CN102413127A - Database generalization safety protection method - Google Patents
Database generalization safety protection method Download PDFInfo
- Publication number
- CN102413127A CN102413127A CN2011103526585A CN201110352658A CN102413127A CN 102413127 A CN102413127 A CN 102413127A CN 2011103526585 A CN2011103526585 A CN 2011103526585A CN 201110352658 A CN201110352658 A CN 201110352658A CN 102413127 A CN102413127 A CN 102413127A
- Authority
- CN
- China
- Prior art keywords
- database
- detection
- learning
- safety protecting
- comprehensive safety
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention discloses a database generalization safety protection method based on abnormal and misapplication combination, which adopts a novel detection model of combining a rule-based misapplication detection technology and a machine learning-based abnormal detection technology and fuses an independent perfect database audit technology and a real-time monitoring technology. The method integrates two detection technologies, all normal accesses are judged to be illegal by a machine learning-based abnormal detection module, and abnormal accesses are judged to be illegal and not to be blocked by a rule-based misapplication detection module. The method realizes complete, strict and flexible protection of network layers of IP, protocols and ports to database application layers of access account, access base objects, access table objects, operation types, authority limits and the like, and can effectively resist attack aiming at attach of the database application layers and self vulnerability.
Description
Technical field
The present invention relates to field of information security technology; Specifically relate to a kind of rule-based misuse detection technique and, be aided with the database audit technique of independent and perfect and the new types of data storehouse comprehensive protecting method of real-time monitoring technique based on the novel detection model of the technological combination of the abnormality detection of machine learning.
Background technology
Database Systems are the core components of computer information system as the aggregation of information, and its fail safe is most important.Yet owing to reasons such as the own fail safe deficiencies of database; The assailant possibly visit database through improper approach; Even the enforcement buffering area overflows or SQL injects attack database, thereby cause the leakage of sensitive information, the safety of compromise data safety and information system.
For ensureing the safety of database and information system, each enterprise and unit have taked many safeguard procedures, comprise conventional method and special database means of defence.Conventional method comprises physical isolation, fire compartment wall, intrusion detection, encrypted transmission identity authorization system etc.; These conventional methods can only be carried out network layers such as address, port, agreement and filtered, can't effectively resist to the attack of Database Systems application layer for example SQL such as attacking etc.Special database means of defence comprises based on database safeguarding method of characteristic etc.; These method essence are Misuse Detection Models; Misuse Detection Model is set up feature database and is combined simple function of white name list to realize security protection to the various attack mode, just only can not detect known safety problem, can't find the unknown attack behavior; And exist along with the continuous complicacy of feature database and huge; The problem that the time loss that detects increases thereupon, most serious of all, because the property versatile and flexible of sql like language and constantly updating of attack; Only rely on feature database will be difficult to accurately distinguish normal access and attack, cause accuracy attenuating and rate of false alarm to increase thus.
The notion of intruding detection system is meant without permission premeditatedly attempts visit information, distorts information, makes that system is unreliable maybe can not to be used.Intruding detection system is divided into unusual intruding detection system and misuse intruding detection system.
Abnormality detection modelling system operate as normal model is compared current active and normal model, in case find to depart from the operator scheme on the normal statistics meaning; Promptly think intrusion behavior has taken place; Its key is the selection of unusual threshold value and characteristic, and its advantage is to detect unknown invasion and comparatively complicated invasion, but the change flexibly usually of the behavioural characteristic of various application systems; The abnormality detection model is difficult to the accurate location that implementation structure query language SQL attacks, and rate of false alarm is too high.
Existing unusual intrusion detection method has method for detecting abnormality based on feature selecting, based on the abnormality detection of Bayesian inference, based on the abnormality detection of Bayesian network, based on the method for detecting abnormality of statistics, based on the method for detecting abnormality of model prediction, based on the method for detecting abnormality of machine learning, based on the method for detecting abnormality of data mining, based on the method for detecting abnormality of application model, based on the method for detecting abnormality of text classification.
Misuse Detection Model is gathered the characteristic of intrusion behavior, sets up relevant attack feature database.In testing process, the attack characteristic in data of collecting and the feature database is carried out pattern, whether intrusion behavior has taken place to differentiate.The Misuse Detection Model rate of false alarm is low, but can only only can be used for detecting known intrusion behavior, can't find unknown intrusion behavior.
Existing Method of Misuse Intrusion Detection has misuse intrusion detection based on conditional probability, the misuse intrusion detection of analyzing based on state transition, the misuse intrusion detection based on keyboard monitoring, rule-based Method of Misuse Intrusion Detection.
Comprehensive; Wrong report appears in unusual intrusion detection easily, and failing to report appears in misuse intrusion detection easily, and patent of the present invention proposes a kind ofly to have combined rule-based misuse detection technique and based on the new detection model of the abnormality detection technology of machine learning; Utilized two kinds of detection techniques advantage separately; And their complementarity, rate of failing to report and rate of false alarm when having reduced certain Intrusion Detection Technique of simple use, thereby the general safety protective capacities of raising system.
Audit function is the important part of data base management system fail safe, simultaneously in the present invention as the second road security perimeter that is independent of detection module.Common security audit technology mainly contains four types, is respectively: based on the audit technique of daily record, based on the audit technique of agency's audit technique, monitoring Network Based, based on the audit technique of gateway.
The present invention has adopted the audit technique based on gateway, and this technology is through before Database Systems, disposing gateway device, realizes audit through online intercepting and capturing and the flow that is forwarded to database.
Summary of the invention
For overcoming the shortcoming of prior art; Patent of the present invention provides a kind of and has combined rule-based misuse detection technique and based on the new detection model of the abnormality detection of machine learning technology; Utilized two kinds of detection techniques advantage separately; And their complementarity, rate of failing to report and rate of false alarm when having reduced certain Intrusion Detection Technique of simple use, thereby the general safety protective capacities of raising system.The characteristic rule base that rule-based misuse detection technique adopts has been contained and has been analyzed the database defect characteristic rule base that extracts SQL injections and wait the database leak of malicious attack behavioural characteristic rule base, Macro or mass analysis history and latest find that attack forms and defective formation, the exclusive characteristic rule base that combines concrete application system demand and database features formation.The used characteristic rule base of rule-based misuse detection technique adopts the regular expression of PERL form to describe, and is flexible and powerful.Set study and filtered two kinds of mode of operations based on the abnormality detection of machine learning; Mode of learning requires the entire run under independent, safe environment of concrete application system; All user captures of record of database security gateway and analysis form knowledge base under this pattern; Filtered model should switch after accomplishing global learning, and the knowledge base that this pattern Applied Learning obtains is carried out strictness to user capture and filtered.This novel detection model has been gathered two kinds of detection techniques; It is legal that all normal access will be judged as by the abnormality detection module based on machine learning; Abnormal access can be judged as illegally and be blocked by rule-based misuse detection module; Being considered to outside two kinds is suspicious, is got involved by the keeper and confirms that the self-learning module of process system is included into above two types afterwards.This method has realized protecting to the comprehensive, strict, flexible of database application layers such as visit account, access library object, access list object, action type and authority from IP, agreement, these network layers of port through the above technology of effective fusion, and to resisting to database application layer attacks and self can attacking effectively of fragility.
Provided by the invention based on the unusual database security comprehensive protecting method that combines with misuse, comprising: detect with rule-based misuse detection technique with based on the abnormality detection technology of machine learning, judge visit whether legal.
Rule-based misuse detection technique described in the optimal technical scheme provided by the invention comprises with the Perl regular expression describes attack library form, and is applied to the trace routine of SQL SQL attack.
Attack library content comprises described in second optimal technical scheme provided by the invention: external attacks such as SQL injection, database self fragility are utilized behavior and the operation of user's sensitive data storehouse.
Abnormality detection technology based on machine learning described in the 3rd optimal technical scheme provided by the invention is study and filters two kinds of mode of operations.
Mode of learning described in the 4th optimal technical scheme provided by the invention is system's entire run under independent, safe environment, database security gateway recording user visit under this pattern, analysis and formation knowledge base.
The switching of filtered model described in the 5th optimal technical scheme provided by the invention after accomplishing global learning; The knowledge base that this pattern Applied Learning obtains is carried out strictness to user capture and is filtered.
In the 6th optimal technical scheme provided by the invention, said method comprises the steps: that (1) build the application system test environment; (2) in said test environment, dispose database security gateway and be set to mode of learning; (3) complete Test Application system forms knowledge base; (4) in true application system environment, dispose the database security gateway and be set to filtered model; (5) Test Application system, the warning that solution possibly occur; (6) subsequent upgrade and maintenance.
In the 7th optimal technical scheme provided by the invention, said method comprises the database audit steps.
In the 8th optimal technical scheme provided by the invention, said method comprises the real-time monitoring step of database.
With prior art than advantage of the present invention:
(1) patent of the present invention proposes a kind ofly to have combined rule-based misuse detection technique and based on the new detection model of the abnormality detection technology of machine learning; Utilized two kinds of detection techniques advantage separately; And their complementarity; Rate of failing to report and rate of false alarm when having reduced certain Intrusion Detection Technique of simple use, thereby the general safety protective capacities of raising system.
(2) the present invention can carry out self study to these feature database key elements when key elements such as collection IP, agreement, port, account, SQL SQL operating operation, SQL SQL operand, injection characteristic.So-called here self study refers to when applied environment changes and new normal behaviour pattern occurs; Or when the new attack type occurring; These new visit behaviors will be judged to be suspicious by system; Get involved by the keeper again these new behaviors are carried out artificial judgment,, then launch based on the learning functionality of the abnormality detection module of machine learning the characteristic of this behavior is included into the normal behaviour knowledge base if be judged to be normally.If be judged to be attack, the learning functionality of then launching rule-based misuse detection module is included into the attack feature database with this behavior.。
(3) the present invention is through Perl regular expression (Perl Compatible Regular Expressions; Pcre) formalized description the behavioural characteristic storehouse of and SQL SQL attack signature professional based on application system, be applied in the trace routine of SQL SQL attack.Because characteristics such as regular expression have flexibly and descriptive power is powerful, it is powerful and have a very high autgmentability to consolidate feature database.
(4) the present invention can be deployed among border defence installation, application server, database server, the various safety auditing system flexibly.
Description of drawings
Fig. 1 is a database security gateway fundamental diagram of the present invention;
Fig. 2 is that the database security gateway is as the deployment diagram of information security network isolating device in the middle of network;
Fig. 3 has combined rule-based misuse detection technique and based on the new detection model workflow diagram of the abnormality detection of machine learning technology;
Fig. 4 is based on the mode of learning workflow diagram of the abnormality detection technology of machine learning;
Fig. 5 is based on the filtered model workflow diagram of the abnormality detection technology of machine learning;
Fig. 6 is based on the overall workflow figure of the abnormality detection technology of machine learning;
Fig. 7 is based on the workflow diagram of the misuse detection technique of rule.
Embodiment
The following stated is the exemplary embodiment of database security gateway as a kind of information network spacer assembly.
The database security gateway is that information Intranet trusty and fly-by-night information outer net are isolated, must the guarantee information Intranet and the information outer net between SQL communication all carry out SQL and detect through the database security gateway.The database security gateway is to adapt to network to carry out the needs of subregion according to safe class, and to the isolated plant that database is protected, its core technology is to have adopted the database comprehensive protecting method that combines with misuse based on unusual.The present invention program can filter the network traffics of visit Oracle/SQLSERVER database; Only allow the certain applications server specific database server to be conducted interviews, and the content and the behavior of the service of client-side program accessing database are controlled through specific program.
