denver, Colorado | |
| CN110162445A (en) | The host health assessment method and device of Intrusion Detection based on host log and performance indicator | |
| Marie et al. | Pattern recognition algorithm and software design of an optical fiber vibration signal based on Φ-optical time-domain reflectometry | |
| Shu et al. | A comparison of weighted CUSUM procedures that account for monotone changes in population size | |
| CN113159615A (en) | Intelligent information security risk measuring system and method for industrial control system | |
| Andrienko et al. | Extracting events from spatial time series | |
| CN106685996A (en) | Method for detecting account abnormal logging based on HMM model | |
| CN109145033A (en) | Computer system and computer implemented method | |
| CN108833372A (en) | A kind of enterprise network security management cloud service platform system | |
| CN108092985A (en) | Network safety situation analysis method, device, equipment and computer storage media |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20130619 Termination date: 20201022 |