CN109408499B - Auditing method and system for matching database access users - Google Patents
Auditing method and system for matching database access users Download PDFInfo
- Publication number
- CN109408499B CN109408499B CN201811229213.6A CN201811229213A CN109408499B CN 109408499 B CN109408499 B CN 109408499B CN 201811229213 A CN201811229213 A CN 201811229213A CN 109408499 B CN109408499 B CN 109408499B
- Authority
- CN
- China
- Prior art keywords
- keyword
- user
- web server
- database
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/12—Accounting
Landscapes
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Finance (AREA)
- Engineering & Computer Science (AREA)
- Development Economics (AREA)
- Economics (AREA)
- Marketing (AREA)
- Strategic Management (AREA)
- Technology Law (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention provides an auditing method for matching database access users, which comprises the following steps: registering uri used by a web server user in login, and acquiring a user name; registering a session name of a web server, and acquiring http data of all web operations corresponding to a user according to a session ID of the user; acquiring first keywords from http data of all operations corresponding to a user; filtering out first keywords with the occurrence frequency exceeding a preset value to obtain second keywords, and correspondingly storing the second keywords and the corresponding session ID; acquiring the operation of a web server on a database, and analyzing and extracting a third key word from the corresponding SQL; and matching the second keyword with the third keyword, and correspondingly storing the user name corresponding to the second keyword which is matched with the user name corresponding to the third keyword in a consistent manner with the SQL sentence corresponding to the third keyword. The invention also provides an auditing system for matching the database access users, which establishes the incidence relation between the user access behavior at the front end and the database change at the back end, and has high accuracy and efficiency.
Description
Technical Field
The invention relates to the field of database auditing, in particular to an auditing method and system for matching database access users.
Background
At present, a database security audit system is mainly used for monitoring and recording various operation behaviors on a database server, intelligently analyzing various operations on the database server in real time through analysis of network data, and recording in an audit database so as to perform query, analysis and filtering in the future, thereby realizing monitoring and auditing of user operations of a target database system.
In a common information network, a database is operated by a user in various ways, including: the method comprises the steps of accessing through a standard database client, connecting a database through a program, logging in the database through Telnet, SSH and other modes to perform nested operation, indirectly operating the database through accessing a service system website and the like. The access of the business system website to the database is currently most widely applied and is also a source of a large amount of database operations.
In the traditional database audit, only the user account number for accessing the database or the user account number of the web server can be audited, the business system website accesses the database, the user accesses the web server by adopting different accounts, but the operation of the web server on the database is carried out through a certain built-in fixed database account number, if the operation of the web server on the database is audited only, the operation of the database cannot be corresponding to a specific web user, and the operation of the web server by auditing the web user alone cannot know the change of the database brought by the operation. In the prior art, the processing of the correlation audit usually needs to adopt fuzzy matching for many times, so that the problems of low efficiency and low accuracy exist.
Disclosure of Invention
One of the technical problems to be solved by the present invention is to provide an auditing method for matching database access users, so as to implement association between the most extensive business system in auditing applications and application users accessing databases, expand the application range of auditing, and simultaneously improve the accuracy and efficiency of association between business data and database operating languages.
One of the technical problems to be solved by the invention is realized as follows: an auditing method for matching database access users comprises the following steps:
step 10, registering uri used by a web server user for logging in, and acquiring a user name used for logging in the web server;
step 20, registering the session name of the web server, and acquiring http data of all web operations corresponding to the user according to the session ID uniquely distributed when the user logs in;
step 30, obtaining a first keyword from http data of all operations corresponding to a user, wherein the first keyword is each character string obtained by parsing uri in the http data;
step 40, filtering the first keywords with the occurrence frequency exceeding a preset value to obtain second keywords, and correspondingly storing the second keywords and the corresponding session ID;
step 50, acquiring the operation of the web server on the database, analyzing and extracting a third keyword from the corresponding SQL, wherein the third keyword is data corresponding to the database operation and comprises data which is added, deleted, modified and checked in SQL sentences;
and step 60, matching the second keyword with the third keyword, correspondingly storing the user name corresponding to the second keyword with the consistent matching result and the SQL statement corresponding to the third keyword, and establishing an incidence relation between the user access behavior at the front end and the database change at the rear end for subsequent data audit analysis.