Referring to accompanying drawing 1, see the operation principle of database security gateway.The integral body of database security gateway has been divided following functional module: (1) database bag is gathered; (2) network layer is filtered; (3) IP fragmentation reorganization, TCP session reorganization, session status monitoring; (3) database protocol is resolved; (4) SQL filters; (5) packet is transmitted; Wherein, the present invention is mainly used in the core of product: among the SQL filtering module.
Referring to accompanying drawing 2; The database security gateway is isolated information Intranet trusty and fly-by-night information outer net as the information security network isolating device, thereby the communication of the SQL between guarantee information Intranet and the information outer net is all carried out the SQL detection through the database security gateway.
Combined rule-based misuse detection technique and based on the new detection model workflow diagram of the abnormality detection of machine learning technology referring to accompanying drawing 3.Wherein this novel detection model comprises: (1) is through setting up and be used for the knowledge base that will use based on the abnormality detection technology of machine learning catching and analyze legal database access: (2) are through excavating and summary data storehouse attack technology the characteristic rule base that is used for rule-based misuse detection technique that extracts.
Two kinds of detection techniques combine to use, and compare with the Lawful access in the knowledge base based on the SQL visit that the abnormality detection technology of machine learning will be to be detected, visit legally if exist then think, directly are forwarded to database.If do not exist then use rule-based misuse detection technique and in the characteristic rule base, compare, if exist then think illegal, directly abandon, if do not exist then be judged to be warning.
Visit for alert type; Need the keeper to get involved and do artificial judgement; If it is legal to be judged as; Then call self-learning function, automatically this database access is included in the middle of the knowledge base, can judge voluntarily based on the abnormality detection technology of machine learning when running into such so once more and visiting based on the abnormality detection of machine learning technology.If be judged as illegally, then call the self-learning module of rule-based misuse detection technique, analyze the behavioural characteristic of visit, and characteristic is joined the characteristic rule base.
Referring to accompanying drawing 4 and accompanying drawing 5 based on the mode of learning of the abnormality detection technology of machine learning and the workflow diagram of filtered model.Wherein filtered model is the pattern that operate as normal adopted, and mode of learning supposition external environment condition is independent safely, and all visits of catching are directly started self-learning function, is used to form knowledge base.
Two kinds of patterns have all experienced following flow process: SQL statement is accepted in (1); (2) resolve SQL statement; (3) analytical characteristic; (4) compare with knowledge base.Its difference is that filtered model returns comparison result, and mode of learning is to start self-learning function visit is joined knowledge base when not existing at comparison result.
Referring to the overall workflow figure of accompanying drawing 6 based on the abnormality detection technology of machine learning.This workflow diagram has been contained the content of accompanying drawing 4 and accompanying drawing 5; And, can see that SQL statement can experience: (1) morphological analysis and comparison in based on the abnormality detection technology of machine learning to more clear embodiment being arranged based on the technological SQL analytic process of the abnormality detection of machine learning; (2) syntactic analysis and comparison; (3) semantic analysis and comparison.And in fact comprised morphology storehouse, syntax library, behavior storehouse three parts based on the technological knowledge base of the abnormality detection of machine learning.
Workflow diagram referring to accompanying drawing 7 rule-based misuse detection techniques.The feature database of rule-based misuse detection technique be analyze with attack technology basis, summary data storehouse on, adopt powerful and flexibly regular expression represent, visit the search procedure that the comparison process of SQL in feature database is based on regular expression.
Below be the complete deploying step of database security gateway as the information security network isolating device.
Step 1: build the application system test environment
The database security gateway is researched and developed with the misuse combination technology based on unusual; So need set up the knowledge base of normal access behavior earlier; The foundation of knowledge base is need be under independent, safe environment complete catches and passes through the analysis of system after the all-access record and set up, so that the application system test environment is built is essential.Simultaneously the database security gateway is disposed in the middle of network as the information security network isolating device.
