CN102915376A - Method and equipment for detecting deviant behavior of database - Google Patents
Method and equipment for detecting deviant behavior of database Download PDFInfo
- Publication number
- CN102915376A CN102915376A CN2012104544388A CN201210454438A CN102915376A CN 102915376 A CN102915376 A CN 102915376A CN 2012104544388 A CN2012104544388 A CN 2012104544388A CN 201210454438 A CN201210454438 A CN 201210454438A CN 102915376 A CN102915376 A CN 102915376A
- Authority
- CN
- China
- Prior art keywords
- sql
- database
- sql statement
- white list
- function
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention provides a method and equipment for detecting the deviant behavior of a database. The method comprises the following steps: collecting SQL (Structured Query Language) sentences corresponding to the normal behavior of the database; carrying out SQL sentence keyword analysis, SQL built-in function analysis, SQL expansion storage process analysis and SQL sentence sensitive region analysis of the SQL sentences; generating a white list database; and adopting a formula V=f1*w1+f2*w2+f3*w3+f4*w4 to obtain an analysis result V of the database, and if the analysis result V is larger than or equal to a preset value, determining the behavior of the database is deviant. The method and the equipment for detecting the deviant behavior of the database, which are provided by the invention, can comprehensively detect the database, avoid omission and improve the efficiency of detecting the deviant behavior of the database.
Description
Technical field
The present invention relates to communication technical field, relate in particular to a kind of method and apparatus of Test database abnormal behaviour.
Background technology
Widespread use along with system's fire wall and hardware firewall, the risk of system level is lowered greatly in the network security, most of security breaches are because network is inaccessible former thereby can't utilize, and the risk of network security maximum is in the concrete application rather than on operating system at present.The most important information assets of in store enterprise in the database, importance is self-evident, so database often becomes the emphasis of assault, Structured Query Language (SQL) SQL injection attacks and now in the network storehouse target of dragging in vogue all be core database.Therefore must strengthen the protection to database, the operational zone of normal database manipulation and attack database is separated, make hacker and lawless person can't steal by database the core information assets of enterprise.
Rule-based canonical coupling of the prior art and based on the method for key word blacklist is to parse SQL statement, application rule and blacklist from the database communication flow, identifies attack.But because existing these technology are difficult to cover comprehensively, add that the gimmick of assault constantly changes, therefore have check incomprehensive, the problems such as rate of failing to report height.
Summary of the invention
The invention provides a kind of method and apparatus of Test database abnormal behaviour, be difficult to comprehensive covering, problem that rate of failing to report is high to solve in the prior art database abnormal behaviour detected.
On the one hand, the invention provides a kind of method of Test database abnormal behaviour, comprising:
Collect SQL statement corresponding to database normal behaviour;
Described SQL statement is carried out SQL statement keyword analyses, the analysis of SQL built-in function, SQL expansion storing process analysis and SQL statement sensitizing range analyze, generate the white list database;
Adopt formula (1) to obtain the as a result V that behavior database is analyzed:
V=f1×w1+f2×w2+f3×w3+f4×w4 (1);
Wherein, weight, the weight of SQL built-in function, SQL that w1, w2, w3 and w4 are respectively the SQL statement key word expand the weight of storing process and the weight of SQL statement sensitizing range, f1, f2, f3 are respectively and judge that SQL statement key word, SQL built-in function, SQL expand the whether function in described white list database of storing process, if in described white list database, then the rreturn value of each function is 0, if not in described white list database, then the rreturn value of each function is that 1, f4 is the sensitizing range analytic function;
If it is database abnormal behaviour that V, then judges described behavior database more than or equal to preset value.
Further, described to described SQL statement carry out the analysis of SQL statement keyword analyses, SQL built-in function, SQL expands the storing process analysis and the SQL statement sensitizing range is analyzed, and generates the white list database, comprising:
Described SQL statement is carried out the SQL statement keyword analyses generate key word white list database;
Described SQL statement is carried out the analysis of SQL built-in function generate built-in function white list database;
Described SQL statement is carried out SQL expand storing process analysis generation expansion storing process white list database;
Described SQL statement is carried out the sensitizing range analyze generation sensitizing range white list database, described sensitizing range comprises information and the User Defined table with System Dependent.
