CN106970939B - A kind of database audit method and its system - Google Patents

A kind of database audit method and its system Download PDF

Info

Publication number
CN106970939B
CN106970939B CN201710077935.3A CN201710077935A CN106970939B CN 106970939 B CN106970939 B CN 106970939B CN 201710077935 A CN201710077935 A CN 201710077935A CN 106970939 B CN106970939 B CN 106970939B
Authority
CN
China
Prior art keywords
translation unit
reply
action statement
access
message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710077935.3A
Other languages
Chinese (zh)
Other versions
CN106970939A (en
Inventor
刘华春
罗川
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
SHENZHEN ANTECH TECHNOLOGY CO LTD
Original Assignee
SHENZHEN ANTECH TECHNOLOGY CO LTD
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by SHENZHEN ANTECH TECHNOLOGY CO LTD filed Critical SHENZHEN ANTECH TECHNOLOGY CO LTD
Priority to CN201710077935.3A priority Critical patent/CN106970939B/en
Publication of CN106970939A publication Critical patent/CN106970939A/en
Application granted granted Critical
Publication of CN106970939B publication Critical patent/CN106970939B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/242Query formulation
    • G06F16/2433Query languages
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2452Query translation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2452Query translation
    • G06F16/24524Access plan code generation and invalidation; Reuse of access plans
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/28Databases characterised by their database models, e.g. relational or object models

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computational Linguistics (AREA)
  • Mathematical Physics (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The embodiment of the present invention provides a kind of database audit method and its auditing system.Wherein, which comprises identified by feature database, request message is distributed into corresponding action statement translation unit;The request message is parsed by the action statement translation unit, generate action statement and is cached;It is identified by feature database, message will be replied and distributed into corresponding reply translation unit;The reply message is parsed by the reply translation unit, generates corresponding return parsing result;Merge the action statement and return to parsing result, generates operation note.The parsing with different resolution units otherwise is known by feature database, it can be realized the depth audit of SQL statement, object accesses and multidimensional data group access, the operation content and correlation for recording different clients ending tool return the result, and guarantee the safe and stable operation of database.

Description

A kind of database audit method and its system
Technical field
The present invention relates to database audit technical fields, more particularly to a kind of database audit method and its system.
Background technique
With network technology, the development of storage equipment and technology, people read the high efficiency read-write of mass data, high concurrent It writes, the high scalability of data and availability, transaction consistency, read-write real-time, complexity SQL, especially multilist correlation inquiry etc. Demand increasingly increase.
In relevant database, lead to poor performance main the reason is that multilist correlation inquiry, and it is complicated The complicated SQL report query of data analysis type.In order to guarantee the ACID characteristic of database, the model required as far as possible according to it is needed Formula is designed, and the table in relevant database is all the data structure for storing a formatting.
The composition of each tuple field is just as, even if not being that each tuple requires all fields, but database All fields can be distributed for each tuple, such structure can be in order to carry out linking etc. operation, but from another between poster table It is also a factor of relevant database performance bottleneck for one angle.
Based on the above reasons, there is non-relational database, such as mainstream product therein: Cach é database (product of Intersystems company, the U.S.).Cach é is mainly used in medical treatment, financial service, government and other many necks Domain provides data management, strategic interoperability and analysis platform technology.As non-relational database, the appearance of Cach é Although a series of problems existing for very good solution relevant database, it brings database audit work huge Challenge.It is either domestic or external for the research and application of the security audit technology of Cach é database, all in compared with For the state of blank.
During realizing the application, inventor has found that the relevant technologies have the following problems: usually to the audit of database The operation content for database is mainly extracted by good application Packet analyzing.In traditional Relational DataBase, operation It is all to meet by ANSI and International Organization for standardization (International Standards Organization, ISO) conduct The SQL standard of 9075 standard care of ISO/IEC.Therefore, tradition can be parsed by the agreement defined inside " SQL standard " SQL statement.
But for non-relational databases such as Cach é databases, and " SQL standard " is not complied with, therefore uses tradition Protocol analysis can not carry out complete security audit to Cach é database, can not identify the wind to Cach é database Danger operation.
Summary of the invention
The present invention provides a kind of database audit method and its system, it is intended to which solving available data auditing method can not be to non- Relational data carries out the problem of complete security audit.
On the one hand the embodiment of the present invention provides a kind of database audit method.This method comprises:
It is identified by feature database, request message is distributed into corresponding action statement translation unit;
The request message is parsed by the action statement translation unit, generate action statement and is cached;
It is identified by feature database, message will be replied and distributed into corresponding reply translation unit;
The reply message is parsed by the reply translation unit, generates corresponding return parsing result;
Merge the action statement and return to parsing result, generates operation note.
Optionally, the method also includes: judge whether to be cached with action statement;If so, merging the action statement And corresponding return parsing result;If it is not, then handling next request message and replying message.
Optionally, the action statement translation unit includes: Portal tool operation statement translation unit, Studio tool Action statement translation unit, Terminal tool operation statement translation unit and SQL access tools action statement translation unit;
The reply translation unit include: Portal tool reply translation unit, Studio tool reply translation unit, Terminal tool replys translation unit and SQL access tools reply translation unit.
Optionally, described that the request message is parsed by the action statement translation unit, it generates action statement and delays It deposits, specifically includes:
Access operation is obtained by Studio tool operation statement translation unit;
The operation content of the access operation is determined according to the M language content of the access operation;The access operation packet It includes: calling method name, preservation movement and the compiling movement when M language.
Optionally, the method also includes: for the client of health care management information system, corresponding database is set Access authority.
On the other hand the embodiment of the present invention provides a kind of database audit system.The auditing system includes: that feature database is known Request message is distributed into corresponding action statement translation unit and will be replied for being identified by feature database by other unit Message is distributed into corresponding reply translation unit;Action statement translation unit is generated and is corresponded to for parsing the request message Action statement;Cache unit, for caching the action statement;Translation unit is replied, it is raw for parsing the reply message At return parsing result;And operation note generation unit generates behaviour for merging the action statement and returning to parsing result It notes down.
Optionally, the operation note generation unit is also used to: judging whether to be cached with action statement;If so, merging The action statement and corresponding return parsing result;If it is not, then handling next request message and replying message.
Optionally, the action statement translation unit includes: Portal tool operation statement translation unit, Studio tool Action statement translation unit, Terminal tool operation statement translation unit and SQL access tools action statement translation unit;
The reply translation unit include: Portal tool reply translation unit, Studio tool reply translation unit, Terminal tool replys translation unit and SQL access tools reply translation unit.
Optionally, the Studio tool operation statement translation unit is specifically used for: obtaining access operation;It is grasped according to access The M language content of work determines the operation content of the access operation;The access operation include: call M language when method name, Preservation movement and compiling movement.
Optionally, the system also includes priority assignation units, for the client for health care management information system Corresponding database-access rights are set.
The database audit method and its system of the embodiment of the present invention are known otherwise by feature database, can be to various Access stencil, form message format identified after, parsed by corresponding resolution unit, can be realized SQL statement, Object accesses and the audit of the depth of multidimensional data group access, the operation content and correlation for recording different clients ending tool return to knot Fruit guarantees the safe and stable operation of database.
Detailed description of the invention
Technical solution in ord to more clearly illustrate embodiments of the present application will make below to required in the embodiment of the present application Attached drawing is briefly described.It should be evident that drawings described below is only some embodiments of the present application, for For those of ordinary skill in the art, without creative efforts, it can also be obtained according to these attached drawings other Attached drawing.
Fig. 1 is the method flow diagram of database audit method provided in an embodiment of the present invention;
Fig. 2 is the method flow diagram of caching sentence provided in an embodiment of the present invention;
Fig. 3 is the functional block diagram of database audit system provided in an embodiment of the present invention;
Fig. 4 be another embodiment of the present invention provides database audit system functional block diagram;
Fig. 5 is the hardware structural diagram of electronic equipment provided in an embodiment of the present invention.
Specific embodiment
It is with reference to the accompanying drawings and embodiments, right in order to which the objects, technical solutions and advantages of the application are more clearly understood The application is further elaborated.It should be appreciated that specific embodiment described herein is only to explain the application, not For limiting the application.
In Cach é database, data are stored in each Global.One Global is the multidimensional number of a name Group is stored in the physical data files of Cach é.Wherein, the storage cell of physical data files is data block Block (general It is 8K).Cach é database controls these data blocks using the structure of a similar downtree.
In the database, the subscript and data of Global is stored in sequence in together in one block.Therefore, Cach é database provides three kinds of modes to access data, is sql sentence, object accesses database, n-dimension access number respectively According to array.Existing auditing system usually only provides the audit of sql access mode, without supporting such as object accesses database And the mode of n-dimension access array of data.
Fig. 1 is database audit method provided in an embodiment of the present invention.During regular job, user can pass through Various client utilities, application system or the third party's tool of Cach é geo-database integration pass through the logarithms such as ODBC connection type It accesses operation according to library.These access operations indicate (i.e. specific data cell) with PDU group packet.
This method comprises the following steps:
100: being identified by feature database, request message is distributed into corresponding action statement translation unit.
The data (PDU group packet) in database access process can be analyzed first, determine that it belongs to request message Or message is replied, to carry out corresponding feature database identification process.Feature database identification is a kind of common monitoring identification method, By the feature for including in some default rules and feature database, request/reply message is matched or identified, judges it Whether a certain specific classification (such as whether have the characteristics that specific " fingerprint ", Feature Words or flow) is belonged to.
In some embodiments, the strategy that feature database identification can specifically be combined using DFI, DPI or both.Its In, DPI (deep packet inspection) can be referred to as " deep packet " detection, by increasing the application for message Layer analysis, accurately to identify and detect application therein and content, the functions such as finishing service identification, control or statistics.DFI (deep flow inspection) is a kind of recognition strategy based on traffic behavior, is embodied in meeting based on different application type The principle that state in words connection or data flow is had nothing in common with each other establishes characteristic model by the traffic behavior feature of different messages To identify application type.
DFI and DPI has respective advantage and deficiency, can be by the way that both the above is used in combination in feature database identification Recognition strategy is obtained for request/accurate classification recognition result of reply message, and distribution is solved into corresponding functional unit Analysis.
Action statement translation unit can be any suitable, be combined by corresponding software, hardware or hardware and software real Existing, execute the functional module of packet parsing function.In embodiments of the present invention, due to non-relational database, such as Cach é For database there are the diversity of access mode, form, access stencil of message format etc. are many kinds of.Therefore, it is necessary to according to spy The recognition result for levying library, be included into different action statement translation units parsed, translating operation, and be not available unified Parsing translation unit (the parsing translation unit for such as meeting SQL statement parsing standard).
In embodiments of the present invention, according to the access mode of Cach é database, Portal tool behaviour specifically can be set Make statement translation unit, Studio tool operation statement translation unit, Terminal tool operation statement translation unit and SQL This four different types of action statement translation units of access tools action statement translation unit.
Wherein, Terminal tool is Cach é geo-database integration, can be directly connected to the tool of database, use Be telent agreement mode, remote login service may be implemented.Studio tool is Cach é geo-database integration, is used for The tool for compiling and debugging for developer directly accesses database by executing M language.Portal tool is then Another developing instrument of Cach é geo-database integration.It carries out operation and maintenance, energy to database using form web page Enough database, the data that can also be directly viewable on each global node are accessed using common SQL statement.
In embodiments of the present invention, it can be recorded, be made by all operations of Terminal tool and Portal tool With Studio tool to some access operations of database, for example, the method name, preservation movement and compiling when calling M language are dynamic Make, can also be recorded.
200: the request message being parsed by the action statement translation unit, action statement is generated and caches.
After action statement translation unit is parsed, the action statement of acquisition or an incomplete operation note, Also need the corresponding reply data in merging data library.Therefore, can be with caching sentence, replying, packet parsing completion is laggard Row union operation.
300: being identified by feature database, the reply message in data packet is distributed into corresponding reply translation unit.
Analogously with step 100, it can use corresponding, pre-set feature database, carry out feature to message is replied Library identification operation, determines after replying the specific application type of message, will reply message and distributes to corresponding reply translation unit The middle parsing for carrying out message and translating operation.
400: the reply message being parsed by the reply translation unit, generates corresponding return parsing result.It is described It is corresponding with message is replied to return to parsing result, usually may include operation of the database root according to request message, the data of return Content or the status information of return etc..
In embodiments of the present invention, with aforesaid operations statement translation unit correspondingly, reply translation unit also can wrap Include: Portal tool reply translation unit, Studio tool reply translation unit, Terminal tool reply translation unit and SQL access tools reply translation unit, are parsed respectively to the reply message of corresponding types, translating operation.
500: merging the action statement and return to parsing result, generate operation note.It is reported to request message and reply After text is all parsed, the parsing result of request message and reply message can be merged into a complete operation note, with Complete the task of database audit.And the complete operation record finally obtained can carry out saving or carrying out it Subsequent data processing operation.
Above-mentioned database audit method is provided with the characteristics of access for non-relational database there is non-SQL statement Audit of a variety of different types of translation units in a manner of realizing for different access, generates corresponding operation note.Further , data message is identified and is classified first otherwise using feature database knowledge, it is ensured that request/reply message can be turned over It translates or parses.In this way, it may be implemented to solve the message of a variety of different access modes, different shape Analysis, obtains operation content therein and records, realize complete database audit.For example, for Cach é database, Ke Yishi Now to the comprehensive security audit of database, identification removes risk operations, realizes the safe and stable operation of database.
In some embodiments, the action statement exported after parsing can be completed using step as shown in Figure 2 slow Deposit process.As shown in Fig. 2, this method may include:
210: judging whether action statement has cache tag.If executing step 230,220 are thened follow the steps if not.
220: caching sentence.
230: the action statement and alternate parameter are operated by sqlid.In some cases, some request messages parse Action statement out is possible to an only identification characteristics, is an incomplete sentence.Therefore, it is necessary to operate language by this The feature sqlid of sentence (sql), finds out its original action statement and executes step 500, merge with returning the result, generation can The operation note read.
In embodiments of the present invention, request message and reply message are to separate to carry out feature database identification and translate parsing to operate 's.The parsing result of request message can be cached first, and be merged with corresponding reply message.
Therefore, it before merging, can first determine whether in caching with the presence or absence of efficient operation sentence.If so, will It merges with the translation parsing result for replying message.If it does not exist, then this parsing result can be abandoned, next report is handled Text repeats method shown in FIG. 1 to complete database audit.
As described above, Cach é database can also be accessed by some application systems, such as when it is applied in medical treatment, public affairs Altogether when health field, it can be accessed by health care management information system (HIS system).
Since Cach é database uses security component, encryption has been carried out for the data of HIS system access, and HIS system can not be decrypted.Therefore, such operation can not be parsed.It is such, then it can be by HIS system Permission control, either by between each client (or department) set up firewall be isolated, distribute different numbers Guarantee the safety (such as limit each department can only read the medical record data of oneself department) of data according to library permission.Further Ground can also provide the operation log recording of HIS system.
Below by taking Cach é database as an example, if developer is compiled and is adjusted by its integrated Studio tool Examination.Developer accesses database by executing M language.It is identified, some important access operations, such as called by feature database Method name, preservation movement and compiling movement when M language etc., can send to Studio tool operation statement translation unit.Then, M language content in action statement after translation parsing, determines the operation content of the access operation, completes database audit.
For the Terminal tool and studio tool of Cach é geo-database integration, user is by these tools to data All operations that library carries out, can parse and record, realize the complete audit of database by corresponding parsing functional module.
The embodiment of the invention also provides a kind of database audit systems.As shown in figure 3, the system includes: that feature database is known Other unit 100, cache unit 300, replys translation unit 400 and operation note generation unit at action statement translation unit 200 500。
In practical audit process, identified first by feature database recognition unit 100 by feature database, respectively by request message Distribution is distributed into corresponding action statement translation unit and by message is replied into corresponding reply translation unit.Then, The request message is parsed by action statement translation unit 200, it is slow by cache unit 300 after generating corresponding action statement Deposit the action statement.
On the other hand, the reply message is parsed by replying translation unit 400, generates and returns to parsing result.Finally, by The action statement and return that operation note generation unit 500 exports action statement translation unit 200 and reply translation unit 400 Parsing result merges, and generates operation note.The operation note ultimately generated is as database audit as a result, can be by any suitable Storage equipment save, such as disk memory, flush memory device or other non-volatile solid state memory parts.
Optionally, the action statement translation unit 200 and reply translation unit 400 can specifically be set according to the actual situation The interpretative function unit of multiple types is set, such as is audited for Cach é wide area information server, Portal tool can be set Action statement translation unit, Studio tool operation statement translation unit, Terminal tool operation statement translation unit and SQL access tools action statement translation unit and Portal tool reply translation unit, Studio tool replys translation unit, Terminal tool replys translation unit and SQL access tools reply translation unit.
In this way, the data accountability system can to the various access stencils of Cach é database, generation The message format of various forms is correctly identified solve the problems, such as the Cach é Method of Database Secure Audit of object-oriented, can be complete Whole audit goes out client utility: the operation content and phase of Studio, Terminal, Portal, MedTrak, Sqlmanager Pass returns the result.
Wherein, Portal tool can be audited to SQL statement, inquiry Global, be returned the result, and Terminal energy tool then can It audits to M sentence and returning the result, goes out object accesses operation and straight in the audit of original pair of sql sentence audit external enwergy more depth The operation of multidimensional data group access is connect, realization completely audits for database.
For example, the Studio tool operation statement translation unit specifically can be used for: obtaining access operation.Then, root The operation content of the access operation is determined according to the M language content of access operation.The access operation includes: when calling M language Method name, preservation movement and compiling movement.
In further embodiments, Cach é database can be applied in medical treatment, field of public health.User is also possible to lead to HIS system is crossed to access to database.Due to using specific security component, the data of HIS system access are carried out Encryption, and HIS system can not be decrypted.Therefore, to guarantee the audit for part access operation, Fig. 3 is removed Shown in outside module 100-500, as shown in figure 4, can also include a priority assignation unit 600.The priority assignation unit 600 For corresponding database-access rights to be arranged for the client of health care management information system, pass through the power to HIS system Limit control, can ensure the safety of data.Further, the priority assignation unit 600 can also pass through HIS system operatio Log recording come realize to these operation monitoring.
It should be noted that since database audit system and database audit method are based on identical application design, because This, the corresponding contents in embodiment of the method are equally applicable to system embodiment, and and will not be described here in detail.
Fig. 5 is the hardware structural diagram of a kind of electronic equipment provided in an embodiment of the present invention.As shown in figure 5, the equipment It include: one or more processors 510 and memory 520, in Fig. 5 by taking a processor 510 as an example.
Processor 510 can be connected with memory 520 by bus or other modes, to be connected by bus in Fig. 5 For.
Memory 520 is used as a kind of non-volatile computer readable storage medium storing program for executing, can be used for storing non-volatile software journey Sequence, non-volatile computer executable program and module, such as the corresponding journey of database audit method in the embodiment of the present invention Sequence instruction/module is (for example, attached feature database recognition unit 100 shown in Fig. 3, action statement translation unit 200, cache unit 300, translation unit 400 and operation note generation unit 500 are replied).
Non-volatile software program, instruction and the module that processor 510 is stored in memory 520 by operation, from And the various function application and data processing of execute server, i.e. realization above method embodiment database audit method.
Memory 520 may include storing program area and storage data area, wherein storing program area can store operation system Application program required for system, at least one function;Storage data area can be stored is created according to using for database audit system The data etc. built.In addition, memory 520 may include high-speed random access memory, it can also include nonvolatile memory, A for example, at least disk memory, flush memory device or other non-volatile solid state memory parts.In some embodiments, Optional memory 520 includes the memory remotely located relative to processor 510, these remote memories can be connected by network It is connected to content recommendation device.The example of above-mentioned network includes but is not limited to internet, intranet, local area network, mobile communication Net and combinations thereof.
One or more of modules are stored in the memory 520, when by one or more of processors When 510 execution, the database audit method in above-mentioned any means embodiment is executed.
Method provided by the embodiment of the present application can be performed in the said goods, has the corresponding functional module of execution method and has Beneficial effect.The not technical detail of detailed description in the present embodiment, reference can be made to method provided by the embodiment of the present application.
Professional should further appreciate that, described in conjunction with the examples disclosed in the embodiments of the present disclosure Unit and algorithm steps, can be realized with electronic hardware, computer software, or a combination of the two, hard in order to clearly demonstrate The interchangeability of part and software generally describes each exemplary composition and step according to function in the above description. These functions are implemented in hardware or software actually, the specific application and design constraint depending on technical solution. Professional technician can use different methods to achieve the described function each specific application, but this realization It is not considered that exceeding scope of the present application.The computer software can be stored in computer-readable storage medium, the journey Sequence is when being executed, it may include such as the process of the embodiment of above-mentioned each method.Wherein, the storage medium can for magnetic disk, CD, Read-only memory or random access memory etc..
The foregoing is merely presently filed embodiments, are not intended to limit the scope of the patents of the application, all to utilize this Equivalent structure or equivalent flow shift made by application specification and accompanying drawing content, it is relevant to be applied directly or indirectly in other Technical field similarly includes in the scope of patent protection of the application.

Claims (10)

1. a kind of database audit method characterized by comprising
It is identified by feature database, request message is distributed into corresponding action statement translation unit;
The request message is parsed by the action statement translation unit, generate action statement and is cached;
It is identified by feature database, message will be replied and distributed into corresponding reply translation unit;
The reply message is parsed by the reply translation unit, generates corresponding return parsing result;
Merge the action statement and return to parsing result, generates operation note;
Wherein, feature of the feature database identification for including by preset rules and feature database, determines the type of access data For the request message or the reply message;Or the feature database identification is for determining access by deep packet inspection technical The type of data is the request message or the reply message;Or the feature database identification is for detecting skill by deep stream Art determines that the type of access data is the request message or the reply message;Or the feature database identification is for passing through depth Packet inspection technical and deep stream detection technique are spent, determines that the type of access data is the request message or the reply message.
2. the method according to claim 1, wherein the method also includes:
Judge whether to be cached with action statement;
If so, merging the action statement and corresponding return parsing result;
If it is not, then handling next request message and replying message.
3. the method according to claim 1, wherein the action statement translation unit includes: Portal tool Action statement translation unit, Studio tool operation statement translation unit, Terminal tool operation statement translation unit and SQL access tools action statement translation unit;
The reply translation unit include: Portal tool reply translation unit, Studio tool reply translation unit, Terminal tool replys translation unit and SQL access tools reply translation unit.
4. according to the method described in claim 3, it is characterized in that, described by described in action statement translation unit parsing Request message generates action statement and caches, specifically includes:
Access operation is obtained by Studio tool operation statement translation unit;
The operation content of the access operation is determined according to the M language content of the access operation;The access operation includes: to adjust Method name, preservation movement and compiling movement when with M language.
5. the method according to claim 1, wherein the method also includes: for health care agrment information system Corresponding database-access rights are arranged in the client of system.
6. a kind of database audit system characterized by comprising
Feature database recognition unit distributes request message to corresponding action statement translation unit for being identified by feature database In and by reply message distribute into corresponding reply translation unit;
Action statement translation unit generates corresponding action statement for parsing the request message;
Cache unit, for caching the action statement;
Translation unit is replied, for parsing the reply message, generates and returns to parsing result;
Operation note generation unit generates operation note for merging the action statement and returning to parsing result;
Wherein, feature of the feature database identification for including by preset rules and feature database, determines the type of access data For the request message or the reply message;Or the feature database identification is for determining access by deep packet inspection technical The type of data is the request message or the reply message;Or the feature database identification is for detecting skill by deep stream Art determines that the type of access data is the request message or the reply message;Or the feature database identification is for passing through depth Packet inspection technical and deep stream detection technique are spent, determines that the type of access data is the request message or the reply message.
7. system according to claim 6, which is characterized in that the operation note generation unit is also used to:
Judge whether to be cached with action statement;
If so, merging the action statement and corresponding return parsing result;
If it is not, then handling next request message and replying message.
8. system according to claim 6, which is characterized in that the action statement translation unit includes: Portal tool Action statement translation unit, Studio tool operation statement translation unit, Terminal tool operation statement translation unit and SQL access tools action statement translation unit;
The reply translation unit include: Portal tool reply translation unit, Studio tool reply translation unit, Terminal tool replys translation unit and SQL access tools reply translation unit.
9. system according to claim 8, which is characterized in that the Studio tool operation statement translation unit is specifically used In:
Obtain access operation;
The operation content of the access operation is determined according to the M language content of access operation;The access operation includes: to call M Method name, preservation movement and compiling movement when language.
10. system according to claim 6, which is characterized in that the system also includes priority assignation unit, for for Corresponding database-access rights are arranged in the client of health care management information system.
CN201710077935.3A 2017-02-14 2017-02-14 A kind of database audit method and its system Active CN106970939B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710077935.3A CN106970939B (en) 2017-02-14 2017-02-14 A kind of database audit method and its system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710077935.3A CN106970939B (en) 2017-02-14 2017-02-14 A kind of database audit method and its system

Publications (2)

Publication Number Publication Date
CN106970939A CN106970939A (en) 2017-07-21
CN106970939B true CN106970939B (en) 2019-09-03

Family

ID=59335139

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710077935.3A Active CN106970939B (en) 2017-02-14 2017-02-14 A kind of database audit method and its system

Country Status (1)

Country Link
CN (1) CN106970939B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107479988A (en) * 2017-08-01 2017-12-15 西安交大捷普网络科技有限公司 Three layers of related auditing method based on DCOM
CN110290098B (en) * 2018-03-19 2020-12-25 华为技术有限公司 Method and device for defending network attack
CN109614082B (en) * 2018-09-28 2022-03-04 创新先进技术有限公司 Translation method, device and equipment for data query script
CN111209266B (en) * 2019-12-20 2024-05-24 深圳昂楷科技有限公司 Audit method and device based on Redis database and electronic equipment
CN111177779B (en) * 2019-12-24 2023-04-25 深圳昂楷科技有限公司 Database auditing method, device, electronic equipment and computer storage medium
CN115618342B (en) * 2022-12-19 2023-03-28 深圳昂楷科技有限公司 Method, device, equipment and storage medium for identifying tool name of access database

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101853289A (en) * 2010-05-26 2010-10-06 杭州华三通信技术有限公司 Database auditing method and equipment
CN104036000A (en) * 2014-06-13 2014-09-10 赵维佺 Database audit method, device and system
CN104113598A (en) * 2014-07-21 2014-10-22 蓝盾信息安全技术有限公司 Three-layer auditing method for database
CN106060149A (en) * 2016-06-24 2016-10-26 北京交通大学 Mobile internet mass data analysis and audit technical architecture

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10489203B2 (en) * 2015-04-03 2019-11-26 Oracle International Corporation System and method for using an in-memory data grid to improve performance of a process defined by a process execution language in a SOA middleware environment

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101853289A (en) * 2010-05-26 2010-10-06 杭州华三通信技术有限公司 Database auditing method and equipment
CN104036000A (en) * 2014-06-13 2014-09-10 赵维佺 Database audit method, device and system
CN104113598A (en) * 2014-07-21 2014-10-22 蓝盾信息安全技术有限公司 Three-layer auditing method for database
CN106060149A (en) * 2016-06-24 2016-10-26 北京交通大学 Mobile internet mass data analysis and audit technical architecture

Also Published As

Publication number Publication date
CN106970939A (en) 2017-07-21

Similar Documents

Publication Publication Date Title
CN106970939B (en) A kind of database audit method and its system
Zheng et al. Xblock-eth: Extracting and exploring blockchain data from ethereum
US8589343B2 (en) Systems and methods for digital file change monitoring
CN103582868B (en) Operator state checkpoints
WO2015039046A1 (en) Data flow exploration
CN107222472A (en) A kind of user behavior method for detecting abnormality under Hadoop clusters
US20080065616A1 (en) Metadata integration tool, systems and methods for managing enterprise metadata for the runtime environment
Gao et al. Toward continuous pattern detection over evolving large graph with snapshot isolation
CN106528391A (en) Recording method of operating log by management platform on SSR
Pareek et al. Real-time ETL in Striim
CN107704369A (en) A kind of recording method of Operation Log, electronic equipment, storage medium, system
Liang et al. Financial big data analysis and early warning platform: a case study
Accorsi et al. Towards forensic data flow analysis of business process logs
CN108133143A (en) A kind of data leakage prevention method and system of facing cloud desktop application environment
Ashrafi et al. A data mining architecture for distributed environments
Sheikh et al. Provenance inference techniques: Taxonomy, comparative analysis and design challenges
CN112910974B (en) System and method based on block chain system architecture
TW201947492A (en) System and method for operational data convergence
Punn et al. Testing big data application
Roschke et al. An alert correlation platform for memory‐supported techniques
Leida et al. Dynamic access control to semantics-aware streamed process logs
Cervesato et al. A comparison between strand spaces and multiset rewriting for security protocol analysis
Cheah Quality, retrieval and analysis of provenance in large-scale data
Estupiñán Analysis of Modern Blockchain Networks Using Graph Databases
Xuewei et al. Research on the key technology of reconstructing attack scenario based on state machine

Legal Events

Date Code Title Description
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant