CN106202560A - A kind of method and device realizing database audit - Google Patents
A kind of method and device realizing database audit Download PDFInfo
- Publication number
- CN106202560A CN106202560A CN201610613619.9A CN201610613619A CN106202560A CN 106202560 A CN106202560 A CN 106202560A CN 201610613619 A CN201610613619 A CN 201610613619A CN 106202560 A CN106202560 A CN 106202560A
- Authority
- CN
- China
- Prior art keywords
- session
- daily record
- audit
- log
- identification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/30—Information retrieval; Database structures therefor; File system structures therefor of unstructured textual data
- G06F16/33—Querying
- G06F16/338—Presentation of query results
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/21—Design, administration or maintenance of databases
- G06F16/211—Schema design and management
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Databases & Information Systems (AREA)
- Data Mining & Analysis (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computational Linguistics (AREA)
- Computer And Data Communications (AREA)
Abstract
The application provides a kind of method and device realizing database audit, and described method includes: when the message received is matched with predefined audit strategy, records the session identification of database access session corresponding to described message;When the session log that the described database access session of generation is corresponding, described session log is added the session identification of described database access session;According to the session identification comprised in each session log, the session log obtained carries out packet show, it is easy to preset audit user and quickly finds all paid close attention to session log, especially when the flowing of access of data base is bigger, the session log of substantial amounts can be produced, thus can be effectively improved audit efficiency by technical scheme.
Description
Technical field
The application relates to the network communications technology, particularly to a kind of method and device realizing database audit.
Background technology
At present, there is certain security risk, such as, internal user malice behaviour in the data base that some departments of China use
Making, abuse resource or reveal enterprise's confidential information, artificial maloperation and hacker attacks, make Database Systems cause greatly in addition
Loss.In order to reduce loss, the data stream accessing data base is acquired, analyzes and knows by database security auditing system
Not, the related content corelation behaviour and data base that access data base being sent and being received stores, audits, inquires about and divides
Analysis, record forms session log, audits for default audit user.
In relevant technology, audit gateway device judges whether to need data base's access session based on audit strategy
Initiator audits.When default audit user audits, service end extracts all generations from daily record retention system
Session log information, and arrange according to the genesis sequence of session log information, show one by one and preset audit user.But
It is, owing to each data base may be conducted interviews operation by different clients in the same time so that the corresponding session day generated
Will information stores and retains in system to daily record with the most mutually blending, causes being showed in default when these session log information
During audit user, put in order disorderly and unsystematic, bring great difficulty to audit work, cause examining that efficiency is the lowest.
Summary of the invention
In view of this, the application provides a kind of method and device realizing database audit, it will words daily record is according to session
Mark packet is shown, and convenient default audit user audits, and improves audit efficiency.
Specifically, the application is achieved by the following technical solution:
According to the first aspect of the invention, it is proposed that a kind of method realizing database audit, including:
When the message received is matched with predefined audit strategy, record the database access meeting that described message is corresponding
The session identification of words;
When the session log that the described database access session of generation is corresponding, described session log is added described data
The session identification of storehouse access session;
According to the session identification comprised in each session log, the session log obtained is carried out packet and shows, in advance
If audit user carries out database audit.
According to the second aspect of the invention, it is proposed that a kind of device realizing database audit, including:
Record unit, when the message received is matched with predefined audit strategy, records the number that described message is corresponding
Session identification according to storehouse access session;
Adding device, when the session log that the described database access session of generation is corresponding, adds in described session log
Add the session identification of described database access session;
Display unit, according to the session identification comprised in each session log, carries out packet exhibition to the session log obtained
Show, carry out database audit for default audit user.
As seen through the above technical solutions, the present invention is when the message received is matched with predefined audit strategy, logical
The session identification of the database access session that this message of overwriting is corresponding, and in session log corresponding to this database access session
This session identification of middle interpolation, can carry out packet according to this session identification session log to obtaining and show, it is simple to preset audit
User quickly finds paid close attention to session log, especially when the flowing of access of data base is bigger, can produce substantial amounts
Session log, audit efficiency can be effectively improved thereby through technical scheme.