Further, described f4 is specially:
If analyze described sensitizing range for and information and the User Defined table of System Dependent, then the rreturn value of described f4 is 1, is data outside the white list if analyze described sensitizing range, then the rreturn value of described f4 is 0.6.
Further, described w1, w2, w3 and w4 are respectively 2,1,2.5 and 3, and described A is 3.
On the other hand, the invention provides a kind of equipment of Test database abnormal behaviour, comprising:
Collection module is used for collecting SQL statement corresponding to database normal behaviour;
Generation module is used for that described SQL statement is carried out SQL statement keyword analyses, the analysis of SQL built-in function, SQL expansion storing process analysis and SQL statement sensitizing range and analyzes, and generates the white list database;
Analysis module is used for adopting formula (1) to obtain the as a result V that behavior database is analyzed:
V=f1×w1+f2×w2+f3×w3+f4×w4 (1);
Wherein, weight, the weight of SQL built-in function, SQL that w1, w2, w3 and w4 are respectively the SQL statement key word expand the weight of storing process and the weight of SQL statement sensitizing range, f1, f2, f3 are respectively and judge that SQL statement key word, SQL built-in function, SQL expand the whether function in described white list database of storing process, if in described white list database, then the rreturn value of each function is 0, if not in described white list database, then the rreturn value of each function is that 1, f4 is the sensitizing range analytic function;
Judge module if be used for V more than or equal to preset value, judges that then described behavior database is database abnormal behaviour.
Further, described generation module specifically is used for described SQL statement is carried out SQL statement keyword analyses generation key word white list database;
Described SQL statement is carried out the analysis of SQL built-in function generate built-in function white list database;
Described SQL statement is carried out SQL expand storing process analysis generation expansion storing process white list database;
Described SQL statement is carried out the sensitizing range analyze generation sensitizing range white list database, described sensitizing range comprises information and the User Defined table with System Dependent.
Further, described f4 is specially:
If analyze described sensitizing range for and information and the User Defined table of System Dependent, then the rreturn value of described f4 is 1, is data outside the white list if analyze described sensitizing range, then the rreturn value of described f4 is 0.6.
Further, described w1, w2, w3 and w4 are respectively 2,1,2.5 and 3, and described A is 3.
The method and apparatus of Test database abnormal behaviour provided by the invention, by SQL statement corresponding to database normal behaviour of collecting analyzed, generate the white list database, then adopt formula V=f1 * w1+f2 * w2+f3 * w3+f4 * w4 to obtain the as a result V that behavior database is analyzed, if V is more than or equal to preset value, judge that then behavior database is database abnormal behaviour, realized to check all sidedly behavior database, can not produce situation about failing to report, improve the efficient of Test database abnormal behaviour.
Description of drawings
In order to be illustrated more clearly in the present invention or technical scheme of the prior art, the below will do one to the accompanying drawing of required use in embodiment or the description of the Prior Art and introduce simply, apparently, accompanying drawing in the following describes is some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain according to these accompanying drawings other accompanying drawing.
Fig. 1 is the process flow diagram of the embodiment of the method one of Test database abnormal behaviour of the present invention;
Fig. 2 is the schematic flow sheet of the embodiment of the method two of Test database abnormal behaviour of the present invention;
Fig. 3 is the structural representation of the apparatus embodiments one of Test database abnormal behaviour of the present invention.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, below in conjunction with the accompanying drawing among the present invention, the technical scheme among the present invention is clearly and completely described, obviously, described embodiment is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that obtains under the creative work prerequisite.
Fig. 1 is the process flow diagram of the embodiment of the method one of Test database abnormal behaviour of the present invention, and as shown in Figure 1, the method for the present embodiment can comprise:
In step 101, the method for collecting SQL statement corresponding to database normal behaviour is a lot, for example can packet capturing in the practical business environment, and also can use the method for the analytical database daily record of off-line to obtain, the present invention is not restricted this.
In step 102, SQL statement is carried out SQL statement keyword analyses, the analysis of SQL built-in function, SQL expansion storing process analysis and SQL statement sensitizing range to be analyzed, generate the white list database, comprising: SQL statement is carried out the SQL statement keyword analyses generate key word white list database; SQL statement is carried out the analysis of SQL built-in function generate built-in function white list database; SQL statement is carried out SQL expand storing process analysis generation expansion storing process white list database; SQL statement is carried out the sensitizing range analyze generation sensitizing range white list database, the sensitizing range comprises information and the User Defined table with System Dependent.
Wherein, just more accurate to the white list databases that generate of SQL statement analysis corresponding to database normal behaviour more, just more effective for database detects.
V=f1×w1+f2×w2+f3×w3+f4×w4 (1);
Wherein, weight, the weight of SQL built-in function, SQL that w1, w2, w3 and w4 are respectively the SQL statement key word expand the weight of storing process and the weight of SQL statement sensitizing range, f1, f2, f3 are respectively and judge that SQL statement key word, SQL built-in function, SQL expand the whether function in the white list database of storing process, if in the white list database, then the rreturn value of each function is 0, if not in the white list database, then the rreturn value of each function is that 1, f4 is the sensitizing range analytic function.F4 is specially: if analyze the sensitizing range for and information and the User Defined table of System Dependent, then the rreturn value of f4 is 1, is data outside the white list if analyze the sensitizing range, then the rreturn value of f4 is 0.6.
If it is database abnormal behaviour that step 104 V, then judges behavior database more than or equal to preset value.
As a kind of enforceable mode, w1, w2, w3 and w4 respectively value are 2,1,2.5 and 3, and preset value A is 3, if pass through V=f1 * w1+f2 * w2+f3 * w3+f4 * w4 gained V value more than or equal to 3, judge that then behavior database is database abnormal behaviour.
The below adopts a specific embodiment, and the technical scheme of embodiment of the method shown in Figure 1 is elaborated.Fig. 2 is the schematic flow sheet of the embodiment of the method two of Test database abnormal behaviour of the present invention, as shown in Figure 2, comprising:
Take target database as example as SQL.server, for example two statements:
1、select value from table1 where username=’Alice’;
2、Insert into table1 values(‘jack’,80);
To form two records relevant with key word:
id:1 table:table1 value:select|from|where
Id:2 table:table1 value:insert into|values
Suppose to observe Select value from table 1where username=' tom ' or1 〉=1;
The result who analyzes is: table:table1 value:select|from|where|or
Statement 1 and 2 does not all use the SQL built-in function, and analysis result is:
id:1 table:table1 value:NULL
Suppose to observe select value from table1 where username=' tom ' anddb_name ()=0;
Above-mentioned SQL statement has been used ord and mid built-in function, and analysis result is
Table:table1 value:db_name
Above-mentioned 2 statements all do not use and expand storing process, and analysis result is
Id:1 table:table 1vaule:NULL
Suppose to observe select value from table1 where username=' tom '; Execmaster..xp_cmdshell (' dir ');
Above-mentioned statement has used expansion storing process xp_cmdshell, and analysis result is Id:1 table:table1 value:xp_cmdshell
The sensitizing range comprises information and the User Defined table with System Dependent, wherein the information with System Dependent mainly contains system table, such as DBA_OBJECTS in the oracle database, DBA_USERS, ROLE_TAB_PRIVS, USER_TAB_PRIVS etc. can be defined as the sensitizing range, in the SQLserver database, syslogins, sysconfigures, sysobjects etc. can be defined as the sensitizing range, are storing the important information relevant with operating system or database in these tables, are the objects that need to pay close attention to.The User Defined table mostly and concrete environment and the System Dependent of user is for example deposited the table of user cipher.
Above-mentioned steps has illustrated the flow process that generates the white list database, adopt formula V=f1 * w1+f2 * w2+f3 * w3+f4 * w4 to obtain the as a result V that behavior database is analyzed after generating the white list database, for example, w1, w2, w3 and w4 respectively value are 2,1,2.5 and 3, preset value A is 3, if more than or equal to 3, judge then that behavior database is database abnormal behaviour by V=f1 * w1+f2 * w2+f3 * w3+f4 * w4 gained V value.By analyzing SQL statement, and the white list database relatively, just can identify the multiple abnormal behaviours such as SQL injection attacks, Tuo Ku, unusually access to netwoks, critical system table access of compromise data safety.
The method of the Test database abnormal behaviour that above-described embodiment provides, by SQL statement corresponding to database normal behaviour of collecting carried out the SQL statement keyword analyses, the SQL built-in function is analyzed, SQL expands the storing process analysis and the SQL statement sensitizing range is analyzed, generate the white list database, then adopt formula V=f1 * w1+f2 * w2+f3 * w3+f4 * w4 to obtain the as a result V that behavior database is analyzed, if V is more than or equal to preset value, judge that then behavior database is database abnormal behaviour, realized to check all sidedly behavior database, can not produce situation about failing to report, improve the efficient of Test database abnormal behaviour.
One of ordinary skill in the art will appreciate that: all or part of step that realizes above-mentioned each embodiment of the method can be finished by the relevant hardware of programmed instruction.Aforesaid program can be stored in the computer read/write memory medium.This program is carried out the step that comprises above-mentioned each embodiment of the method when carrying out; And aforesaid storage medium comprises: the various media that can be program code stored such as ROM, RAM, magnetic disc or CD.
Fig. 3 is the structural representation of the apparatus embodiments one of Test database abnormal behaviour of the present invention, as shown in Figure 3, the equipment of the present embodiment can comprise: collection module 11, generation module 12, analysis module 13 and judge module 14, wherein, collection module 11 is used for collecting SQL statement corresponding to database normal behaviour.
V=f1×w1+f2×w2+f3×w3+f4×w4 (1);
Wherein, weight, the weight of SQL built-in function, SQL that w1, w2, w3 and w4 are respectively the SQL statement key word expand the weight of storing process and the weight of SQL statement sensitizing range, f1, f2, f3 are respectively and judge that SQL statement key word, SQL built-in function, SQL expand the whether function in the white list database of storing process, if in the white list database, then the rreturn value of each function is 0, if not in the white list database, then the rreturn value of each function is that 1, f4 is the sensitizing range analytic function.
If judge module 14 is used for V more than or equal to preset value, judge that then behavior database is database abnormal behaviour.
Wherein, generation module 12 is concrete for SQL statement being carried out SQL statement keyword analyses generation key word white list database; SQL statement is carried out the analysis of SQL built-in function generate built-in function white list database; SQL statement is carried out SQL expand storing process analysis generation expansion storing process white list database; SQL statement is carried out the sensitizing range analyze generation sensitizing range white list database, the sensitizing range comprises information and the User Defined table with System Dependent.
F4 is specially: if analyze the sensitizing range for information and the User Defined table of System Dependent, then the rreturn value of f4 is 1, is data outside the white list if analyze the sensitizing range, and then the rreturn value of f4 is 0.6, w1, w2, w3 and w4 be respectively 2,1,2.5 and 3, A be 3.
The equipment of the present embodiment can be for the technical scheme of carrying out embodiment of the method shown in Figure 1, and its realization principle and technique effect are similar, repeat no more herein.
It should be noted that at last: above each embodiment is not intended to limit only in order to technical scheme of the present invention to be described; Although with reference to aforementioned each embodiment the present invention is had been described in detail, those of ordinary skill in the art is to be understood that: it still can be made amendment to the technical scheme that aforementioned each embodiment puts down in writing, and perhaps some or all of technical characterictic wherein is equal to replacement; And these modifications or replacement do not make the essence of appropriate technical solution break away from the scope of various embodiments of the present invention technical scheme.