Step 2: in test environment, dispose the database security gateway and be set to mode of learning
The information security network isolating device requires DataBase Gateway to be deployed in the intranet and extranet border, and string is accomplished to shield fully background data base, and visit information is carried out safety filtering in data link.
Deployment comprises:
Give eth0, eth1 distributes the inside and outside net network address respectively, connects network.
Set up Database Mapping, comprise local mapping ip and port, legal type of database, database server ip address and port are set, and this is set is mapped as the all-pass pattern.
Test database mapping, successful then carry out next step in extranet access intranet data storehouse, otherwise need the inspection setting.
Authority configuration, configuration valid application server ip address or address field,, legal type of database and user name, legal database library name etc.
Setting is mapped as mode of learning.
Step 3: complete Test Application system forms knowledge base
Application system is tested in the environment of independent safety, guarantee application system all functions test one time as possible, otherwise the knowledge of setting up is imperfect, can strengthen the follow-up work amount.Test period can in time be understood the database access situation through the functions such as real-time monitoring of database security gateway.
Step 4: in true application system environment, dispose the database security gateway and be set to filtered model
Deployment way leads to step 2, and mapping at last is set to filtered model.
Step 5: full test application system, the warning that solution possibly occur
Once more in the middle of the Test Application systematic procedure; Possibly run into normal access that step 3 test not exclusively causes by what report by mistake to warning message, need this moment the keeper to get involved judgement and will warn SQL to join the knowledge base of normal access with the self-learning function of database security gateway.
Step 6: subsequent upgrade and maintenance
Follow-up upgrading and maintenance comprise that mainly system, the upgrading of characteristic rule base and keeper handle warning etc.
The present invention has been described according to preferred embodiment.Obviously, reading and understanding above-mentioned detailed description postscript and can make multiple correction and replacement.What this invention is intended to is that the application is built into all these corrections and the replacement that has comprised within the scope that falls into appended claims book or its equivalent.
Claims (9)
1. one kind based on the unusual database comprehensive safety protecting method that combines with misuse, it is characterized in that said method comprises: detect with rule-based misuse detection technique with based on the abnormality detection technology of machine learning, judge visit whether legal.
2. the database comprehensive safety protecting method of claim 1; It is characterized in that: said rule-based misuse detection technique comprises with the Perl regular expression describes attack library form, and is applied to the trace routine of SQL SQL attack.
3. claim 1 or 2 database comprehensive safety protecting method, it is characterized in that said attack library content comprises: external attacks such as SQL injection, database self fragility are utilized behavior and the operation of user's sensitive data storehouse.
4. each database comprehensive safety protecting method of claim 1-3 is characterized in that said abnormality detection technology based on machine learning is for study with filter two kinds of mode of operations.
5. each database comprehensive safety protecting method of claim 1-4 is characterized in that said mode of learning is system's entire run under independent, safe environment, database security gateway recording user visit under this pattern, analyzes and form knowledge base.
6. each database comprehensive safety protecting method of claim 1-5 is characterized in that the switching of said filtered model after accomplishing global learning; The knowledge base that this pattern Applied Learning obtains is carried out strictness to user capture and is filtered.
7. each database comprehensive safety protecting method of claim 1-6 is characterized in that said method comprises the steps: that (1) build the application system test environment; (2) in said test environment, dispose database security gateway and be set to mode of learning; (3) complete Test Application system forms knowledge base; (4) in true application system environment, dispose the database security gateway and be set to filtered model; (5) Test Application system, the warning that solution possibly occur; (6) subsequent upgrade and maintenance.
8. each database comprehensive safety protecting method of claim 1-7 is characterized in that said method comprises the database audit steps.