Accompanying drawing explanation
Fig. 1 is a kind of network architecture schematic diagram in correlation technique;
Fig. 2 is a kind of method flow diagram realizing database audit of the present invention one exemplary embodiment;
Fig. 3 is the method flow diagram that the another kind of the present invention one exemplary embodiment realizes database audit;
Fig. 4 is that the present invention one exemplary embodiment database audit session logs in daily record schematic diagram;
Fig. 5 is the database audit session detail daily record schematic diagram of the present invention one exemplary embodiment;
Fig. 6 is the present invention one exemplary embodiment database audit session log schematic diagram;
Fig. 7 is a kind of device schematic diagram realizing database audit of the present invention one exemplary embodiment.
Detailed description of the invention
Here will illustrate exemplary embodiment in detail, its example represents in the accompanying drawings.Explained below relates to
During accompanying drawing, unless otherwise indicated, the same numbers in different accompanying drawings represents same or analogous key element.Following exemplary embodiment
Described in embodiment do not represent all embodiments consistent with the application.On the contrary, they are only with the most appended
The example of the apparatus and method that some aspects that described in detail in claims, the application are consistent.
Fig. 1 is a kind of network architecture schematic diagram in correlation technique, sees Fig. 1: service end is configured with data base, such as
Oracle database, MySQL database and SQL server database, and service end be also equipped with audit gateway device, make
Obtain each clients such as client 1, client 2 and client 3 to be required to access above-mentioned data base by this audit gateway device,
Thus the access stencil of each client is audited.
As a example by oracle database.When client 1 Accessing Oracle Database, a visit can be sent to service end
Ask the request message of oracle database, to set up corresponding database access session;And gateway device of auditing can be according in advance
This database access session is mated, such as by IP address and the audit of this database access session by the audit strategy of definition
The IP network section needing audit defined in strategy is mated, to determine the need for the initiator to this database access session
Audit, identify that the database protocol that the message of this database access session uses (is such as accessing Oracle number for another example
During according to storehouse, it is oracle database agreement), it is accessed for whether data base belongs to the audit defined in audit strategy to determine
Object, i.e. needs the data base of audit;So, it is judged as being matched with predefined audit plan when above-mentioned database access session
Time slightly, for this client 1 all access operations of oracle database can be generated corresponding session log, and by will
Session log is stored in daily record retention system, carries out database audit for default audit user.
In above-mentioned correlation technique, when default audit user's audit database, service end is from daily record retention system
Extract generate session log information, and according to the genesis sequence of session log information carry out arrangement show preset audit use
Family.But, owing to each data base may be conducted interviews operation by different clients in the same time so that the corresponding meeting generated
Words log information stores and retains in system to daily record with the most mutually blending, causes being showed in when these session log information
When presetting audit user, put in order disorderly and unsystematic, bring great difficulty to audit work, cause examining that efficiency is the lowest
Under.
Therefore, the present invention is a kind of to realizing the improvement project of database audit by proposing, and can solve in correlation technique
The problems referred to above, illustrate below in conjunction with embodiment.
Fig. 2 shows a kind of method flow diagram realizing database audit of the present invention one exemplary embodiment, such as Fig. 2 institute
Showing, the method is applied to audit on gateway device, can include lower step:
In step 201, when the message received is matched with predefined audit strategy, described message is recorded corresponding
The session identification of database access session.
In the present embodiment, determine that database access session is matched with predefined audit strategy when audit gateway device
Time, can record the session identification of this database access session, such as this session identification can be session id, it is also possible to be can
Ensureing other marks of session uniqueness, this is not limited by the present invention.
In step 202., when the session log that the described database access session of generation is corresponding, in described session log
Add the session identification of described database access session.
In the present embodiment, described session log includes: session logs in daily record, logins data base for recording user
Or publish information;Session detail daily record, for recording user's data operation information to data base.So session log is carried out
Classification, follow-up when showing different session log in varied situations, convenient preset audit user and check associated session daily record.
In the present embodiment, described session login daily record is stored in different paths from described session detail daily record.
So when searching for corresponding session detail daily record, volumes of searches can be reduced, promote search efficiency.
In step 203, according to the session identification comprised in each session log, the session log obtained is grouped
Show, carry out database audit for default audit user.
In the present embodiment, according to the session identification comprised in each session log, the session log obtained can be entered
Row packet is shown, including: packet shows that the session that each session identification is corresponding logs in daily record;When receiving for arbitrary session mark
When the detail of the packet knowing correspondence checks request, show the session detail daily record that described arbitrary session identification is corresponding.The most permissible
The rambling all sessions of display arrangement order simultaneously are avoided to log in daily record and session detail daily record, convenient default audit user
Audit database.
It is in the present embodiment, described when the detail receiving the packet corresponding for arbitrary session identification checks request,
Show the session detail daily record that described arbitrary session identification is corresponding, including: under the store path of all session detail daily records, root
Search operation is performed according to described arbitrary session identification;Show the session detail daily record searched.
As seen through the above technical solutions, the present invention is when the message received is matched with predefined audit strategy, logical
The session identification of the database access session that this message of overwriting is corresponding, and in session log corresponding to this database access session
This session identification of middle interpolation, can carry out packet according to this session identification session log to obtaining and show, it is simple to preset audit
User quickly finds all paid close attention to session log, especially when the flowing of access of data base is bigger, can produce quantity
Huge session log, can be effectively improved audit efficiency thereby through technical scheme.
In the inventive solutions, by improving data base's access session, the processing mode of session log, and
Thering is provided more preferably interactive experience, to promote the audit efficiency to data base, but the whole network architecture still can continue to use relevant skill
The network architecture in art.So, in order to make it easy to understand, below in conjunction with the network architecture shown in Fig. 1 and the enforcement shown in Fig. 3
Example, is described in further detail technical scheme.Wherein, Fig. 3 is another of the present invention one exemplary embodiment
Plant the method flow diagram realizing database audit, as it is shown on figure 3, said method comprising the steps of:
In step 301, database access session is set up.
In this embodiment it is assumed that user wishes to be accessed the Oracle number of service end configuration by the client 1 shown in Fig. 1
According to storehouse.Client 1 can send the request message of an Accessing Oracle Database to service end, and accordingly at client 1 and clothes
Corresponding database access session is set up, to realize the client 1 visit to oracle database between business end oracle database
Ask.
In step 302, it is judged that whether database access session is matched with predefined audit strategy.
In the present embodiment, the network architecture as shown in Figure 1 understands: set up between client 1 and oracle database
All messages that above-mentioned database access session produces, all can be received by audit gateway device, make this audit gateway device
Can determine therefrom that whether this database access session is matched with predefined audit strategy, i.e. auditor the need of to this
The session log that database access session produces is audited.
In the present embodiment, the audit element of audit strategy definition may include that IP network section and the audit target.
For IP address, audit gateway device can obtain IP address (the i.e. client 1 of above-mentioned database access session
IP address), and judge whether this IP address belongs to audit gateway device predefined IP network section.Such as, define when audit strategy
IP network section when being (192.168.2.1-192.168.2.255), if the IP address of client 1 is 192.168.2.128, i.e.
Belong to this IP network section, then show that the IP address of above-mentioned database access session is matched with the IP network section of this audit strategy definition.
For the audit target, the i.e. data base needing audit of audit strategy definition, than Oracle data as shown in Figure 1
Storehouse, MySQL database and SQL server database, can only audit to oracle database and MySQL database,
And without other data bases are audited.So, audit gateway device is by identifying the report of above-mentioned database access session
The database protocol of literary grace, such as identifies database protocol when being oracle database agreement, it may be determined that this data base
The data base that access session relates to is oracle database, then show the data base that above-mentioned database access session is targeted
It is assigned in the audit target of this audit strategy definition.
Therefore, when database access session is matched with all audit elements of audit strategy definition, data base is such as worked as
When access session is matched with above-mentioned IP network section and the audit target simultaneously, it may be determined that this database access session is matched with predetermined
The audit strategy of justice.
In step 303, recording conversation mark.
In the present embodiment, determine that database access session is matched with predefined audit strategy when audit gateway device
Time, can record the session identification of this database access session, such as this session identification can be that session id (is remembered in such as Fig. 4
The session id of record is 2231), it is also possible to being other marks that ensure that session uniqueness, this is not limited by the present invention
System.
In step 304, generate session log, and in session log, add the session identification of record.
In the present embodiment, based on above-mentioned database access session produce arbitrary alternately, all can generate corresponding
Session log.Such as, user logined to oracle database by client 1 or publishes operation, can generate corresponding
Session log in daily record, oracle database logined or publish information recording user, such as, logining or logout time, adopt
Port numbers etc.;During the state of logining is in for user, behaviour oracle database performed by client 1
Make, corresponding session detail daily record can be generated, to record user's data operation information to oracle database, such as inquire about
Data base, editor's database.
And when generating all sessions described above and logging in the session log such as daily record, session detail daily record, gateway device of auditing
The session identification of corresponding database access session can be added so that audit gateway device can enter in every session log
And by this session identification, session log is identified, distinguishes and the operation such as statistics, and manually check without auditor, know
Not and distinguish, in order to improve the audit efficiency to data base.
In step 305, the session log of described session identification is carried in storage.
In the present embodiment, different types of session log can be stored respectively under different path.Such as upper
The session stated logs in daily record and session detail daily record, session can be logged in daily record be stored in daily record retain system A district, will
The detailed daily record of words is stored in daily record and retains the B district of system, then follow-up (such as in step 309) is searching for certain according to session identification
During class session log, such as when search sessions detail daily record, only can retain the B district of system from daily record and scan for, and nothing
The A district that daily record need to be retained system scan for, and so can greatly reduce volumes of searches, contribute to promoting search efficiency and right
The response speed of demand is checked in the daily record of auditor.
Within step 306, show that session logs in daily record.
In the present embodiment, based on user's operating habit under normal circumstances, i.e. one time access process only exists once
Login or publish operation, but there may be many times to operations such as the inquiry of data base, editors, thus session logs in daily record
Quantity is often much smaller than session detail daily record.So, log in daily record by first showing session, auditor couple can be met
In session essential information check demand in the case of, reduce auditor the data amount of checking, on the contrary contribute to promote audit
Personnel consult speed and efficiency, by checking that session logs in all " session id ", " users as shown in Figure 4 that daily record comprises
IP ", " source port ", the information such as " type of database ", enable auditor quickly to determine the database access wishing to pay close attention to
Session, then looks at corresponding session detail daily record, to complete audit operation.
In step 307, it may be judged whether receive the request showing session detail daily record.
In the present embodiment, after auditor determines the database access session wishing to pay close attention to, can trigger corresponding
Session logs in daily record, to send the displaying request of the session detail daily record for this database access session, thus checks corresponding
Session detail daily record.
For example, in interface as shown in Figure 4, every session logs in daily record and (corresponds respectively to different data bases
Access session) right-hand member be provided with corresponding trigger control " ", auditor determine wish pay close attention to database access meeting
After words, the control " " that corresponding session logs at daily record can be triggered.So, when detecting that auditor is to a certain
During the operation such as the touch of control " " or click, it may be determined that session belonging to this control logs in the session mark that daily record is corresponding
Know, and determine that server receives the displaying request of the session detail daily record corresponding for this session identification.
In step 308, according to session identification search sessions detail daily record.
In the present embodiment, as shown in Figure 4, it is assumed that detect that auditor logs in carrying the session that session id is 2231
The trigger action of the control " " after daily record, server can be under the store path of session detail daily record, according to session id
" 2231 " perform search operation, search to obtain all session detail daily records under this session id.So, daily record, session are logged in when session
When detailed daily record etc. is classified storage in step 305, volumes of searches can be reduced, promote search efficiency, auditor is touched
Send out operation quickly to respond, reduce wait time delay.
In a step 309, the session detail daily record searched is shown.
In the present embodiment, as it is shown in figure 5, another page can be generated on the basis of Fig. 4, search to show
Session detail daily record;District is carried out between daily record with adjacent session login daily record it is of course also possible to log in selected session
Territory extends, and session id 2231 the most in the diagram, the session of session id 2232 correspondence log in and form a temporary extension between daily record
Region, and above-mentioned session detail daily record is shown in this temporary extension region.Certainly, the present invention is not limiting as session detailed
The display form of daily record.
Such as shown in Fig. 5, show the partial session detail daily record that session id is 2231, have recorded client 1 right
The information that operates in detail of oracle database, the session detail daily record of such as bottom represents: " client 1 is ' 16-in the time
During 04-13 15:44:32 ', delete the form of named ' cam_lc ' ", the session detail daily record of the top represents: " ' 15:
During 59:01 ', the ID of oneself is updated to ' jason ' " etc..Similarly, auditor can also look at other any session id pair
The session detail daily record answered, here is omitted.
It practice, each session to be logged in by auditor the triggering of daily record, and obtain corresponding session login daily record
Corresponding session id, is equivalent to be grouped the session detail daily record in daily record retention system according to session id, then passes through
Mode as shown in Figure 5 or similar fashion, it is achieved that the packet to session detail daily record is shown, and divides one by one without auditor
Distinguish every session log, in order to auditor audits operation, contribute to promoting audit efficiency.
Additionally, the session log exhibition method described except Fig. 3-5 (the most first illustrates that session logs in daily record, illustrates session again
Detailed daily record) outside, it is also possible to session is logged in daily record and session detail daily record is shown simultaneously.See Fig. 6: can be by same
All session log under one session id are shown continuously, are equivalent to be divided into the displayed page shown in Fig. 6 correspondence respectively
In the display area of each session id, thus all session log of same session id are illustrated in corresponding display area,
Can prevent from mixing between the session log of different sessions ID, equally realize dialogue-based ID and session log is carried out
Packet is shown.
Such as, two display area are illustrated in figure 6 (in actual displayed page, for different display area
Division can be sightless), be respectively used to show session id be 2231, session id be the session log of 2232;Other meetings
Session log under words ID can use similar fashion to be shown, and here is omitted.
Corresponding with the aforementioned embodiment realizing database audit method, present invention also provides and realize database audit dress
The embodiment put.
The application is realized the device embodiment of database audit and can be realized by software, it is also possible to by hardware or soft
The mode of combination of hardware realizes.As a example by implemented in software, as the device on a logical meaning, by its place equipment
Computer program instructions corresponding in nonvolatile memory is read and runs formation in internal memory by processor.From hardware view
For, in addition to processor, internal memory, network interface and nonvolatile memory, in embodiment, device can also include it
His hardware, repeats no more this.
Fig. 7 is a kind of device schematic diagram realizing database audit of the present invention one exemplary embodiment, this schematic diagram bag
Include: record unit 701, adding device 702 and display unit 703.
Wherein, record unit, when the message received is matched with predefined audit strategy, record described message corresponding
The session identification of database access session.
Adding device, when the session log that the described database access session of generation is corresponding, adds in described session log
Add the session identification of described database access session.
Display unit, according to the session identification comprised in each session log, carries out packet exhibition to the session log obtained
Show, carry out database audit for default audit user.
Optionally, the session log that described display unit is shown includes: session logs in daily record, is used for recording user to data
The logining or publish information of storehouse;Session detail daily record, for recording user's data operation information to data base.
Optionally, the described session that described display unit is shown logs in daily record and is stored with described session detail daily record
In different paths.
Optionally, described display unit specifically for:
Packet shows that the session that each session identification is corresponding logs in daily record;
When the detail receiving the packet corresponding for arbitrary session identification checks request, show described arbitrary session mark
Know corresponding session detail daily record.
Optionally, described display unit shows, by following manner, the session detail day that described arbitrary session identification is corresponding
Will:
Under the store path of all session detail daily records, perform search operation according to described arbitrary session identification;
Show the session detail daily record searched.
In said apparatus, the function of unit and the process that realizes of effect specifically refer to corresponding step in said method
Realize process, do not repeat them here.
For device embodiment, owing to it corresponds essentially to embodiment of the method, so relevant part sees method in fact
The part executing example illustrates.Device embodiment described above is only schematically, wherein said as separating component
The unit illustrated can be or may not be physically separate, and the parts shown as unit can be or can also
It not physical location, i.e. may be located at a place, or can also be distributed on multiple NE.Can be according to reality
Need to select portion therein or whole module to realize the purpose of the application scheme.Those of ordinary skill in the art are not paying
In the case of creative work, i.e. it is appreciated that and implements.
The foregoing is only the preferred embodiment of the application, not in order to limit the application, all essences in the application
Within god and principle, any modification, equivalent substitution and improvement etc. done, should be included within the scope of the application protection.
Claims (10)
1. the method realizing database audit, it is characterised in that including:
When the message received is matched with predefined audit strategy, record database access session corresponding to described message
Session identification;
When the session log that the described database access session of generation is corresponding, described session log is added described data base and visits
Ask the session identification of session;
According to the session identification comprised in each session log, the session log obtained is carried out packet and shows, examine for presetting
Meter user carries out database audit.
Method the most according to claim 1, it is characterised in that described session log includes:
Session logs in daily record, logins data base for recording user or publishes information;
Session detail daily record, for recording user's data operation information to data base.
Method the most according to claim 2, it is characterised in that described session logs in daily record and described session detail daily record quilt
It is stored respectively in different path.
Method the most according to claim 2, it is characterised in that described according to the session mark comprised in each session log
Know, the session log obtained is carried out packet and shows, including:
Packet shows that the session that each session identification is corresponding logs in daily record;
When the detail receiving the packet corresponding for arbitrary session identification checks request, show described arbitrary session identification pair
The session detail daily record answered.
Method the most according to claim 4, it is characterised in that described when receiving for corresponding the dividing of arbitrary session identification
When the detail of group checks request, show the session detail daily record that described arbitrary session identification is corresponding, including:
Under the store path of all session detail daily records, perform search operation according to described arbitrary session identification;
Show the session detail daily record searched.
6. the device realizing database audit, it is characterised in that including:
Record unit, when the message received is matched with predefined audit strategy, records the data base that described message is corresponding
The session identification of access session;
Adding device, when the session log that the described database access session of generation is corresponding, adds institute in described session log
State the session identification of database access session;
Display unit, according to the session identification comprised in each session log, carries out packet and shows the session log obtained, with
Database audit is carried out for presetting audit user.
Device the most according to claim 6, it is characterised in that the session log that described display unit is shown includes:
Session logs in daily record, logins data base for recording user or publishes information;
Session detail daily record, for recording user's data operation information to data base.
Device the most according to claim 7, it is characterised in that described display unit show described session log in daily record with
Described session detail daily record is stored in different paths.
Device the most according to claim 7, it is characterised in that described display unit specifically for:
Packet shows that the session that each session identification is corresponding logs in daily record;
When the detail receiving the packet corresponding for arbitrary session identification checks request, show described arbitrary session identification pair
The session detail daily record answered.