Claims (8)
1. the method for a Test database abnormal behaviour is characterized in that, comprising:
Collect SQL statement corresponding to database normal behaviour;
Described SQL statement is carried out SQL statement keyword analyses, the analysis of SQL built-in function, SQL expansion storing process analysis and SQL statement sensitizing range analyze, generate the white list database;
Adopt formula (1) to obtain the as a result V that behavior database is analyzed:
V=f1×w1+f2×w2+f3×w3+f4×w4 (1);
Wherein, weight, the weight of SQL built-in function, SQL that w1, w2, w3 and w4 are respectively the SQL statement key word expand the weight of storing process and the weight of SQL statement sensitizing range, f1, f2, f3 are respectively and judge that SQL statement key word, SQL built-in function, SQL expand the whether function in described white list database of storing process, if in described white list database, then the rreturn value of each function is 0, if not in described white list database, then the rreturn value of each function is that 1, f4 is the sensitizing range analytic function;
If it is database abnormal behaviour that V, then judges described behavior database more than or equal to preset value A.
2. method according to claim 1 describedly carries out to described SQL statement that SQL statement keyword analyses, SQL built-in function are analyzed, SQL expands the storing process analysis and the SQL statement sensitizing range is analyzed, and generates the white list database, comprising:
Described SQL statement is carried out the SQL statement keyword analyses generate key word white list database;
Described SQL statement is carried out the analysis of SQL built-in function generate built-in function white list database;
Described SQL statement is carried out SQL expand storing process analysis generation expansion storing process white list database;
Described SQL statement is carried out the sensitizing range analyze generation sensitizing range white list database, described sensitizing range comprises information and the User Defined table with System Dependent.
3. method according to claim 2, described f4 is specially:
If analyze described sensitizing range for and information and the User Defined table of System Dependent, then the rreturn value of described f4 is 1, is data outside the white list if analyze described sensitizing range, then the rreturn value of described f4 is 0.6.
4. each described method is characterized in that according to claim 1 ~ 3, and described w1, w2, w3 and w4 are respectively 2,1,2.5 and 3, and described A is 3.
5. the equipment of a Test database abnormal behaviour is characterized in that, comprising:
Collection module is used for collecting SQL statement corresponding to database normal behaviour;
Generation module is used for that described SQL statement is carried out SQL statement keyword analyses, the analysis of SQL built-in function, SQL expansion storing process analysis and SQL statement sensitizing range and analyzes, and generates the white list database;
Analysis module is used for adopting formula (1) to obtain the as a result V that behavior database is analyzed:
V=f1×w1+f2×w2+f3×w3+f4×w4 (1);
Wherein, weight, the weight of SQL built-in function, SQL that w1, w2, w3 and w4 are respectively the SQL statement key word expand the weight of storing process and the weight of SQL statement sensitizing range, f1, f2, f3 are respectively and judge that SQL statement key word, SQL built-in function, SQL expand the whether function in described white list database of storing process, if in described white list database, then the rreturn value of each function is 0, if not in described white list database, then the rreturn value of each function is that 1, f4 is the sensitizing range analytic function;
Judge module if be used for V more than or equal to preset value, judges that then described behavior database is database abnormal behaviour.
6. equipment according to claim 5, described generation module are used for that specifically described SQL statement is carried out the SQL statement keyword analyses and generate key word white list database;
Described SQL statement is carried out the analysis of SQL built-in function generate built-in function white list database;
Described SQL statement is carried out SQL expand storing process analysis generation expansion storing process white list database;
Described SQL statement is carried out the sensitizing range analyze generation sensitizing range white list database, described sensitizing range comprises information and the User Defined table with System Dependent.
7. equipment according to claim 6, described f4 is specially:
If analyze described sensitizing range for and information and the User Defined table of System Dependent, then the rreturn value of described f4 is 1, is data outside the white list if analyze described sensitizing range, then the rreturn value of described f4 is 0.6.
8. each described equipment is characterized in that according to claim 5 ~ 7, and described w1, w2, w3 and w4 are respectively 2,1,2.5 and 3, and described A is 3.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2012104544388A CN102915376A (en) | 2012-11-13 | 2012-11-13 | Method and equipment for detecting deviant behavior of database |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2012104544388A CN102915376A (en) | 2012-11-13 | 2012-11-13 | Method and equipment for detecting deviant behavior of database |
Publications (1)
Publication Number | Publication Date |
---|---|
CN102915376A true CN102915376A (en) | 2013-02-06 |
Family
ID=47613742
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2012104544388A Pending CN102915376A (en) | 2012-11-13 | 2012-11-13 | Method and equipment for detecting deviant behavior of database |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN102915376A (en) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103365963A (en) * | 2013-06-20 | 2013-10-23 | 广州赛姆科技资讯有限公司 | Method for quickly testing compliance by database auditing system |
CN104778591A (en) * | 2015-04-01 | 2015-07-15 | 北京三快在线科技有限公司 | Extracting and identifying methods of feature information of abnormal behavior and devices |
CN105763534A (en) * | 2016-01-21 | 2016-07-13 | 厦门市三驾马车网络科技有限公司 | Method of detecting web system database information leakage through content trap |
CN107563193A (en) * | 2017-08-28 | 2018-01-09 | 深信服科技股份有限公司 | Access and control strategy of database method and system based on SQL templates |
CN108427669A (en) * | 2018-02-27 | 2018-08-21 | 华青融天(北京)技术股份有限公司 | Abnormal behaviour monitoring method and system |
CN108804947A (en) * | 2018-06-19 | 2018-11-13 | 上海点融信息科技有限责任公司 | Method and apparatus for determining the white list operated to database |
CN112800036A (en) * | 2020-12-30 | 2021-05-14 | 银盛通信有限公司 | Report analysis chart automatic generation and display method and system |
CN113505371A (en) * | 2021-08-06 | 2021-10-15 | 四川大学 | Database security risk assessment system |
CN116089949A (en) * | 2023-02-02 | 2023-05-09 | 安芯网盾(北京)科技有限公司 | Method for detecting drag library attack behavior aiming at Java web application |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1601542A (en) * | 2004-10-09 | 2005-03-30 | 北京五八四零信息技术有限公司 | Central information distributing platform system and method based on information receiving box |
CN1761203A (en) * | 2005-11-03 | 2006-04-19 | 上海交通大学 | System for synthetical analyzing and monitoring safety of information on network |
CN101167063A (en) * | 2005-03-28 | 2008-04-23 | Duaxes株式会社 | Communication control device and communication control system |
CN101901307A (en) * | 2009-05-27 | 2010-12-01 | 北京启明星辰信息技术股份有限公司 | Method and device for detecting whether database is attacked by cross-site script |
US7904472B1 (en) * | 2006-09-18 | 2011-03-08 | Symantec Operating Corporation | Scanning application binaries to identify database queries |
CN102567546A (en) * | 2012-01-18 | 2012-07-11 | 北京神州绿盟信息安全科技股份有限公司 | Structured query language (SQL) injection detection method and SQL injection detection device |
-
2012
- 2012-11-13 CN CN2012104544388A patent/CN102915376A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1601542A (en) * | 2004-10-09 | 2005-03-30 | 北京五八四零信息技术有限公司 | Central information distributing platform system and method based on information receiving box |
CN101167063A (en) * | 2005-03-28 | 2008-04-23 | Duaxes株式会社 | Communication control device and communication control system |
CN1761203A (en) * | 2005-11-03 | 2006-04-19 | 上海交通大学 | System for synthetical analyzing and monitoring safety of information on network |
US7904472B1 (en) * | 2006-09-18 | 2011-03-08 | Symantec Operating Corporation | Scanning application binaries to identify database queries |
CN101901307A (en) * | 2009-05-27 | 2010-12-01 | 北京启明星辰信息技术股份有限公司 | Method and device for detecting whether database is attacked by cross-site script |
CN102567546A (en) * | 2012-01-18 | 2012-07-11 | 北京神州绿盟信息安全科技股份有限公司 | Structured query language (SQL) injection detection method and SQL injection detection device |
Cited By (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103365963A (en) * | 2013-06-20 | 2013-10-23 | 广州赛姆科技资讯有限公司 | Method for quickly testing compliance by database auditing system |