9. each database comprehensive safety protecting method of claim 1-8 is characterized in that said method comprises the real-time monitoring step of database.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011103526585A CN102413127A (en) | 2011-11-09 | 2011-11-09 | Database generalization safety protection method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011103526585A CN102413127A (en) | 2011-11-09 | 2011-11-09 | Database generalization safety protection method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102413127A true CN102413127A (en) | 2012-04-11 |
Family
ID=45914977
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011103526585A Pending CN102413127A (en) | 2011-11-09 | 2011-11-09 | Database generalization safety protection method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102413127A (en) |
Cited By (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102945254A (en) * | 2012-10-18 | 2013-02-27 | 福建省海峡信息技术有限公司 | Method for detecting abnormal data among TB-level mass audit data |
| CN103336820A (en) * | 2013-07-01 | 2013-10-02 | 广东科学技术职业学院 | Key data auditing method of information system |
| CN104852830A (en) * | 2015-06-01 | 2015-08-19 | 广东电网有限责任公司信息中心 | Service access model based on machine learning and implementation method thereof |
| CN103942493B (en) * | 2014-03-28 | 2017-02-15 | 北京工业大学 | Intelligent active defensive system and method under Window |
| CN107347047A (en) * | 2016-05-04 | 2017-11-14 | 阿里巴巴集团控股有限公司 | Attack guarding method and device |
| CN107566363A (en) * | 2017-08-30 | 2018-01-09 | 杭州安恒信息技术有限公司 | A kind of SQL injection attack guarding method based on machine learning |
| CN108683517A (en) * | 2018-03-26 | 2018-10-19 | 国网冀北电力有限公司信息通信分公司 | A kind of O&M robot network's fault detection system based on machine learning |
| CN108763460A (en) * | 2018-05-28 | 2018-11-06 | 成都优易数据有限公司 | A kind of machine learning method and system based on SQL |
| CN109561092A (en) * | 2018-12-03 | 2019-04-02 | 北京安华金和科技有限公司 | The method for carrying out security postures modeling based on data traffic and data detection result |
| CN109639754A (en) * | 2018-10-29 | 2019-04-16 | 南京南瑞继保电气有限公司 | A kind of implementation method of dispatching of power netwoks gateway Data Audit |
| CN109885554A (en) * | 2018-12-20 | 2019-06-14 | 顺丰科技有限公司 | Method of Database Secure Audit method, system and computer readable storage medium |
| CN110177113A (en) * | 2019-06-06 | 2019-08-27 | 北京奇艺世纪科技有限公司 | Internet guard system and access request processing method |
| CN110351219A (en) * | 2018-04-02 | 2019-10-18 | 蓝盾信息安全技术有限公司 | A kind of database security access technique based on Net Strobe System |
| CN110852611A (en) * | 2019-11-08 | 2020-02-28 | 国网上海市电力公司 | Real-time management and control system for construction workers on capital construction project site |
| TWI712911B (en) * | 2018-11-16 | 2020-12-11 | 日商三菱電機股份有限公司 | Device, method and program for detecting attack |
| CN112446037A (en) * | 2020-10-20 | 2021-03-05 | 湖南红普创新科技发展有限公司 | Data interaction method and device based on database gateway terminal and related equipment |
| CN113505371A (en) * | 2021-08-06 | 2021-10-15 | 四川大学 | Database security risk assessment system |
| CN116070246A (en) * | 2023-03-06 | 2023-05-05 | 北京中安星云软件技术有限公司 | Method and device for identifying abnormal behavior based on database access |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1649311A (en) * | 2005-03-23 | 2005-08-03 | 北京首信科技有限公司 | Detecting system and method for user behaviour abnormal based on machine study |
| US20050203921A1 (en) * | 2004-03-11 | 2005-09-15 | Newman Aaron C. | System for protecting database applications from unauthorized activity |
| CN101267357A (en) * | 2007-03-13 | 2008-09-17 | 北京启明星辰信息技术有限公司 | A SQL injection attack detection method and system |
| CN101448007A (en) * | 2008-12-31 | 2009-06-03 | 中国电力科学研究院 | Attack prevention system based on structured query language (SQL) |
| CN101609493A (en) * | 2009-07-21 | 2009-12-23 | 国网电力科学研究院 | A kind of database SQL infusion protecting method based on self study |
-
2011
- 2011-11-09 CN CN2011103526585A patent/CN102413127A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050203921A1 (en) * | 2004-03-11 | 2005-09-15 | Newman Aaron C. | System for protecting database applications from unauthorized activity |
| CN1649311A (en) * | 2005-03-23 | 2005-08-03 | 北京首信科技有限公司 | Detecting system and method for user behaviour abnormal based on machine study |
| CN101267357A (en) * | 2007-03-13 | 2008-09-17 | 北京启明星辰信息技术有限公司 | A SQL injection attack detection method and system |
| CN101448007A (en) * | 2008-12-31 | 2009-06-03 | 中国电力科学研究院 | Attack prevention system based on structured query language (SQL) |
| CN101609493A (en) * | 2009-07-21 | 2009-12-23 | 国网电力科学研究院 | A kind of database SQL infusion protecting method based on self study |
Non-Patent Citations (1)
| Title |
|---|
| 张倩: "基于机器学习的入侵检测", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
Cited By (25)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102945254B (en) * | 2012-10-18 | 2015-12-16 | 福建省海峡信息技术有限公司 | The method of the data that note abnormalities in TB level magnanimity Audit data |
| CN102945254A (en) * | 2012-10-18 | 2013-02-27 | 福建省海峡信息技术有限公司 | Method for detecting abnormal data among TB-level mass audit data |
| CN103336820A (en) * | 2013-07-01 | 2013-10-02 | 广东科学技术职业学院 | Key data auditing method of information system |
| CN103942493B (en) * | 2014-03-28 | 2017-02-15 | 北京工业大学 | Intelligent active defensive system and method under Window |
| CN104852830A (en) * | 2015-06-01 | 2015-08-19 | 广东电网有限责任公司信息中心 | Service access model based on machine learning and implementation method thereof |
| CN107347047A (en) * | 2016-05-04 | 2017-11-14 | 阿里巴巴集团控股有限公司 | Attack guarding method and device |
| CN107347047B (en) * | 2016-05-04 | 2021-10-22 | 阿里巴巴集团控股有限公司 | Attack protection method and device |
| CN107566363A (en) * | 2017-08-30 | 2018-01-09 | 杭州安恒信息技术有限公司 | A kind of SQL injection attack guarding method based on machine learning |
| CN108683517A (en) * | 2018-03-26 | 2018-10-19 | 国网冀北电力有限公司信息通信分公司 | A kind of O&M robot network's fault detection system based on machine learning |
| CN110351219A (en) * | 2018-04-02 | 2019-10-18 | 蓝盾信息安全技术有限公司 | A kind of database security access technique based on Net Strobe System |
| CN108763460A (en) * | 2018-05-28 | 2018-11-06 | 成都优易数据有限公司 | A kind of machine learning method and system based on SQL |
| CN109639754A (en) * | 2018-10-29 | 2019-04-16 | 南京南瑞继保电气有限公司 | A kind of implementation method of dispatching of power netwoks gateway Data Audit |
| CN109639754B (en) * | 2018-10-29 | 2021-02-09 | 南京南瑞继保电气有限公司 | Method for realizing data audit of power grid dispatching service gateway |
| TWI712911B (en) * | 2018-11-16 | 2020-12-11 | 日商三菱電機股份有限公司 | Device, method and program for detecting attack |
| CN109561092A (en) * | 2018-12-03 | 2019-04-02 | 北京安华金和科技有限公司 | The method for carrying out security postures modeling based on data traffic and data detection result |
| CN109561092B (en) * | 2018-12-03 | 2021-01-26 | 北京安华金和科技有限公司 | Method for carrying out safety situation modeling based on data flow and data detection result |
| CN109885554A (en) * | 2018-12-20 | 2019-06-14 | 顺丰科技有限公司 | Method of Database Secure Audit method, system and computer readable storage medium |
| CN110177113A (en) * | 2019-06-06 | 2019-08-27 | 北京奇艺世纪科技有限公司 | Internet guard system and access request processing method |
| CN110177113B (en) * | 2019-06-06 | 2021-08-31 | 北京奇艺世纪科技有限公司 | Internet protection system and access request processing method |
| CN110852611A (en) * | 2019-11-08 | 2020-02-28 | 国网上海市电力公司 | Real-time management and control system for construction workers on capital construction project site |
