CN112231297A - Database security guarantee method based on big data - Google Patents

Abstract

The invention discloses a database security guarantee method based on big data, the security guarantee system comprises an equipment security detection module, a network security detection module, a reliability detection module and a security guarantee comprehensive evaluation module, the equipment safety detection module, the network safety detection module and the reliability detection module are connected with the safety guarantee comprehensive evaluation module, the equipment safety detection module comprises an external interface detection module, a camera detection module and a comprehensive equipment safety coefficient calculation module, the external interface detection module comprises an interface connection frequency counting module, a verification failure frequency counting module and a first safety coefficient calculating module, the interface connection frequency counting module is used for counting the frequency N1 of the first electronic device used for accessing the database to be connected with the external electronic device in a preset first time period.

Description

Database security guarantee method based on big data

Technical Field

The invention relates to the field of big data, in particular to a database security guarantee method based on big data.

Background

A database is a "warehouse that organizes, stores, and manages data by data structure," which is an organized, shared, and uniformly managed collection of data that is stored in a computer for a long period of time. A large amount of data can be conveniently stored for people through the database, but the risk of sensitive data leakage is increased. Sensitive information can bring serious troubles to individuals, enterprises or government departments, even directly bring economic loss, and the harmfulness is extremely high. Therefore, it is necessary to secure the security of the database.

Disclosure of Invention

The invention aims to provide a database security guarantee system based on big data to solve the problems in the prior art.

In order to achieve the purpose, the invention provides the following technical scheme:

the database security system based on the big data comprises an equipment security detection module, a network security detection module, a reliability detection module and a security comprehensive evaluation module, wherein the equipment security detection module, the network security detection module and the reliability detection module are connected with the security comprehensive evaluation module.

Optimally, the device security detection module comprises an external interface detection module, a camera detection module and a comprehensive device security coefficient calculation module, the external interface detection module comprises an interface connection frequency statistics module, a verification failure frequency statistics module and a first security coefficient calculation module, the interface connection frequency statistics module is used for counting the frequency N1 of connecting a first electronic device used for accessing a database to an external electronic device in a preset first time period, the verification failure frequency statistics module is used for counting the frequency N2 of not verifying the external electronic device by the first electronic device when the first electronic device is connected, the first security coefficient calculation module calculates a first security coefficient of the device according to the frequency N1 and the frequency N2, the camera detection module comprises an external signal intrusion statistics module, an intrusion signal intensity statistics module and a second security coefficient calculation module, the external signal intrusion counting module is used for counting the number of times N3 of the camera which is intruded by an external signal within a preset period of time, the intrusion signal strength counting module is used for counting the number of times N4 that the intruding external signal strength is smaller than a first strength threshold value, the second safety coefficient calculating module calculates a second safety coefficient of the device according to the number N3 and the number N4, and the comprehensive device safety coefficient calculating module calculates the comprehensive device safety coefficient according to the first safety coefficient of the device and the second safety coefficient of the device; the network security detection module comprises a network card detection module, a network detection module and a comprehensive network security factor calculation module, wherein the network card detection module comprises a network card information acquisition module, an expert scoring module, a user scoring module and a comprehensive scoring module, the network card information acquisition module is used for acquiring manufacturer and model information of a network card used by the first electronic device, the expert scoring module scores the security and stability of the network card according to the manufacturer and model information of the network card, the user scoring module scores the security and stability when the network card is used, the comprehensive scoring module calculates a first network security factor according to the expert scoring and the user scoring, the network detection module comprises a password intensity detection module, a leak scanning module, a network security factor detection module and a second network security factor calculation module, the password intensity detection module acquires a password risk coefficient according to the password intensity of the network connected with the first electronic device, the vulnerability scanning module is used for scanning the number of vulnerabilities of a network connected with the first electronic device and the number of vulnerabilities of which vulnerability risk conditions are smaller than a risk threshold value, and accordingly acquiring a vulnerability risk coefficient, wherein the network stability detection module is used for acquiring the percentage of the total duration of the duration in which the signal intensity of the network connected with the first electronic equipment is greater than the network signal intensity threshold value within a preset time period, and accordingly obtaining a stability coefficient, the second network security coefficient calculating module calculates a second network security coefficient according to the password, the vulnerability risk coefficient and the stability coefficient, and the comprehensive network safety coefficient calculating module calculates the comprehensive network safety coefficient according to the first network safety coefficient and the second network safety coefficient.

Preferably, the reliability detection module comprises an accuracy detection module, a stability detection module and a reliability calculation module, wherein the accuracy detection module is used for detecting whether the database can correctly identify the authority of the visitor and acquiring a security detection coefficient according to the authority, the stability detection module is used for detecting whether the database can continuously and correctly identify the authority of the visitor and acquiring a stability detection coefficient according to the authority, and the reliability calculation module calculates a reliability evaluation coefficient according to the security detection coefficient and the stability detection coefficient; the safety guarantee comprehensive evaluation module comprises a safety guarantee coefficient calculation module and an evaluation suggestion output module, the safety guarantee coefficient calculation module calculates a safety guarantee coefficient according to the comprehensive equipment safety coefficient, the comprehensive network safety coefficient and the reliability evaluation coefficient, and the evaluation suggestion output module outputs the access suggestion of the database according to the safety guarantee coefficient. .

A database security guarantee method based on big data comprises the following steps:

step S1: detecting the safety of the equipment and acquiring a safety coefficient X of the comprehensive equipment;

step S2: detecting the network security and acquiring a comprehensive network security coefficient Y;

step S3: detecting the identity reliability of the visitor and acquiring a reliability evaluation coefficient Z;

step S4: and calculating a safety guarantee coefficient W according to the comprehensive equipment safety coefficient X, the comprehensive network safety coefficient Y and the reliability evaluation coefficient Z.

Preferably, the device security detection in step S1 includes the following steps:

step S11: obtaining whether a first electronic device for accessing the database has an interface for connecting an external electronic device, and if so,

acquiring the number of times of connecting the external electronic device within a preset first period of time N1,

the number of times N2 that the external electronic device failed the first electronic device authentication is obtained,

computing a device first safety factor x1= N2/N1;

step S12: acquiring whether a camera exists in the place where the electronic equipment accessing the library is located, and if so, acquiring whether the camera exists in the place where the electronic equipment accessing the library is located

Acquiring the number N3 of times of the camera being invaded by an external signal within a preset period of time;

acquiring the external signal intensity of each intrusion, and counting the intrusion times N4 of which the external signal intensity is smaller than a first intensity threshold;

computing a device second safety factor x2= N4/N3;

step S13: and calculating the comprehensive equipment safety factor X = a X1+ b X2, wherein a is the weight of X1, and b is the weight of X2.

Preferably, the network security detection in step S2 includes the following steps:

step S21: acquiring manufacturer and model information of a network card used by first electronic equipment accessing a database, selecting more than five experts to grade the safety and stability of the network card according to the manufacturer and model information, selecting more than ten users of the network card to grade the safety and stability when using the network card,

calculating a first network safety factor y1= 0.6P 1+ 0.4P 2, wherein P1 is the average score of expert scores and P1 is the average score of user scores;

step S22: a network to which a first electronic device accessing a database is connected is obtained,

step S221: judging the password strength of the network, wherein when the password strength is strong, the password risk coefficient q1=0.7, when the password strength is medium, the password risk coefficient q1=0.4, and when the password strength is weak, the password risk coefficient q1= 0.1;

step S222: scanning the network vulnerabilities, obtaining the number N5 of the vulnerabilities of the network and the risk condition of each vulnerability, and counting the number N6 of the vulnerabilities with the vulnerability risk condition smaller than a risk threshold, wherein the vulnerability risk coefficient q2= N6/N5;

step S223: the stability of the network in a preset time period is obtained, the percentage k of the duration that the network signal intensity is greater than the network signal intensity threshold value to the total duration is counted, and then the stability coefficient q3= k;

step S224: calculating a second network safety factor y2= 0.4 × q1+0.4 × q2+0.2 × q 3;

step S23: and calculating a comprehensive network safety factor Y = c Y1+ d Y2, wherein c is the weight of Y1, and d is the weight of Y2.

Preferably, the visitor identity reliability test in step S3 includes the following steps:

step S31: and (3) detecting the accuracy: selecting m1 persons with database access authority and m1 persons without database access authority to respectively apply for accessing the database, counting the number m2 of persons who have database access authority and successfully access the database and the number m3 of persons who do not have database access authority and unsuccessfully access the database, and determining the identity accuracy detection coefficient of the access persons z1=0.6 m2/m1+0.4 m3/m 1;

step S32: and (3) stability detection: selecting m4 persons with database access authority and m4 persons without database access authority to respectively apply for accessing the database for N7 times, counting the average number of times N8 that the m4 persons with database access authority successfully apply for accessing the database, and counting the average number of times N9 that the m4 persons without database access authority unsuccessfully apply for accessing the database, wherein the identity stability detection coefficient of the access person is z2= 0.5N 8/N7+ 0.5N 9/N7;

step S33: a reliability evaluation coefficient Z = e Z1+ f Z2 is calculated, where e is the weight of Z1 and f is the weight of Z2.

Preferably, the step S4 includes: the safety factor W = 0.2X + 0.3Y + 0.5Z,

when the safety guarantee coefficient W is more than or equal to 0.65, the safety performance of the database is good, and the database is allowed to be accessed;

when the security guarantee coefficient W is less than 0.65, the security performance of the database is poor, and the database is recommended to be allowed to be accessed after the security guarantee coefficient of the database is increased.

Compared with the prior art, the invention has the beneficial effects that: the invention evaluates the security performance of the database from a plurality of aspects of the security of external equipment, the security of a network and the identity reliability of detection access personnel, and gives an access suggestion according to the security performance, thereby ensuring the security of the database and reducing the risk of data leakage in the database.

Drawings

FIG. 1 is a schematic block diagram of a big data-based database security system according to the present invention;

fig. 2 is a schematic flow chart of a database security assurance method based on big data according to the present invention.

Detailed Description

The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

Referring to fig. 1-2, in an embodiment of the present invention, a database security system based on big data includes an equipment security detection module, a network security detection module, a reliability detection module, and a security comprehensive evaluation module, where the equipment security detection module, the network security detection module, and the reliability detection module are connected to the security comprehensive evaluation module.

The equipment safety detection module comprises an external interface detection module, a camera detection module and a comprehensive equipment safety coefficient calculation module, wherein the external interface detection module comprises an interface connection frequency counting module, a verification failure frequency counting module and a first safety coefficient calculation module, the interface connection frequency counting module is used for counting the frequency N1 of connecting a first electronic equipment used for accessing a database to an external electronic equipment in a preset first time period, the verification failure frequency counting module is used for counting the frequency N2 of not verifying the external electronic equipment by the first electronic equipment when the first electronic equipment is connected, the first safety coefficient calculation module calculates a first safety coefficient of the equipment according to the frequency N1 and the frequency N2, the camera detection module comprises an external signal intrusion counting module, an intrusion signal strength counting module and a second safety coefficient calculation module, the external signal intrusion counting module is used for counting the number of times N3 of the camera which is intruded by an external signal within a preset period of time, the intrusion signal strength counting module is used for counting the number of times N4 that the intruding external signal strength is smaller than a first strength threshold value, the second safety coefficient calculating module calculates a second safety coefficient of the device according to the number N3 and the number N4, and the comprehensive device safety coefficient calculating module calculates the comprehensive device safety coefficient according to the first safety coefficient of the device and the second safety coefficient of the device; the network security detection module comprises a network card detection module, a network detection module and a comprehensive network security factor calculation module, wherein the network card detection module comprises a network card information acquisition module, an expert scoring module, a user scoring module and a comprehensive scoring module, the network card information acquisition module is used for acquiring manufacturer and model information of a network card used by the first electronic device, the expert scoring module scores the security and stability of the network card according to the manufacturer and model information of the network card, the user scoring module scores the security and stability when the network card is used, the comprehensive scoring module calculates a first network security factor according to the expert scoring and the user scoring, the network detection module comprises a password intensity detection module, a leak scanning module, a network security factor detection module and a second network security factor calculation module, the password intensity detection module acquires a password risk coefficient according to the password intensity of the network connected with the first electronic device, the vulnerability scanning module is used for scanning the number of vulnerabilities of a network connected with the first electronic device and the number of vulnerabilities of which vulnerability risk conditions are smaller than a risk threshold value, and accordingly acquiring a vulnerability risk coefficient, wherein the network stability detection module is used for acquiring the percentage of the total duration of the duration in which the signal intensity of the network connected with the first electronic equipment is greater than the network signal intensity threshold value within a preset time period, and accordingly obtaining a stability coefficient, the second network security coefficient calculating module calculates a second network security coefficient according to the password, the vulnerability risk coefficient and the stability coefficient, and the comprehensive network safety coefficient calculating module calculates the comprehensive network safety coefficient according to the first network safety coefficient and the second network safety coefficient.

The reliability detection module comprises an accuracy detection module, a stability detection module and a reliability calculation module, wherein the accuracy detection module is used for detecting whether the database can correctly identify the authority of the visitor and acquiring a safety detection coefficient according to the authority, the stability detection module is used for detecting the authority of the database which can continuously and correctly identify the visitor and acquiring a stability detection coefficient according to the authority, and the reliability calculation module calculates a reliability evaluation coefficient according to the safety detection coefficient and the stability detection coefficient; the safety guarantee comprehensive evaluation module comprises a safety guarantee coefficient calculation module and an evaluation suggestion output module, the safety guarantee coefficient calculation module calculates a safety guarantee coefficient according to the comprehensive equipment safety coefficient, the comprehensive network safety coefficient and the reliability evaluation coefficient, and the evaluation suggestion output module outputs the access suggestion of the database according to the safety guarantee coefficient. .

A database security guarantee method based on big data comprises the following steps:

step S1: detecting the safety of the equipment and acquiring a safety coefficient X of the comprehensive equipment;

step S11: obtaining whether a first electronic device for accessing the database has an interface for connecting an external electronic device, and if so,

acquiring the number of times of connecting the external electronic device within a preset first period of time N1,

the number of times N2 that the external electronic device failed the first electronic device authentication is obtained,

computing a device first safety factor x1= N2/N1;

when an external electronic device in which a virus exists is connected to a first electronic device that accesses a database, the virus may destroy the security of the database and may even cause data leakage in the database.

Step S12: acquiring whether a camera exists in the place where the electronic equipment accessing the library is located, and if so, acquiring whether the camera exists in the place where the electronic equipment accessing the library is located

Acquiring the number N3 of times of the camera being invaded by an external signal within a preset period of time;

acquiring the external signal intensity of each intrusion, and counting the intrusion times N4 of which the external signal intensity is smaller than a first intensity threshold;

computing a device second safety factor x2= N4/N3;

when a person with access right accesses the database, the camera may steal and observe an account or a password when the person with access right logs in, or even directly see the content of the database in the camera, which may cause data leakage in the database.

Step S13: calculating a comprehensive equipment safety factor X = 0.6X 1+ 0.4X 2.

Step S2: detecting the network security and acquiring a comprehensive network security coefficient Y;

step S21: acquiring manufacturer and model information of a network card used by first electronic equipment accessing a database, selecting more than five experts to grade the safety and stability of the network card according to the manufacturer and model information, selecting more than ten users of the network card to grade the safety and stability when using the network card, wherein a five-scale method is adopted when the safety and stability are graded, the five scales are respectively excellent, better, common, poorer and poor, the corresponding grades are 1, 0.8, 0.6, 0.4 and 0.2 in sequence,

calculating a first network safety factor y1= 0.6P 1+ 0.4P 2, wherein P1 is the average score of expert scores and P1 is the average score of user scores;

step S22: a network to which a first electronic device accessing a database is connected is obtained,

step S221: judging the password strength of the network, wherein when the password strength is strong, the password risk coefficient q1=0.7, when the password strength is medium, the password risk coefficient q1=0.4, and when the password strength is weak, the password risk coefficient q1= 0.1;

step S222: scanning the network vulnerabilities, obtaining the number N5 of the vulnerabilities of the network and the risk condition of each vulnerability, and counting the number N6 of the vulnerabilities with the vulnerability risk condition smaller than a risk threshold, wherein the vulnerability risk coefficient q2= N6/N5;

step S223: the stability of the network in a preset time period is obtained, the percentage k of the duration that the network signal intensity is greater than the network signal intensity threshold value to the total duration is counted, and then the stability coefficient q3= k;

step S224: calculating a second network safety factor y2= 0.4 × q1+0.4 × q2+0.2 × q 3;

step S23: and calculating a comprehensive network safety factor Y = 0.5Y 1+ 0.5Y 2.

Step S3: and (3) detecting the identity reliability of the visitor and acquiring a reliability evaluation coefficient Z:

step S31: and (3) detecting the accuracy: selecting m1 persons with database access authority and m1 persons without database access authority to respectively apply for accessing the database, counting the number m2 of persons who have database access authority and successfully access the database and the number m3 of persons who do not have database access authority and unsuccessfully access the database, and determining the identity accuracy detection coefficient of the access persons z1=0.6 m2/m1+0.4 m3/m 1;

step S32: and (3) stability detection: selecting m4 persons with database access authority and m4 persons without database access authority to respectively apply for accessing the database for N7 times, counting the average number of times N8 that the m4 persons with database access authority successfully apply for accessing the database, and counting the average number of times N9 that the m4 persons without database access authority unsuccessfully apply for accessing the database, wherein the identity stability detection coefficient of the access person is z2= 0.5N 8/N7+ 0.5N 9/N7;

step S33: calculating a reliability evaluation coefficient Z =0.5 × Z1+0.5 × Z2;

step S4: calculating a safety guarantee coefficient W = 0.2X + 0.3Y + 0.5Z according to the comprehensive equipment safety coefficient X, the comprehensive network safety coefficient Y and the reliability evaluation coefficient Z,

when the safety guarantee coefficient W is more than or equal to 0.65, the safety performance of the database is good, and the database is allowed to be accessed;

when the security guarantee coefficient W is less than 0.65, the security performance of the database is poor, and the database is recommended to be allowed to be accessed after the security guarantee coefficient of the database is increased.

It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein.

Claims (1)

1. A database security guarantee method based on big data is characterized in that: the safety guarantee method comprises the following steps:

step S1: detecting the safety of the equipment and acquiring a safety coefficient X of the comprehensive equipment;

step S2: detecting the network security and acquiring a comprehensive network security coefficient Y;

step S3: detecting the identity reliability of the visitor and acquiring a reliability evaluation coefficient Z;

step S4: calculating a safety guarantee coefficient W according to the comprehensive equipment safety coefficient X, the comprehensive network safety coefficient Y and the reliability evaluation coefficient Z;

the device security detection in step S1 includes the following steps:

step S11: obtaining whether a first electronic device for accessing the database has an interface for connecting an external electronic device, and if so,

acquiring the number of times of connecting the external electronic device within a preset first period of time N1,

the number of times N2 that the external electronic device failed the first electronic device authentication is obtained,

computing a device first safety factor x1= N2/N1;

step S12: acquiring whether a camera exists in the place where the electronic equipment accessing the library is located, and if so, acquiring whether the camera exists in the place where the electronic equipment accessing the library is located

Acquiring the number N3 of times of the camera being invaded by an external signal within a preset period of time;

acquiring the external signal intensity of each intrusion, and counting the intrusion times N4 of which the external signal intensity is smaller than a first intensity threshold;

computing a device second safety factor x2= N4/N3;

step S13: calculating a comprehensive equipment safety factor X = a X1+ b X2, wherein a is the weight of X1, and b is the weight of X2;

the network security detection in the step S2 includes the following steps:

step S21: acquiring manufacturer and model information of a network card used by first electronic equipment accessing a database, selecting more than five experts to grade the safety and stability of the network card according to the manufacturer and model information, selecting more than ten users of the network card to grade the safety and stability when using the network card,

calculating a first network safety factor y1= 0.6P 1+ 0.4P 2, wherein P1 is the average score of expert scores and P2 is the average score of user scores;

step S22: a network to which a first electronic device accessing a database is connected is obtained,

step S221: judging the password strength of the network, wherein when the password strength is strong, the password risk coefficient q1=0.7, when the password strength is medium, the password risk coefficient q1=0.4, and when the password strength is weak, the password risk coefficient q1= 0.1;

step S222: scanning the network vulnerabilities, obtaining the number N5 of the vulnerabilities of the network and the risk condition of each vulnerability, and counting the number N6 of the vulnerabilities with the vulnerability risk condition smaller than a risk threshold, wherein the vulnerability risk coefficient q2= N6/N5;

step S223: the stability of the network in a preset time period is obtained, the percentage k of the duration that the network signal intensity is greater than the network signal intensity threshold value to the total duration is counted, and then the stability coefficient q3= k;

step S224: calculating a second network safety factor y2= 0.4 × q1+0.4 × q2+0.2 × q 3;

step S23: calculating a comprehensive network safety factor Y = c Y1+ d Y2, wherein c is the weight of Y1, and d is the weight of Y2;

the visitor identity reliability detection in the step S3 includes the following steps:

step S31: and (3) detecting the accuracy: selecting m1 persons with database access authority and m1 persons without database access authority to respectively apply for accessing the database, counting the number m2 of persons who have database access authority and successfully access the database and the number m3 of persons who do not have database access authority and unsuccessfully access the database, and determining the identity accuracy detection coefficient of the access persons z1=0.6 m2/m1+0.4 m3/m 1;

step S32: and (3) stability detection: selecting m4 persons with database access authority and m4 persons without database access authority to respectively apply for accessing the database for N7 times, counting the average number of times N8 that the m4 persons with database access authority successfully apply for accessing the database, and counting the average number of times N9 that the m4 persons without database access authority unsuccessfully apply for accessing the database, wherein the identity stability detection coefficient of the access person is z2= 0.5N 8/N7+ 0.5N 9/N7;

step S33: a reliability evaluation coefficient Z = e Z1+ f Z2 is calculated, where e is the weight of Z1 and f is the weight of Z2.

Images