CN103365963B (en) * | 2013-06-20 | 2016-06-01 | 广州赛姆科技资讯有限公司 | Database audit system compliance method for quickly detecting |
CN104778591A (en) * | 2015-04-01 | 2015-07-15 | 北京三快在线科技有限公司 | Extracting and identifying methods of feature information of abnormal behavior and devices |
CN104778591B (en) * | 2015-04-01 | 2018-05-22 | 北京三快在线科技有限公司 | A kind of extraction, recognition methods and the device of the characteristic information of abnormal behaviour |
CN105763534A (en) * | 2016-01-21 | 2016-07-13 | 厦门市三驾马车网络科技有限公司 | Method of detecting web system database information leakage through content trap |
CN107563193A (en) * | 2017-08-28 | 2018-01-09 | 深信服科技股份有限公司 | Access and control strategy of database method and system based on SQL templates |
CN108427669A (en) * | 2018-02-27 | 2018-08-21 | 华青融天(北京)技术股份有限公司 | Abnormal behaviour monitoring method and system |
CN108427669B (en) * | 2018-02-27 | 2021-06-11 | 华青融天(北京)软件股份有限公司 | Abnormal behavior monitoring method and system |
CN108804947A (en) * | 2018-06-19 | 2018-11-13 | 上海点融信息科技有限责任公司 | Method and apparatus for determining the white list operated to database |
CN112800036A (en) * | 2020-12-30 | 2021-05-14 | 银盛通信有限公司 | Report analysis chart automatic generation and display method and system |
CN113505371A (en) * | 2021-08-06 | 2021-10-15 | 四川大学 | Database security risk assessment system |
CN113505371B (en) * | 2021-08-06 | 2022-03-15 | 四川大学 | Database security risk assessment system |
CN116089949A (en) * | 2023-02-02 | 2023-05-09 | 安芯网盾(北京)科技有限公司 | Method for detecting drag library attack behavior aiming at Java web application |
CN116089949B (en) * | 2023-02-02 | 2023-07-21 | 安芯网盾(北京)科技有限公司 | Method for detecting drag library attack behavior aiming at Java web application |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102915376A (en) | Method and equipment for detecting deviant behavior of database | |
CN102270225B (en) | Data change daily record method for supervising and data change daily record supervising device | |
US11716349B2 (en) | Machine learning detection of database injection attacks | |
CN105357217B (en) | Data based on user behavior analysis steal methods of risk assessment and system | |
CN103167202B (en) | Method and device for auditing phone bills with different sources | |
Shapira et al. | Content-based data leakage detection using extended fingerprinting | |
Wu et al. | A countermeasure to SQL injection attack for cloud environment | |
CN104881483B (en) | Automatic detection evidence collecting method for the attack of Hadoop platform leaking data | |
CN104281808A (en) | Universal detection method for malicious act of Android system | |
CN106708859A (en) | Auditing method for resource access behaviors and device | |
Ben Jaballah et al. | A grey-box approach for detecting malicious user interactions in web applications | |
CN104426836A (en) | Invasion detection method and device | |
CN111680010B (en) | Log system design method suitable for JavaEE application server | |
CN108173818A (en) | A kind of network security threats analysis method and system based on Proxy daily record datas | |
Makani et al. | The dynamics of collaborative tagging: An analysis of tag vocabulary application in knowledge representation, discovery and retrieval | |
CN103699828A (en) | Information security management method | |
Wu et al. | Towards SQL injection attacks detection mechanism using parse tree | |
KR101264792B1 (en) | Personal information protection system | |
CN115640158A (en) | Detection analysis method and device based on database | |
KR101681054B1 (en) | Auto learning method and system to detect malicious sql commands | |
Canelón et al. | Unstructured data for cybersecurity and internal control | |
CN102546636A (en) | Protected resource monitoring method and device | |
CN111753020A (en) | Method and device for establishing relational network model | |
CN106649458A (en) | Method and system for detecting file update amount | |
CN107315806B (en) | Embedded storage method and device based on file system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C12 | Rejection of a patent application after its publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20130206 |