| CN112446037A (en) * | 2020-10-20 | 2021-03-05 | 湖南红普创新科技发展有限公司 | Data interaction method and device based on database gateway terminal and related equipment |
| CN112446037B (en) * | 2020-10-20 | 2021-10-08 | 湖南红普创新科技发展有限公司 | Data interaction method and device based on database gateway terminal and related equipment |
| CN113505371A (en) * | 2021-08-06 | 2021-10-15 | 四川大学 | Database security risk assessment system |
| CN113505371B (en) * | 2021-08-06 | 2022-03-15 | 四川大学 | Database security risk assessment system |
| CN116070246A (en) * | 2023-03-06 | 2023-05-05 | 北京中安星云软件技术有限公司 | Method and device for identifying abnormal behavior based on database access |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102413127A (en) | Database generalization safety protection method | |
| CN103944915B (en) | A kind of industrial control system threat detection defence installation, system and method | |
| CN103491108B (en) | A kind of industrial control network security protection method and system | |
| CN104144063B (en) | Web portal security monitoring and alarming system based on log analysis and firewall security matrix | |
| CN104283889B (en) | APT attack detectings and early warning system inside electric system based on the network architecture | |
| EP2040435B1 (en) | Intrusion detection method and system | |
| CN104023034B (en) | Security defensive system and defensive method based on software-defined network | |
| CN106209826A (en) | A kind of safety case investigation method of Network Security Device monitoring | |
| CN112637220B (en) | Industrial control system safety protection method and device | |
| KR100351306B1 (en) | Intrusion Detection System using the Multi-Intrusion Detection Model and Method thereof | |
| CN102222194A (en) | Module and method for LINUX host computing environment safety protection | |
| CN101448007A (en) | Attack prevention system based on structured query language (SQL) | |
| CN108462714A (en) | A kind of APT systems of defense and its defence method based on system resilience | |
| CN110351277A (en) | Electric power monitoring system security protection alarm method | |
| Hubballi et al. | Network specific false alarm reduction in intrusion detection system | |
| CN112039858A (en) | Block chain service security reinforcement system and method | |
| CN106339629A (en) | Application management method and device | |
| Suo et al. | Research on the application of honeypot technology in intrusion detection system | |
| Roschke et al. | Using vulnerability information and attack graphs for intrusion detection | |
| CN112073371A (en) | Malicious behavior detection method for weak supervision routing equipment | |
| CN107277070A (en) | A kind of computer network instrument system of defense and intrusion prevention method | |
| CN106951779A (en) | A kind of USB security protection systems for selecting to analyze with equipment behavior based on user | |
| CN110460614A (en) | A kind of working method of computer information system auxiliary security guard system | |
| CN106878338B (en) | Telecontrol equipment gateway firewall integrated machine system | |
| CN108924129A (en) | One kind being based on computer network instrument system of defense and intrusion prevention method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| ASS | Succession or assignment of patent right |
Owner name: STATE ELECTRIC NET CROP. Effective date: 20130520 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20130520 Address after: 100192 Beijing city Haidian District Qinghe small Camp Road No. 15 Applicant after: China Electric Power Research Institute Applicant after: State Grid Corporation of China Address before: 100192 Beijing city Haidian District Qinghe small Camp Road No. 15 Applicant before: China Electric Power Research Institute |
|
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20120411 |