Further, the preset value in step 40 is adjusted according to different websites.
Further, the step 60 of correspondingly storing the user name corresponding to the successfully matched second keyword and the SQL statement corresponding to the third keyword specifically includes: and firstly, the session ID corresponding to the second keyword corresponds to the SQL sentence corresponding to the third keyword, and then the user name corresponding to the session ID corresponding to the second keyword corresponds to the SQL sentence corresponding to the third keyword for storage.
Furthermore, the data transmitted between the web server and the user is acquired by capturing packets through the connection port of the web server and the browser.
Furthermore, the data transmitted between the web server and the database is obtained by capturing packets through the connection ports of the web server and the database server.
The second technical problem to be solved by the invention is to provide an auditing system matched with database access users, so that the most extensive business system in auditing application is associated with the application users accessed by the database, the application range of auditing is expanded, and the accuracy and the efficiency of association of business data and database operation languages are improved.
The second technical problem to be solved by the invention is realized as follows: an auditing system for matching database access users comprises a user name acquisition module, a web operation data acquisition module, a first keyword module, a second keyword module, a third keyword module and an association module;
the user name acquisition module is used for registering uri used by a web server user for logging in and acquiring a user name used for logging in the web server;
the web operation data acquisition module is used for registering the session name of the web server and acquiring http data of all web operations corresponding to the user according to the session ID uniquely distributed when the user logs in;
the first keyword module is used for acquiring first keywords from http data of all operations corresponding to a user, wherein the first keywords are each character string obtained by uri analysis in the http data;
the second keyword module is used for filtering the first keywords with the occurrence frequency exceeding a preset value to obtain second keywords, and storing the second keywords corresponding to the corresponding session ID;
the third keyword module is used for acquiring the operation of the web server on the database and analyzing and extracting the third keyword from the corresponding SQL, wherein the third keyword is data corresponding to the database operation and comprises data which is added, deleted, modified and checked in SQL sentences;
and the association module is used for matching the second keyword with the third keyword, correspondingly storing the user name corresponding to the second keyword with the consistent matching result and the SQL statement corresponding to the third keyword, and establishing the association relationship between the user access behavior at the front end and the database change at the rear end for the follow-up data audit analysis.
Furthermore, the preset value in the second keyword module is adjusted according to different websites.
Further, the specific steps of "correspondingly storing the user name corresponding to the successfully matched second keyword and the SQL statement corresponding to the third keyword in the association module" are as follows: and firstly, the session ID corresponding to the second keyword corresponds to the SQL statement corresponding to the third keyword, and then the user name corresponding to the session ID corresponding to the second keyword corresponds to the SQL statement corresponding to the third keyword for storage.
Furthermore, the data transmitted between the web server and the user are acquired by capturing packets through the connection port of the web server and the browser.
Furthermore, the data transmitted between the web server and the database is obtained by capturing packets through the connection ports of the web server and the database server.
The invention has the following advantages: by accurately matching the data of operations such as adding, deleting, modifying and checking and the like in the database with the data in the service operation, the most extensive service system in the auditing application can be quickly associated with the application user accessed by the database without a plurality of fuzzy matching operations, so that the matching accuracy and the association efficiency are improved; the method provides fast and accurate associated audit data, expands the application range of audit, facilitates the interception of monitored data to be processed by other servers, provides more processing means such as alarm and the like through data analysis, and does not influence the web server and the database.
Drawings
The invention will be further described with reference to the following examples with reference to the accompanying drawings.
FIG. 1 is a flow chart of an audit method for matching database access users according to the present invention.
FIG. 2 is a logical block diagram of an audit system of matching database access users of the present invention.
FIG. 3 is a schematic diagram of an audit principle of a matching database access user according to the present invention.
Detailed Description
As shown in fig. 1, an auditing method for matching database access users of the present invention includes the following steps:
step 10, registering uri used by a web server user for logging in, and acquiring a user name used for logging in the web server;
step 20, registering the session name of the web server, and acquiring http data of all web operations corresponding to the user according to the session ID uniquely distributed when the user logs in;
step 30, obtaining a first keyword from http data of all operations corresponding to a user, wherein the first keyword is each character string obtained by parsing uri in the http data;
step 40, filtering the first keywords with the occurrence frequency exceeding a preset value to obtain second keywords, and correspondingly storing the second keywords and the corresponding session ID; and the preset value is adjusted according to different websites.
Step 50, obtaining the operation of the web server on the database, analyzing and extracting a third keyword from the corresponding SQL, wherein the third keyword is data corresponding to the database operation and comprises data which is added, deleted, modified and checked in the SQL sentence;
and step 60, matching the second keyword with the third keyword, correspondingly storing the user name corresponding to the second keyword with the consistent matching result and the SQL sentence corresponding to the third keyword, and establishing an incidence relation between the user access behavior at the front end and the database change at the rear end for subsequent data audit analysis.
The step 60 of "correspondingly saving the user name corresponding to the successfully matched second keyword and the SQL statement corresponding to the third keyword" specifically includes: and firstly, the session ID corresponding to the second keyword corresponds to the SQL sentence corresponding to the third keyword, and then the user name corresponding to the session ID corresponding to the second keyword corresponds to the SQL sentence corresponding to the third keyword for storage.
And the data transmitted between the web server and the user is acquired by capturing packets through the connection port of the web server and the browser.
And the data transmitted between the web server and the database are acquired by packet capturing through the connecting ports of the web server and the database server.
As shown in fig. 2, the auditing system for matching database access users of the present invention includes a user name obtaining module, a web operation data obtaining module, a first keyword module, a second keyword module, a third keyword module and an association module;
the user name acquisition module is used for registering uri used by a web server user for logging in and acquiring a user name used for logging in the web server;
the web operation data acquisition module is used for registering the session name of the web server and acquiring http data of all web operations corresponding to the user according to the session ID uniquely distributed when the user logs in;
the first keyword module is used for acquiring first keywords from http data of all operations corresponding to a user, wherein the first keywords are each character string obtained by uri analysis in the http data;
the second keyword module is used for filtering the first keywords with the occurrence frequency exceeding a preset value to obtain second keywords, and correspondingly storing the second keywords and the corresponding session ID; and the preset value is adjusted according to different websites.
The third keyword module is used for acquiring the operation of the web server on the database and analyzing and extracting third keywords from corresponding SQL, and the third keywords are data corresponding to the operation of the database and comprise data which is added, deleted, modified and checked in SQL sentences;
and the association module is used for matching the second keyword with the third keyword, correspondingly storing the user name corresponding to the second keyword with the consistent matching result and the SQL statement corresponding to the third keyword, and establishing the association relationship between the user access behavior at the front end and the database change at the rear end for the follow-up data audit analysis.
The specific steps of "correspondingly saving the user name corresponding to the successfully matched second keyword and the SQL statement corresponding to the third keyword" in the association module are as follows: and firstly, the session ID corresponding to the second keyword corresponds to the SQL sentence corresponding to the third keyword, and then the user name corresponding to the session ID corresponding to the second keyword corresponds to the SQL sentence corresponding to the third keyword for storage.
And the data transmitted between the web server and the user is acquired by capturing packets through the connection port of the web server and the browser.
And the data transmitted between the web server and the database are acquired by packet capturing through the connecting ports of the web server and the database server.
The invention is further illustrated below with reference to a specific embodiment:
as shown in fig. 3, in a DataBase application, a DataBase Server (DataBase Server) and a web Server (web Server) are included, a user (user 1, user2, \8230;, userN) accesses the web Server through a front-end browser to perform corresponding operations, the user and the web Server are in a many-to-one relationship, and the web Server accesses the DataBase Server by using a single account. When the operation of a web server on a database is audited, a web user obtains data at two positions on the basis of the operation of the web server, and the user access behavior at the front end is associated with the database change at the rear end through a method of filtering, screening and matching keywords, wherein the specific flow is as follows:
a. registering uri used by the user of the web server in login, and acquiring the name of the user logging in the web server by using a user login mechanism of the web server; for example, a USER account "zhang san" tries to log in the web server, uri and http packets used for logging can be obtained in a network packet capturing mode, a template of uri used for logging in is obtained in a unpacking and uri analyzing mode, for example, the logged uri is http:// myschoolol/LOGIN, a USER field obtained by analyzing the captured http packets may be LOGIN _ USER _ PARAM = USER san, the logged uri is recorded, and the corresponding uri and http decoding can be monitored in a traditional auditing mode to obtain a USER name.
b. The session name of the web server is registered (i.e. session name, usually different websites have different session names), because each user logging in the web server will be assigned a unique session ID (i.e. session ID, which can be found by session name), the session ID will be included in http data of all web operations of the user, for example, the session ID is included in body part of http data, which can be obtained when obtaining http data, and all web operations of the certain user are monitored and obtained by using the user discrimination mechanism of the web server through the traditional web auditing manner, that is, network packet capturing is performed on the connection port of the web server and the browser, and the captured packet is analyzed, and these web operations include data such as add-modify check, etc.
The user name and the session ID in the steps a and b are obtained as follows: for example, when a user logs in a web server website, the user needs to input a user name and a password of the user, then the user logs in the web server, the web server judges whether the user name and the password are correct when the user logs in, and allocates a session id to the user after the user name and the password are correct, so that the user name and the corresponding session id can be known and temporarily stored.
c. And performing network packet capturing on a connection port of the web server and the browser, and analyzing the captured http packet to obtain value1 (namely a first keyword) of the http transmitted by the captured http packet. For example, the method for obtaining value1 from http data of the web operation corresponding to the user is as follows, where first obtaining uri includes: http://192.168.82.98/issues/6862, http://192.168.82.98/issues/5755, http://192.168.82.98/issues/4567, and the first keyword obtained by analyzing these data is: http,192.168.82.98, esses, 6862, 5755, and 4567;
d. since part of the value1 (the first keyword) obtained in step c may be a value of the web server rather than a value of a user-related operation, it needs to be filtered, that is, the occurrence frequency of the value1 is significantly greater than that of other data, and the value is deleted as a general constant, a variable part with changes is reserved, for example, http in step c, 192.168.82.98, and occurrences of iss are significantly greater, and the value is deleted, data 6862, 5755, and 4567 are reserved as second keywords, and a specific setting value of the occurrence frequency is set according to different websites, for example, the value may be tested once before setting, and after obtaining the value, the filtered value1 (i.e., the second keyword) and the corresponding session id in http are saved.
e. The method comprises the steps of capturing a packet through a connection port of a web server and a database server, obtaining the SQL of the database through operation of a web server on the database by analyzing the captured packet, and obtaining value2 (namely a third key word) in the SQL. The existing parser is adopted to parse the SQL, for example, select from db where index =5755 of the SQL is parsed, and key data in the SQL is obtained as 5755 and is used as value2.
f. And e, matching the value2 (namely the third key word) obtained in the step e with the value1 (namely the second key word) obtained in the step d, so as to correspond the SQL with the session id. For example, the second keywords 6862, 5755 and 4567 are respectively matched with the third keyword 5755, so that a result 5755 with completely consistent matching results is obtained. Then the session id corresponding to uri (http:// 192.168.82.98/issues/5755) corresponding to the second keyword 5755 with the consistent matching result is corresponding to SQL (select × from db where index = 5755) corresponding to the third keyword 5755;
g. and correspondingly storing the name of the user accessing the web server and the corresponding SQL operation according to the corresponding relation between the name of the user accessing the web server and the session id, establishing association, and providing data support for subsequent auditing (such as data analysis, alarm providing, interception and other operations).
The invention firstly screens the data possibly related to database change in the data acquired from the business system, and then the data is in one-to-one correspondence with the actual changed data of the database, so as to accurately position which database operation is performed by which user, and the real-time property of the session and the uniqueness of the session id are utilized to perform accurate and rapid search, thereby realizing the accurate matching of the data of operations such as adding, deleting, modifying and searching in the database and the like with the data in the business operation, quickly associating the most extensive business system in audit application with the application user accessing the database, and improving the accuracy and efficiency of association. By providing fast and accurate associated audit data, the application range of audit is expanded, so that the intercepted and monitored data are handed to other servers for processing, more processing means such as alarm are provided through data analysis, and the web server and the database cannot be influenced.
Although specific embodiments of the invention have been described above, it will be understood by those skilled in the art that the specific embodiments described are illustrative only and are not limiting upon the scope of the invention, and that equivalent modifications and variations can be made by those skilled in the art without departing from the spirit of the invention, which is to be limited only by the appended claims.
Claims (10)
1. An auditing method for matching database access users is characterized in that: the method comprises the following steps:
step 10, registering uri used by a web server user for logging in, and acquiring a user name used for logging in the web server;
step 20, registering the session name of the web server, and acquiring http data of all web operations corresponding to the user according to the session ID uniquely distributed when the user logs in;
step 30, obtaining a first keyword from http data of all operations corresponding to a user, wherein the first keyword is each character string obtained by parsing uri in the http data;
step 40, filtering the first keywords with the occurrence frequency exceeding a preset value to obtain second keywords, and correspondingly storing the second keywords and the corresponding session ID;
step 50, acquiring the operation of the web server on the database, analyzing and extracting a third keyword from the corresponding SQL, wherein the third keyword is data corresponding to the database operation and comprises data which is added, deleted, modified and checked in SQL sentences;
and step 60, matching the second keyword with the third keyword, correspondingly storing the user name corresponding to the second keyword with the consistent matching result and the SQL sentence corresponding to the third keyword, and establishing an incidence relation between the user access behavior at the front end and the database change at the rear end for subsequent data audit analysis.
2. An auditing method for matching database access users according to claim 1, characterized by: the preset value in step 40 is adjusted according to different websites.
3. An auditing method for matching database access users according to claim 1, in which: the step 60 of "correspondingly saving the user name corresponding to the successfully matched second keyword and the SQL statement corresponding to the third keyword" specifically includes: and firstly, the session ID corresponding to the second keyword corresponds to the SQL statement corresponding to the third keyword, and then the user name corresponding to the session ID corresponding to the second keyword corresponds to the SQL statement corresponding to the third keyword for storage.
4. An auditing method for matching database access users according to claim 1, characterized by: and the data transmitted between the web server and the user is acquired by capturing packets through the connection port of the web server and the browser.
5. An auditing method for matching database access users according to claim 1, characterized by: and the data transmitted between the web server and the database is acquired by capturing packets through the connection ports of the web server and the database server.
6. An auditing system for matching database access users, comprising: the system comprises a user name acquisition module, a web operation data acquisition module, a first keyword module, a second keyword module, a third keyword module and an association module;
the user name acquisition module is used for registering uri used by a web server user for logging in and acquiring a user name used for logging in the web server;
the web operation data acquisition module is used for registering the session name of the web server and acquiring http data of all web operations corresponding to the user according to the session ID uniquely distributed when the user logs in;
the first keyword module is used for acquiring first keywords from http data of all operations corresponding to a user, wherein the first keywords are each character string obtained by uri analysis in the http data;
the second keyword module is used for filtering the first keywords with the occurrence frequency exceeding a preset value to obtain second keywords, and correspondingly storing the second keywords and the corresponding session ID;
the third keyword module is used for acquiring the operation of the web server on the database and analyzing and extracting the third keyword from the corresponding SQL, wherein the third keyword is data corresponding to the database operation and comprises data which is added, deleted, modified and checked in SQL sentences;
and the association module is used for matching the second keyword with the third keyword, correspondingly storing the user name corresponding to the second keyword with the consistent matching result and the SQL sentence corresponding to the third keyword, and establishing the association relationship between the user access behavior at the front end and the database change at the rear end for subsequent data audit analysis.
7. An auditing system for matching database access users according to claim 6, in which: and the preset value in the second keyword module is adjusted according to different websites.
8. An auditing system for matching database access users according to claim 6, in which: the specific steps of "correspondingly saving the user name corresponding to the successfully matched second keyword and the SQL statement corresponding to the third keyword" in the association module are as follows: and firstly, the session ID corresponding to the second keyword corresponds to the SQL statement corresponding to the third keyword, and then the user name corresponding to the session ID corresponding to the second keyword corresponds to the SQL statement corresponding to the third keyword for storage.
9. An auditing system for matching database access users according to claim 6, characterised in that: and the data transmitted between the web server and the user is acquired by capturing packets through the connection port of the web server and the browser.
10. An auditing system for matching database access users according to claim 6, characterised in that: and the data transmitted between the web server and the database are acquired by packet capturing through the connecting ports of the web server and the database server.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811229213.6A CN109408499B (en) | 2018-10-22 | 2018-10-22 | Auditing method and system for matching database access users |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811229213.6A CN109408499B (en) | 2018-10-22 | 2018-10-22 | Auditing method and system for matching database access users |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109408499A CN109408499A (en) | 2019-03-01 |
| CN109408499B true CN109408499B (en) | 2022-10-11 |
Family
ID=65468668
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811229213.6A Active CN109408499B (en) | 2018-10-22 | 2018-10-22 | Auditing method and system for matching database access users |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109408499B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111125066B (en) * | 2019-12-26 | 2023-09-26 | 杭州迪普科技股份有限公司 | Method and device for detecting functions of database auditing equipment |
| CN111092910B (en) * | 2019-12-30 | 2022-11-22 | 深信服科技股份有限公司 | Database security access method, device, equipment, system and readable storage medium |
| CN116776310B (en) * | 2023-08-23 | 2024-01-05 | 深圳红途科技有限公司 | Automatic user account identification method and device, computer equipment and storage medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104484474A (en) * | 2014-12-31 | 2015-04-01 | 南京盾垒网络科技有限公司 | Database security auditing method |
| CN105138675A (en) * | 2015-09-08 | 2015-12-09 | 上海上讯信息技术股份有限公司 | Database auditing method and device |
| CN105373603A (en) * | 2015-11-09 | 2016-03-02 | 杭州安恒信息技术有限公司 | Method for improving three-layer correlation accuracy |
| CN105635046A (en) * | 2014-10-28 | 2016-06-01 | 北京启明星辰信息安全技术有限公司 | Database command line filtering and audit blocking method and device |
| CN106371984A (en) * | 2016-08-31 | 2017-02-01 | 广州品唯软件有限公司 | Data monitoring method, equipment and system |
| CN106708859A (en) * | 2015-11-13 | 2017-05-24 | 北京神州泰岳信息安全技术有限公司 | Auditing method for resource access behaviors and device |
| CN107688487A (en) * | 2011-09-09 | 2018-02-13 | 甲骨文国际公司 | For the method and system for the state for recovering database session |
Family Cites Families (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090132579A1 (en) * | 2007-11-21 | 2009-05-21 | Kwang Edward M | Session audit manager and method |
| CN101727502A (en) * | 2010-01-25 | 2010-06-09 | 中兴通讯股份有限公司 | Data query method, data query device and data query system |
| US10140320B2 (en) * | 2011-02-28 | 2018-11-27 | Sdl Inc. | Systems, methods, and media for generating analytical data |
| CN102255924B (en) * | 2011-08-29 | 2013-11-06 | 浙江中烟工业有限责任公司 | Multi-stage security interconnection platform based on trusted computing and processing flow thereof |
| CN104113598A (en) * | 2014-07-21 | 2014-10-22 | 蓝盾信息安全技术有限公司 | Three-layer auditing method for database |
| US10447730B2 (en) * | 2015-05-15 | 2019-10-15 | Virsec Systems, Inc. | Detection of SQL injection attacks |
| CN105930427B (en) * | 2016-04-19 | 2019-07-26 | 深信服科技股份有限公司 | Database audit method and device |
| CN107122408A (en) * | 2017-03-24 | 2017-09-01 | 深圳昂楷科技有限公司 | Information association and its database audit method, auditing system |
-
2018
- 2018-10-22 CN CN201811229213.6A patent/CN109408499B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107688487A (en) * | 2011-09-09 | 2018-02-13 | 甲骨文国际公司 | For the method and system for the state for recovering database session |
| CN105635046A (en) * | 2014-10-28 | 2016-06-01 | 北京启明星辰信息安全技术有限公司 | Database command line filtering and audit blocking method and device |
| CN104484474A (en) * | 2014-12-31 | 2015-04-01 | 南京盾垒网络科技有限公司 | Database security auditing method |
| CN105138675A (en) * | 2015-09-08 | 2015-12-09 | 上海上讯信息技术股份有限公司 | Database auditing method and device |
| CN105373603A (en) * | 2015-11-09 | 2016-03-02 | 杭州安恒信息技术有限公司 | Method for improving three-layer correlation accuracy |
| CN106708859A (en) * | 2015-11-13 | 2017-05-24 | 北京神州泰岳信息安全技术有限公司 | Auditing method for resource access behaviors and device |
| CN106371984A (en) * | 2016-08-31 | 2017-02-01 | 广州品唯软件有限公司 | Data monitoring method, equipment and system |
Non-Patent Citations (4)
| Title |
|---|
| Oracle用户SQL会话还原方法研究;王伟平 等;《计算机工程与应用》;20080421;154-156 * |
| Research on the Security Audit of Database Connection Pool;Huang B H 等;《Applied Mechanics and Materials》;20140331;3286-3289 * |
| 基于XML的Web数据库安全中间件研究与设计;王振辉 等;《计算机应用与软件》;20150815;第32卷(第8期);38-42+179 * |
| 数据库审计在三层架构医院信息系统中的应用;马明祥 等;《中国数字医学》;20150323;第10卷(第1期);85-87 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109408499A (en) | 2019-03-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111522922B (en) | Log information query method and device, storage medium and computer equipment | |
| EP2244418B1 (en) | Database security monitoring method, device and system | |
| CN107888571B (en) | Multi-dimensional webshell intrusion detection method and system based on HTTP log | |
| CN110569214B (en) | Index construction method and device for log file and electronic equipment | |
| CN109408499B (en) | Auditing method and system for matching database access users | |
| CN108156131B (en) | Webshell detection method, electronic device and computer storage medium | |
| CN111949803B (en) | Knowledge graph-based network abnormal user detection method, device and equipment | |
| US10404731B2 (en) | Method and device for detecting website attack | |
| US10097569B2 (en) | System and method for tracking malware route and behavior for defending against cyberattacks | |
| CN110602029A (en) | Method and system for identifying network attack | |
| RU2722693C1 (en) | Method and system for detecting the infrastructure of a malicious software or a cybercriminal | |
| CN112486708B (en) | Page operation data processing method and processing system | |
| CN107547490B (en) | Scanner identification method, device and system | |
| US11178160B2 (en) | Detecting and mitigating leaked cloud authorization keys | |
| CN111767573A (en) | Database security management method and device, electronic equipment and readable storage medium | |
| CN108337269A (en) | A kind of WebShell detection methods | |
| CN103166966A (en) | Method and device for distinguishing illegal access request to website | |
| US8489631B2 (en) | Distributing a query | |
| CN114915479A (en) | Web attack phase analysis method and system based on Web log | |
| CN103118035A (en) | Website access request parameter legal range analysis method and device | |
| CN113779571B (en) | WebShell detection device, webShell detection method and computer readable storage medium | |
| CN115865525B (en) | Log data processing method, device, electronic equipment and storage medium | |
| CN110008462B (en) | Command sequence detection method and command sequence processing method | |
| Cankaya et al. | A survey of digital forensics tools for database extraction | |
| KR100906454B1 (en) | Database log data management apparatus and method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: 350000 21 / F, building 5, f District, Fuzhou Software Park, 89 software Avenue, Gulou District, Fuzhou City, Fujian Province Applicant after: FUJIAN SINOREGAL SOFTWARE CO.,LTD. Address before: Floor 20-21, building 5, area F, Fuzhou Software Park, 89 software Avenue, Gulou District, Fuzhou City, Fujian Province 350000 Applicant before: FUJIAN SINOREGAL SOFTWARE CO.,LTD. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |