CN106970939A - A kind of database audit method and its system - Google Patents

A kind of database audit method and its system Download PDF

Info

Publication number
CN106970939A
CN106970939A CN201710077935.3A CN201710077935A CN106970939A CN 106970939 A CN106970939 A CN 106970939A CN 201710077935 A CN201710077935 A CN 201710077935A CN 106970939 A CN106970939 A CN 106970939A
Authority
CN
China
Prior art keywords
translation unit
reply
statement
action statement
database
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710077935.3A
Other languages
Chinese (zh)
Other versions
CN106970939B (en
Inventor
刘华春
罗川
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
SHENZHEN ANTECH TECHNOLOGY CO LTD
Original Assignee
SHENZHEN ANTECH TECHNOLOGY CO LTD
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by SHENZHEN ANTECH TECHNOLOGY CO LTD filed Critical SHENZHEN ANTECH TECHNOLOGY CO LTD
Priority to CN201710077935.3A priority Critical patent/CN106970939B/en
Publication of CN106970939A publication Critical patent/CN106970939A/en
Application granted granted Critical
Publication of CN106970939B publication Critical patent/CN106970939B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/242Query formulation
    • G06F16/2433Query languages
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2452Query translation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2452Query translation
    • G06F16/24524Access plan code generation and invalidation; Reuse of access plans
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/28Databases characterised by their database models, e.g. relational or object models

Abstract

The embodiment of the present invention provides a kind of database audit method and its auditing system.Wherein, methods described includes:Recognized by feature database, request message is distributed into corresponding action statement translation unit;The request message is parsed by the action statement translation unit, action statement is generated and caches;Recognized by feature database, message will be replied and distributed into corresponding reply translation unit;The reply message is parsed by the reply translation unit, corresponding return analysis result is generated;Merge the action statement and return to analysis result, generate operation note.Pass through the parsing of feature database knowledge otherwise with different resolution units, the depth audit of SQL statement, object accesses and multidimensional data group access can be realized, record the operation content and related returning result of different clients ending tool, it is ensured that the safe and stable operation of database.