Device the most according to claim 9, it is characterised in that described display unit shows described appointing by following manner
The session detail daily record that one session identification is corresponding:
Under the store path of all session detail daily records, perform search operation according to described arbitrary session identification;
Show the session detail daily record searched.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610613619.9A CN106202560A (en) | 2016-07-29 | 2016-07-29 | A kind of method and device realizing database audit |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610613619.9A CN106202560A (en) | 2016-07-29 | 2016-07-29 | A kind of method and device realizing database audit |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106202560A true CN106202560A (en) | 2016-12-07 |
Family
ID=57498108
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610613619.9A Pending CN106202560A (en) | 2016-07-29 | 2016-07-29 | A kind of method and device realizing database audit |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106202560A (en) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107122408A (en) * | 2017-03-24 | 2017-09-01 | 深圳昂楷科技有限公司 | Information association and its database audit method, auditing system |
CN107302529A (en) * | 2017-06-14 | 2017-10-27 | 苏州海加网络科技股份有限公司 | Database security auditing system and method based on scene perception |
CN107370628A (en) * | 2017-08-17 | 2017-11-21 | 阿里巴巴集团控股有限公司 | Based on the log processing method and system buried a little |
CN108874955A (en) * | 2018-05-30 | 2018-11-23 | 郑州信大天瑞信息技术有限公司 | A kind of database audit method |
CN110674160A (en) * | 2019-09-20 | 2020-01-10 | 上海擎感智能科技有限公司 | Method, system, storage medium and terminal for MySQL access audit |
CN112487483A (en) * | 2020-12-14 | 2021-03-12 | 深圳昂楷科技有限公司 | Encrypted database flow auditing method and device |
CN112749410A (en) * | 2021-01-08 | 2021-05-04 | 广州锦行网络科技有限公司 | Database security protection method and device |
CN113420007A (en) * | 2021-03-31 | 2021-09-21 | 阿里巴巴新加坡控股有限公司 | Audit processing method and device for database access and electronic equipment |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070038683A1 (en) * | 2005-08-04 | 2007-02-15 | Pentaho Corporation | Business intelligence system and methods |
US20070112871A1 (en) * | 2005-11-17 | 2007-05-17 | Mulagund Gopal B | Method and apparatus for facilitating condition-based dynamic auditing policies in a database |
US7690036B2 (en) * | 2005-12-12 | 2010-03-30 | Microsoft Corporation | Special group logon tracking |
CN101931557A (en) * | 2010-08-13 | 2010-12-29 | 杭州迪普科技有限公司 | User behaviour auditing method and system |
CN103336820A (en) * | 2013-07-01 | 2013-10-02 | 广东科学技术职业学院 | Key data auditing method of information system |
CN104063473A (en) * | 2014-06-30 | 2014-09-24 | 江苏华大天益电力科技有限公司 | Database auditing monitoring system and database auditing monitoring method |
-
2016
- 2016-07-29 CN CN201610613619.9A patent/CN106202560A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070038683A1 (en) * | 2005-08-04 | 2007-02-15 | Pentaho Corporation | Business intelligence system and methods |
US20070112871A1 (en) * | 2005-11-17 | 2007-05-17 | Mulagund Gopal B | Method and apparatus for facilitating condition-based dynamic auditing policies in a database |
US7690036B2 (en) * | 2005-12-12 | 2010-03-30 | Microsoft Corporation | Special group logon tracking |
CN101931557A (en) * | 2010-08-13 | 2010-12-29 | 杭州迪普科技有限公司 | User behaviour auditing method and system |
CN103336820A (en) * | 2013-07-01 | 2013-10-02 | 广东科学技术职业学院 | Key data auditing method of information system |
CN104063473A (en) * | 2014-06-30 | 2014-09-24 | 江苏华大天益电力科技有限公司 | Database auditing monitoring system and database auditing monitoring method |
Non-Patent Citations (3)
Title |
---|
冯国礼: "基于日志分析技术的数据库审计系统研究与实现", 《信息网络安全》 * |
王凤英等: "《网络与信息安全 第3版》", 30 June 2015 * |
钱正麟 等: "基于网络侦听的数据库审计方法", 《计算机系统应用》 * |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107122408A (en) * | 2017-03-24 | 2017-09-01 | 深圳昂楷科技有限公司 | Information association and its database audit method, auditing system |
CN107302529A (en) * | 2017-06-14 | 2017-10-27 | 苏州海加网络科技股份有限公司 | Database security auditing system and method based on scene perception |
CN107370628A (en) * | 2017-08-17 | 2017-11-21 | 阿里巴巴集团控股有限公司 | Based on the log processing method and system buried a little |
CN108874955A (en) * | 2018-05-30 | 2018-11-23 | 郑州信大天瑞信息技术有限公司 | A kind of database audit method |
CN110674160A (en) * | 2019-09-20 | 2020-01-10 | 上海擎感智能科技有限公司 | Method, system, storage medium and terminal for MySQL access audit |
CN112487483A (en) * | 2020-12-14 | 2021-03-12 | 深圳昂楷科技有限公司 | Encrypted database flow auditing method and device |
CN112487483B (en) * | 2020-12-14 | 2024-05-03 | 深圳昂楷科技有限公司 | Encryption database flow auditing method and device |
CN112749410A (en) * | 2021-01-08 | 2021-05-04 | 广州锦行网络科技有限公司 | Database security protection method and device |
CN113420007A (en) * | 2021-03-31 | 2021-09-21 | 阿里巴巴新加坡控股有限公司 | Audit processing method and device for database access and electronic equipment |
CN113420007B (en) * | 2021-03-31 | 2023-09-26 | 阿里巴巴新加坡控股有限公司 | Audit processing method and device for database access and electronic equipment |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106202560A (en) | A kind of method and device realizing database audit | |
US11165822B2 (en) | Identifying phishing websites using DOM characteristics | |
US10581908B2 (en) | Identifying phishing websites using DOM characteristics | |
CN103490884B (en) | Be used for the method for the checking of digital certificate | |
US20080250159A1 (en) | Cybersquatter Patrol | |
CN107465651A (en) | Network attack detecting method and device | |
CN104168316B (en) | A kind of Webpage access control method, gateway | |
CN102394885A (en) | Information classification protection automatic verification method based on data stream | |
US11768898B2 (en) | Optimizing scraping requests through browsing profiles | |
US10764329B2 (en) | Associations among data records in a security information sharing platform | |
So et al. | Domains do change their spots: Quantifying potential abuse of residual trust | |
CN109493046A (en) | Business opportunity information sharing method, electronic device and readable storage medium storing program for executing based on block chain | |
WO2017138957A1 (en) | Visualization of associations among data records in a security information sharing platform | |
EP1699173B1 (en) | System and method for tracking individuals on a data network using communities of interest | |
US11880372B2 (en) | Distributed metadata definition and storage in a database system for public trust ledger smart contracts | |
US11356484B2 (en) | Strength of associations among data records in a security information sharing platform | |
Xu et al. | Statistical and clustering analysis of attributes of Bitcoin backbone nodes | |
Gu et al. | Fingerprinting Network Entities Based on Traffic Analysis in High‐Speed Network Environment | |
Panchenko | On the impact of cross-layer information leakage on anonymity in crowds | |
Šíma | Darknet market analysis and user de-anonymization | |
US20150180906A1 (en) | Method and system for evaluating access granted to dynamically provisioned virtual servers across endpoints in a network | |
Ioannou et al. | Been Here Already? Detecting Synchronized Browsers in the Wild | |
Dalziel | Securing social media in the enterprise | |
Broenink | Finding Relations Between Botnet C&Cs for Forensic Purposes | |
Habegger et al. | Privacy in Big Data |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information | ||
CB02 | Change of applicant information |
Address after: Binjiang District and Hangzhou city in Zhejiang Province Road 310051 No. 68 in the 6 storey building Applicant after: Hangzhou Dipu Polytron Technologies Inc Address before: Binjiang District and Hangzhou city in Zhejiang Province Road 310051 No. 68 in the 6 storey building Applicant before: Hangzhou Dipu Technology Co., Ltd. |
|
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20161207 |