Description

A kind of database audit method and its system
Technical field
The present invention relates to database audit technical field, more particularly to a kind of database audit method and its system.
Background technology
With the development of network technology, storage device technology, high efficiency read-write, high concurrent reading of the people for mass data Write, the high scalability of data and availability, transaction consistency, read-write real-time, complexity SQL, particularly multilist correlation inquiry etc. Demand increasingly increase.
In relevant database, the main reason for causing poor performance is the correlation inquiry of multilist, and complicated The complicated SQL report querys of data analysis type.In order to ensure the ACID characteristics of database, it is necessary to as far as possible according to the model of its requirement Formula is designed, and the table in relevant database is all the data structure for storing a formatting.
The composition of each tuple field is just as, even if not being that each tuple is required for all fields, but database All fields can be distributed for each tuple, such structure can be in order to carry out linking etc. operation, but from another between poster table It is also a factor of relevant database performance bottleneck for one angle.
Based on above reason, non-relational database is occurred in that, such as mainstream product therein:Cach é databases (product of Intersystems companies of the U.S.).Cach é are mainly used in medical treatment, financial service, government and other many necks There is provided data management, strategic interoperability and analysis platform technology in domain.It is used as non-relational database, Cach é appearance Although solving a series of problems of relevant database presence well, it brings huge to database audit work Challenge.It is either domestic or external for the research and application of the security audit technology of Cach é databases, all in compared with For the state of blank.
During the application is realized, inventor has found that correlation technique has problems with:The usually audit to database The operation content for database is mainly extracted by good application Packet analyzing.In traditional Relational DataBase, operation All it is to meet by ANSI and International Organization for standardization (International Standards Organization, ISO) conduct The SQL standard of the standard cares of ISO/IEC 9075.It therefore, it can parse tradition by the agreement defined inside " SQL standard " SQL statement.
But for Cach é database non-relational databases, it is not complied with " SQL standard " simultaneously, therefore use tradition Protocol analysis can not carry out complete security audit to Cach é databases, it is impossible to identify the wind to Cach é databases Danger operation.
The content of the invention
The present invention provides a kind of database audit method and its system, it is intended to which solving available data auditing method can not be to non- The problem of relational data carries out complete security audit.
On the one hand the embodiment of the present invention provides a kind of database audit method.This method includes:
Recognized by feature database, request message is distributed into corresponding action statement translation unit;
The request message is parsed by the action statement translation unit, action statement is generated and caches;
Recognized by feature database, message will be replied and distributed into corresponding reply translation unit;
The reply message is parsed by the reply translation unit, corresponding return analysis result is generated;
Merge the action statement and return to analysis result, generate operation note.
Alternatively, methods described also includes:Judge whether to be cached with action statement;If so, then merging the action statement And corresponding return analysis result;If it is not, then handling next request message and replying message.
Alternatively, the action statement translation unit includes:Portal tool operation statement translations unit, Studio instruments Action statement translation unit, Terminal tool operation statement translation units and SQL access tools action statement translation units;
The reply translation unit includes:Portal instruments reply translation unit, Studio instruments reply translation unit, Terminal instruments reply translation unit and SQL access tools reply translation unit.
Alternatively, it is described that the request message is parsed by the action statement translation unit, generate action statement and delay Deposit, specifically include:
Obtained by Studio tool operation statement translations unit and access operation;
The operation content for accessing operation is determined according to the M language contents for accessing operation;It is described to access operation bag Include:Call method name, preservation action and the compiling action during M language.
Alternatively, methods described also includes:For the client of health care management information system, corresponding database is set Access rights.
On the other hand the embodiment of the present invention provides a kind of database audit system.The auditing system includes:Feature database is known Other unit, request message for being recognized by feature database, distributed into corresponding action statement translation unit and will replied Message is distributed into corresponding reply translation unit;Action statement translation unit, for parsing the request message, generation correspondence Action statement;Buffer unit, for caching the action statement;Translation unit is replied, it is raw for parsing the reply message Into return analysis result;And operation note generation unit, for merging the action statement and returning to analysis result, generation behaviour Note down.
Alternatively, the operation note generation unit is additionally operable to:Judge whether to be cached with action statement;If so, then merging The action statement and corresponding return analysis result;If it is not, then handling next request message and replying message.
Alternatively, the action statement translation unit includes:Portal tool operation statement translations unit, Studio instruments Action statement translation unit, Terminal tool operation statement translation units and SQL access tools action statement translation units;
The reply translation unit includes:Portal instruments reply translation unit, Studio instruments reply translation unit, Terminal instruments reply translation unit and SQL access tools reply translation unit.
Alternatively, the Studio tool operations statement translation unit specifically for:Obtain and access operation;Grasped according to accessing The M language contents of work determine the operation content for accessing operation;The access operation includes:Method name when calling M language, Preservation action and compiling action.
Alternatively, the system also includes:Priority assignation unit, for the client for health care management information system Corresponding database-access rights are set.
The database audit method and its system of the embodiment of the present invention, are known otherwise by feature database, can be to various After access stencil, the message format of form are identified, parsed by corresponding resolution unit, can realize SQL statement, Object accesses and the audit of the depth of multidimensional data group access, record the operation content and related return knot of different clients ending tool Really, it is ensured that the safe and stable operation of database.
Brief description of the drawings
In order to illustrate more clearly of the technical scheme of the embodiment of the present application, it will make below to required in the embodiment of the present application Accompanying drawing is briefly described.It should be evident that drawings described below is only some embodiments of the present application, for For those of ordinary skill in the art, on the premise of not paying creative work, other can also be obtained according to these accompanying drawings Accompanying drawing.
Fig. 1 is the method flow diagram of database audit method provided in an embodiment of the present invention;
Fig. 2 is the method flow diagram of caching sentence provided in an embodiment of the present invention;
Fig. 3 is the functional block diagram of database audit system provided in an embodiment of the present invention;
Fig. 4 is the functional block diagram for the database audit system that another embodiment of the present invention is provided;
Fig. 5 is the hardware architecture diagram of electronic equipment provided in an embodiment of the present invention.
Embodiment
In order that the object, technical solution and advantage of the application are more clearly understood, it is right below in conjunction with drawings and Examples The application is further elaborated.It should be appreciated that specific embodiment described herein is only to explain the application, not For limiting the application.
In Cach é databases, data storage is in each Global.One Global is many dimensions of a name In group, the physical data files for being stored in Cach é.Wherein, the storage cell of physical data files is data block Block (general It is 8K).Cach é databases control these data blocks using the structure of a similar downtree.
In the database, Global subscript and data are stored in sequence in together in one block.Therefore, Cach é databases provide three kinds of modes to access data, are sql sentences, object accesses database, n-dimension access number respectively According to array.Existing auditing system generally only provides the audit of sql access modes, without supporting such as object accesses database And the mode of n-dimension access array of data.
Fig. 1 is database audit method provided in an embodiment of the present invention.During regular job, user can pass through Various client utilitys, application system or the third party's instrument of Cach é geo-database integrations pass through the logarithms such as ODBC connected modes Conducted interviews operation according to storehouse.These are accessed operation and represented (i.e. specific data cell) with PDU groups bag.
This method comprises the following steps:
100:Recognized by feature database, request message is distributed into corresponding action statement translation unit.
The data (PDU groups bag) in database access process can be analyzed first, determine that it belongs to request message Or message is replied, to carry out corresponding feature database identification process.Feature database identification is a kind of conventional monitoring identification method, By the feature included in some default rules and feature database, request/reply message is matched or recognized, it is judged Whether a certain specific classification (such as whether with specific " fingerprint ", Feature Words or flow feature) is belonged to.
In certain embodiments, the strategy that feature database identification can be specifically combined using DFI, DPI or both.Its In, DPI (deep packet inspection) can be referred to as " deep packet " detection, and it is by increasing the application for message Layer analysis, accurately to recognize and detect application therein and content, the function such as finishing service identification, control or statistics.DFI (deep flow inspection) is a kind of recognition strategy based on traffic behavior, and it is embodied in meeting based on different application type The principle that state in words connection or data flow is had nothing in common with each other, by the traffic behavior feature of different messages, sets up characteristic model So as to differentiate application type.
DFI and DPI have respective advantage and deficiency, can be by the way that both the above is used in combination in feature database identification Recognition strategy, is obtained for the accurate Classification and Identification result of request/reply message, distribution is solved into corresponding functional unit Analysis.
Action statement translation unit can be any suitable, be combined by corresponding software, hardware or hardware and software real Existing, perform the functional module of packet parsing function.In embodiments of the present invention, due to non-relational database, such as Cach é There is the diversity of access mode in database, the species such as form, access stencil of message format is various.Accordingly, it would be desirable to according to spy Levy the recognition result in storehouse, be included into different action statement translation units parsed, translating operation, and can not use unified Parsing translation unit (such as meets the parsing translation unit that SQL statement parses standard).
In embodiments of the present invention, according to the access mode of Cach é databases, Portal instruments can be specifically set to grasp Make statement translation unit, Studio tool operation statement translations unit, Terminal tool operation statement translation units and SQL This four different types of action statement translation units of access tools action statement translation unit.
Wherein, Terminal instruments are Cach é geo-database integrations, can be directly connected to the instrument of database, and it is used Be telent agreements mode, it is possible to achieve remote login service.Studio instruments are Cach é geo-database integrations, are used for The instrument for compiling and debugging for developer, it is directly accessed database by performing M language.Portal instruments are then Another developing instrument of Cach é geo-database integrations.It uses form web page and carries out operation and maintenance, energy to database It is enough to access database using conventional SQL statement, the data on each global node can also be directly viewable.
In embodiments of the present invention, it can be recorded, made by all operations of Terminal instruments and Portal instruments Some with Studio instruments to database access operation, for example, the method name, preservation action and compiling when calling M language are dynamic Make, can also be recorded.
200:The request message is parsed by the action statement translation unit, action statement is generated and caches.
After action statement translation unit is parsed, the action statement of acquisition or an incomplete operation note, Also need to the corresponding reply data in merging data storehouse.It therefore, it can caching sentence, complete laggard replying packet parsing Row union operation.
300:Recognized by feature database, the reply message in packet is distributed into corresponding reply translation unit.
With step 100 analogously, it is possible to use corresponding, the feature database pre-set, feature is carried out to replying message Storehouse identification operation, it is determined that replying after the specific application type of message, will reply message and distributes to corresponding reply translation unit The middle parsing for carrying out message and translating operation.
400:The reply message is parsed by the reply translation unit, corresponding return analysis result is generated.It is described Return to analysis result corresponding with replying message, can generally include database root according to the operation of request message, the data of return Content or the status information of return etc..
In embodiments of the present invention, with aforesaid operations statement translation unit accordingly, reply translation unit can also wrap Include:Portal instruments reply translation unit, Studio instruments reply translation unit, Terminal instruments reply translation unit and SQL access tools reply translation unit, respectively the reply message to corresponding types parsed, translating operation.
500:Merge the action statement and return to analysis result, generate operation note.Reported to request message and reply After text is all parsed, the analysis result of request message and reply message can be merged into a complete operation note, with Complete the task of database audit.And the complete operation record finally obtained can be preserved or it is carried out Follow-up data processing operation.
Above-mentioned database audit method, the characteristics of non-SQL statement is accessed is had for non-relational database, there is provided A variety of different types of translation units produce corresponding operation note to realize the audit for different access mode.Further , known using feature database and data message is identified and classified first otherwise, it is ensured that request/reply message can be turned over Translate or parse.Pass through such mode, it is possible to achieve the message of a variety of different access modes, different shape is solved Analysis, obtains operation content therein and records, realize complete database audit.For example, for Cach é databases, Ke Yishi Now to the comprehensive security audit of database, identification removes risk operations, realizes the safe and stable operation of database.
In certain embodiments, it can complete slow using step as shown in Figure 2 for the action statement exported after parsing Deposit process.As shown in Fig. 2 this method can include:
210:Judge whether action statement carries cache tag.If performing step 230, if otherwise performing step 220.
220:Caching sentence.
230:The action statement and alternate parameter are operated by sqlid.In some cases, there is the parsing of some request messages The action statement gone out is possible to a simply identification characteristics, is an incomplete sentence.Accordingly, it would be desirable to pass through this operation language The feature sqlid of sentence (sql), finds out its original action statement and performs step 500, merge with returning result, generation can The operation note read.
In embodiments of the present invention, request message and reply message are separated progress feature database identification and translation parsing operation 's.The analysis result of request message can be cached first, and be merged with corresponding reply message.
Therefore, before merging, it can first determine whether in caching with the presence or absence of operating effectively sentence.If so, then will It merges with replying the translation analysis result of message.If being not present, this analysis result can be abandoned, next report is handled Text, repeats the method shown in Fig. 1 to complete database audit.
As described above, Cach é databases can also be accessed by some application systems, such as it is public when it is applied in medical treatment Altogether during health field, it can be accessed by health care management information system (HIS systems).
Because Cach é databases employ security component, encryption has been carried out for the data that HIS systems are accessed, and HIS systems can not be decrypted.Therefore, such operation can not be parsed.It is such, then can be by HIS systems Control of authority, or isolated by setting up fire wall between each client (or department), the different numbers of distribution Ensure the security of data according to storehouse authority (medical record data of oneself section office can only be read by for example limiting each section office).Further Ground, can also provide the operation log recording of HIS systems.
Below by taking Cach é databases as an example, if developer is compiled and adjusted by its integrated Studio instrument Examination.Developer accesses database by performing M language.Recognize that some important access operations are for example called by feature database Method name, preservation action and compiling action during M language etc., can deliver to Studio tool operation statement translation units.Then, M language contents in action statement after translation parsing, determine the operation content for accessing operation, complete database audit.
For the Terminal instruments and studio instruments of Cach é geo-database integrations, user is by these instruments to data All operations that storehouse is carried out, can parse and record, realize the complete audit of database by corresponding analytical capabilities module.
The embodiment of the present invention additionally provides a kind of database audit system.As shown in figure 3, the system includes:Feature database is known Other unit 100, action statement translation unit 200, buffer unit 300, reply translation unit 400 and operation note generation unit 500。
In actual audit process, recognized first by feature database recognition unit 100 by feature database, respectively by request message Distribution is distributed into corresponding reply translation unit into corresponding action statement translation unit and by reply message.Then, The request message is parsed by action statement translation unit 200, generated after corresponding action statement, it is slow by buffer unit 300 Deposit the action statement.
On the other hand, the reply message is parsed by replying translation unit 400, generation returns to analysis result.Finally, by Operation note generation unit 500 is by action statement translation unit 200 and replys action statement and return that translation unit 400 is exported Analysis result merges, and generates operation note.The operation note ultimately generated, can be by any suitable as database audit result Storage device preserve, such as disk memory, flush memory device or other non-volatile solid state memory parts.
Alternatively, the action statement translation unit 200 and reply translation unit 400 can specifically be set according to actual conditions The interpretative function unit of multiple types is put, for example, is audited for Cach é wide area information servers, Portal instruments can be set Action statement translation unit, Studio tool operation statement translations unit, Terminal tool operation statement translation units and SQL access tools action statement translation units and Portal instruments reply translation unit, Studio instruments reply translation unit, Terminal instruments reply translation unit and SQL access tools reply translation unit.
By such mode, the data accountability system can to the various access stencils of Cach é databases, generation The message format of various forms is correctly recognized, solves the problems, such as the Cach é Method of Database Secure Audit of object-oriented, can be complete Whole audit goes out client utility:Studio, Terminal, Portal, MedTrak, Sqlmanager operation content and phase Close returning result.
Wherein, Portal instruments can be audited to SQL statement, inquire about Global, returning result, and Terminal energy instruments then can Audit to M sentences and returning result, object accesses operation is gone out and straight in original audit that external enwergy more depth is audited to sql sentences The operation of multidimensional data group access is connect, is realized for the complete audit of database.
For example, the Studio tool operations statement translation unit specifically can be used for:Obtain and access operation.Then, root The operation content for accessing operation is determined according to the M language contents for accessing operation.The access operation includes:When calling M language Method name, preservation action and compiling action.
In further embodiments, Cach é databases can be applied in medical treatment, field of public health.User is also possible to lead to HIS systems are crossed to conduct interviews to database.As a result of specific security component, carried out for the data that HIS systems are accessed Encryption, and HIS systems can not be decrypted.Therefore, to ensure to access the audit operated for part, except Fig. 3 Outside shown module 100-500, as shown in figure 4, a priority assignation unit 600 can also be included.The priority assignation unit 600 For setting corresponding database-access rights for the client of health care management information system, pass through the power to HIS systems Limit control, can ensure the security of data.Further, the priority assignation unit 600 can also pass through HIS system operatios Log recording come realize to these operation monitoring.
It should be noted that because database audit system and database audit method are conceived based on identical application, because This, the corresponding contents in embodiment of the method are equally applicable to system embodiment, are no longer described in detail herein.
Fig. 5 is the hardware architecture diagram of a kind of electronic equipment provided in an embodiment of the present invention.As shown in figure 5, the equipment Including:In one or more processors 510 and memory 520, Fig. 5 by taking a processor 510 as an example.
Processor 510 and memory 520 can be connected by bus or other modes, to be connected by bus in Fig. 5 Exemplified by.
Memory 520 is as a kind of non-volatile computer readable storage medium storing program for executing, available for storage non-volatile software journey The corresponding journey of database audit method in sequence, non-volatile computer executable program and module, such as embodiment of the present invention Sequence instruction/module is (for example, feature database recognition unit 100, action statement translation unit 200, buffer unit shown in accompanying drawing 3 300th, translation unit 400 and operation note generation unit 500 are replied).
Processor 510 is stored in non-volatile software program, instruction and module in memory 520 by operation, from And various function application and the data processing of execute server, that is, realize above method embodiment database audit method.
Memory 520 can include storing program area and storage data field, wherein, storing program area can store operation system Application program required for system, at least one function;Storage data field can be stored to be created according to using for database audit system Data built etc..In addition, memory 520 can include high-speed random access memory, nonvolatile memory can also be included, For example, at least one disk memory, flush memory device or other non-volatile solid state memory parts.In certain embodiments, Memory 520 is optional including the memory remotely located relative to processor 510, and these remote memories can be connected by network It is connected to content recommendation device.The example of above-mentioned network includes but is not limited to internet, intranet, LAN, mobile communication Net and combinations thereof.
One or more of modules are stored in the memory 520, when by one or more of processors During 510 execution, the database audit method in above-mentioned any means embodiment is performed.
The said goods can perform the method that the embodiment of the present application is provided, and possesses the corresponding functional module of execution method and has Beneficial effect.Not ins and outs of detailed description in the present embodiment, reference can be made to the method that the embodiment of the present application is provided.
Professional should further appreciate that, each example described with reference to the embodiments described herein Unit and algorithm steps, can be realized with electronic hardware, computer software or the combination of the two, hard in order to clearly demonstrate The interchangeability of part and software, generally describes the composition and step of each example according to function in the above description. These functions are performed with hardware or software mode actually, depending on the application-specific and design constraint of technical scheme. Professional and technical personnel can realize described function to each specific application using distinct methods, but this realize It is not considered that beyond scope of the present application.Described computer software can be stored in computer read/write memory medium, the journey Sequence is upon execution, it may include such as the flow of the embodiment of above-mentioned each method.Wherein, described storage medium can for magnetic disc, CD, Read-only memory or random access memory etc..
Presently filed embodiment is the foregoing is only, the scope of the claims of the application is not thereby limited, it is every to utilize this Equivalent structure or equivalent flow conversion that application specification and accompanying drawing content are made, or directly or indirectly it is used in other correlations Technical field, is similarly included in the scope of patent protection of the application.

Claims (10)

1. a kind of database audit method, it is characterised in that including:
Recognized by feature database, request message is distributed into corresponding action statement translation unit;
The request message is parsed by the action statement translation unit, action statement is generated and caches;
Recognized by feature database, message will be replied and distributed into corresponding reply translation unit;
The reply message is parsed by the reply translation unit, corresponding return analysis result is generated;
Merge the action statement and return to analysis result, generate operation note.
2. according to the method described in claim 1, it is characterised in that methods described also includes:
Judge whether to be cached with action statement;
If so, then merging the action statement and corresponding return analysis result;
If it is not, then handling next request message and replying message.
3. according to the method described in claim 1, it is characterised in that the action statement translation unit includes:Portal instruments Action statement translation unit, Studio tool operation statement translations unit, Terminal tool operation statement translation units and SQL access tools action statement translation units;
The reply translation unit includes:Portal instruments reply translation unit, Studio instruments reply translation unit, Terminal instruments reply translation unit and SQL access tools reply translation unit.
4. method according to claim 3, it is characterised in that described described by action statement translation unit parsing Request message, generates action statement and caches, specifically include:
Obtained by Studio tool operation statement translations unit and access operation;
The operation content for accessing operation is determined according to the M language contents for accessing operation;The access operation includes:Adjust Acted with method name during M language, preservation action and compiling.
5. according to the method described in claim 1, it is characterised in that methods described also includes:For health care agrment information system The client of system sets corresponding database-access rights.
6. a kind of database audit system, it is characterised in that including:
Feature database recognition unit, for being recognized by feature database, request message is distributed to corresponding action statement translation unit In and by reply message distribute to it is corresponding reply translation unit in;
Action statement translation unit, for parsing the request message, generates corresponding action statement;
Buffer unit, for caching the action statement;
Translation unit is replied, for parsing the reply message, generation returns to analysis result;
Operation note generation unit, for merging the action statement and returning to analysis result, generates operation note.
7. system according to claim 6, it is characterised in that the operation note generation unit is additionally operable to:
Judge whether to be cached with action statement;
If so, then merging the action statement and corresponding return analysis result;
If it is not, then handling next request message and replying message.
8. system according to claim 6, it is characterised in that the action statement translation unit includes:Portal instruments Action statement translation unit, Studio tool operation statement translations unit, Terminal tool operation statement translation units and SQL access tools action statement translation units;
The reply translation unit includes:Portal instruments reply translation unit, Studio instruments reply translation unit, Terminal instruments reply translation unit and SQL access tools reply translation unit.
9. system according to claim 6, it is characterised in that the Studio tool operations statement translation unit is specifically used In:
Obtain and access operation;
M language contents according to operation is accessed determine the operation content for accessing operation;The access operation includes:Call M Method name, preservation action and compiling action during language.
10. system according to claim 6, it is characterised in that the system also includes:Priority assignation unit, for for The client of health care management information system sets corresponding database-access rights.
CN201710077935.3A 2017-02-14 2017-02-14 A kind of database audit method and its system Active CN106970939B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710077935.3A CN106970939B (en) 2017-02-14 2017-02-14 A kind of database audit method and its system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710077935.3A CN106970939B (en) 2017-02-14 2017-02-14 A kind of database audit method and its system

Publications (2)

Publication Number Publication Date
CN106970939A true CN106970939A (en) 2017-07-21
CN106970939B CN106970939B (en) 2019-09-03

Family

ID=59335139

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710077935.3A Active CN106970939B (en) 2017-02-14 2017-02-14 A kind of database audit method and its system

Country Status (1)

Country Link
CN (1) CN106970939B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107479988A (en) * 2017-08-01 2017-12-15 西安交大捷普网络科技有限公司 Three layers of related auditing method based on DCOM
CN109614082A (en) * 2018-09-28 2019-04-12 阿里巴巴集团控股有限公司 A kind of interpretation method, device and equipment for data query script
CN110290098A (en) * 2018-03-19 2019-09-27 华为技术有限公司 A kind of method and device of defending against network attacks
CN111177779A (en) * 2019-12-24 2020-05-19 深圳昂楷科技有限公司 Database auditing method, device thereof, electronic equipment and computer storage medium
CN111209266A (en) * 2019-12-20 2020-05-29 深圳昂楷科技有限公司 Auditing method and device based on Redis database and electronic equipment
CN115618342A (en) * 2022-12-19 2023-01-17 深圳昂楷科技有限公司 Method, device, equipment and storage medium for identifying tool name of access database

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101853289A (en) * 2010-05-26 2010-10-06 杭州华三通信技术有限公司 Database auditing method and equipment
CN104036000A (en) * 2014-06-13 2014-09-10 赵维佺 Database audit method, device and system
CN104113598A (en) * 2014-07-21 2014-10-22 蓝盾信息安全技术有限公司 Three-layer auditing method for database
US20160292008A1 (en) * 2015-04-03 2016-10-06 Oracle International Corporation System and method for using an in-memory data grid to improve performance of a process defined by a process execution language in a soa middleware environment
CN106060149A (en) * 2016-06-24 2016-10-26 北京交通大学 Mobile internet mass data analysis and audit technical architecture

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101853289A (en) * 2010-05-26 2010-10-06 杭州华三通信技术有限公司 Database auditing method and equipment
CN104036000A (en) * 2014-06-13 2014-09-10 赵维佺 Database audit method, device and system
CN104113598A (en) * 2014-07-21 2014-10-22 蓝盾信息安全技术有限公司 Three-layer auditing method for database
US20160292008A1 (en) * 2015-04-03 2016-10-06 Oracle International Corporation System and method for using an in-memory data grid to improve performance of a process defined by a process execution language in a soa middleware environment
CN106060149A (en) * 2016-06-24 2016-10-26 北京交通大学 Mobile internet mass data analysis and audit technical architecture

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107479988A (en) * 2017-08-01 2017-12-15 西安交大捷普网络科技有限公司 Three layers of related auditing method based on DCOM
CN110290098A (en) * 2018-03-19 2019-09-27 华为技术有限公司 A kind of method and device of defending against network attacks
US11570212B2 (en) 2018-03-19 2023-01-31 Huawei Technologies Co., Ltd. Method and apparatus for defending against network attack
CN109614082A (en) * 2018-09-28 2019-04-12 阿里巴巴集团控股有限公司 A kind of interpretation method, device and equipment for data query script
CN109614082B (en) * 2018-09-28 2022-03-04 创新先进技术有限公司 Translation method, device and equipment for data query script
CN111209266A (en) * 2019-12-20 2020-05-29 深圳昂楷科技有限公司 Auditing method and device based on Redis database and electronic equipment
CN111177779A (en) * 2019-12-24 2020-05-19 深圳昂楷科技有限公司 Database auditing method, device thereof, electronic equipment and computer storage medium
CN115618342A (en) * 2022-12-19 2023-01-17 深圳昂楷科技有限公司 Method, device, equipment and storage medium for identifying tool name of access database

Also Published As

Publication number Publication date
CN106970939B (en) 2019-09-03

Similar Documents

Publication Publication Date Title
CN106970939B (en) A kind of database audit method and its system
Zheng et al. Xblock-eth: Extracting and exploring blockchain data from ethereum
Munk et al. Data preprocessing evaluation for web log mining: reconstruction of activities of a web visitor
US8285698B2 (en) Securing search queries
CN109086413A (en) For searching for the method, equipment and readable storage medium storing program for executing of block chain data
US20220138271A1 (en) Method, Device and Computer Program for Collecting Data From Multi-Domain
Pareek et al. Real-time ETL in Striim
Srivastava et al. Fraud detection in the distributed graph database
CN107704369A (en) A kind of recording method of Operation Log, electronic equipment, storage medium, system
CN110008197A (en) A kind of data processing method, system and electronic equipment and storage medium
CN110825641B (en) Micro-service application test system based on simulation data generator
Veiga et al. Analysis and evaluation of MapReduce solutions on an HPC cluster
Khan Graph analysis of the ethereum blockchain data: A survey of datasets, methods, and future work
Accorsi et al. Towards forensic data flow analysis of business process logs
US20060259459A1 (en) Verification of cross domain data system query results
Sun et al. Expert system for automatic microservices identification using API similarity graph
Zheng et al. On-chain and off-chain blockchain data collection
KR20200066428A (en) A unit and method for processing rule based action
CN110457934A (en) A kind of high emulation data desensitization algorithm based on hash algorithm
Punn et al. Testing big data application
Rani et al. Social data provenance framework based on zero-information loss graph database
Hadzic et al. Alternative approach to tree-structured web log representation and mining
Gu et al. Fingerprinting network entities based on traffic analysis in high-speed network environment
Raiyani et al. Enhance preprocessing technique Distinct user identification using web log usage data
Deng et al. An efficient policy evaluation engine with locomotive algorithm

Legal Events

Date Code Title Description
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant