CN112463860A - Analytical method of optimal dazzle database query result set - Google Patents

Analytical method of optimal dazzle database query result set Download PDF

Info

Publication number
CN112463860A
CN112463860A CN201910839710.6A CN201910839710A CN112463860A CN 112463860 A CN112463860 A CN 112463860A CN 201910839710 A CN201910839710 A CN 201910839710A CN 112463860 A CN112463860 A CN 112463860A
Authority
CN
China
Prior art keywords
query result
column
value
content
columns
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910839710.6A
Other languages
Chinese (zh)
Inventor
张斌祥
武博
何建锋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xi'an Jiaotong University Jump Network Technology Co ltd
Original Assignee
Xi'an Jiaotong University Jump Network Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xi'an Jiaotong University Jump Network Technology Co ltd filed Critical Xi'an Jiaotong University Jump Network Technology Co ltd
Priority to CN201910839710.6A priority Critical patent/CN112463860A/en
Publication of CN112463860A publication Critical patent/CN112463860A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/248Presentation of query results
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2455Query execution
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Computational Linguistics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses an analysis method of a query result set of an excellent and dazzling database, which comprises the following steps: filtering according to the port number to obtain an optimal dazzle database response packet to be analyzed, and analyzing to obtain an application layer message; if the value of the first byte of the message is the character T, the response packet is considered as the query result of the select statement; analyzing the content of each field in the header part of the table according to the total length, the number of columns and the separators of the field; analyzing the content of the query result line by line according to the length, the number of columns and the separators of the field; and assembling the analyzed query result content according to the header fields to obtain a query result set. And capturing a data packet, filtering by a specified port number to obtain a select statement response packet to be analyzed, further analyzing the header part and the query result content of the application layer message, and finally assembling to obtain a result set, thereby further realizing security audit of database behaviors and improving the security of service data.

Description

Analytical method of optimal dazzle database query result set
Technical Field
The invention belongs to the technical field of communication and network security, and particularly relates to an analysis method for an optimal dazzling database query result set.
Background
The database is used as the core and the foundation of the information technology, bears more and more key business systems, gradually becomes the most strategic asset in business and public safety, and the safe and stable operation of the database directly determines whether the business systems can be normally used. The security threat of the database comes from the interior of an enterprise frequently, and is maliciously damaged, illegally operated and accessed without right, so that a large amount of data is leaked and seriously damaged; moreover, the operations often do not have attack characteristics and are difficult to be identified by a common information security protection system, and a database security audit system is produced at the discretion.
A database auditing (and risk control) system is a compliance management system for performing fine-grained auditing on network operation behaviors in a business environment, and is used for helping a user plan and prevent in advance by analyzing, recording and reporting the behaviors of business personnel accessing the system.
The information technology is increasingly popular in localization, and almost all products in all levels from application, middleware to basic software and hardware are accelerating the localization process, so that the application of the products in the country is inevitably wider. The optimal dazzle database (UXDB) is a typical representative of a domestic database product, and the technical application of the optimal dazzle database is more and more, but the database audit product in the current market cannot effectively audit the database, especially cannot analyze a database query result set, and therefore greater data safety potential hazards are undoubtedly existed.
Disclosure of Invention
In view of this, the present invention provides an analysis method for an inquiry result set for an optimal dazzle database, where a result set is finally obtained by capturing a data packet, filtering, judging, and analyzing a header and content, so as to solve the technical problem that the analysis of the inquiry result set for the optimal dazzle database is not implemented in the prior art.
The technical scheme adopted by the invention is as follows.
The analytical method of the query result set of the excellent dazzle database comprises the following steps:
s11, filtering according to the port number to obtain an optimal dazzle database response packet to be analyzed, and analyzing to obtain an application layer message;
s12, if the value of the first byte of the message is a character T, the response packet is considered as a query result of a select statement;
s13, analyzing the content of each field in the header part according to the total length, the number of columns and the separators of the fields;
s14, analyzing query result contents line by line according to the length, the number of columns and the separators;
and S15, assembling the analyzed query result content according to the header fields to obtain a query result set.
The header analysis process according to step S13 includes the following steps:
s21, starting from the 2 nd byte of the message, backward taking a value of 4 bytes to obtain the total length of the field of the header part;
s22, continuously taking the values of 2 bytes backwards to obtain the number of the columns;
s23, continuing to move backwards, taking out the character string before the character 0 to obtain the column value of the column, and ending the content of the first column when the displacement is continued for 18 bytes;
and S24, repeating the step S23 to obtain column values of other columns.
The parsing process of the query result content according to the step S14 includes the following steps performed line by line:
s31, starting each row of query result contents with a character D, and obtaining the column number of the row by backwards taking a value of 2 bytes;
s32, continuously taking the values of 4 bytes backwards to obtain the field length of the first column;
s33, the character string with the length in the step S32 is taken out backwards to obtain the column value of the column, and the content of the column is ended when the length is continuously deviated from the length in the step S32;
s34, repeating the steps S32 to S33 to obtain column values of other columns in the row;
s35, repeating the steps S31 to S34 to obtain column values of columns in other rows.
According to the analysis method of the inquiry result set of the optimal dazzle database, when the byte with the value of the character Z is analyzed, the content of a response packet of the inquiry result is indicated to be finished; and assembling the query result content according to the contents of all the fields of the header part of the table to obtain a complete query result set.
Further, in step S12:
if the value of the first byte of the message is Q, the response packet is regarded as simple query;
if the value of the first byte of the message is P, the response packet is considered as password information;
if the value of the first byte of the message is not T, the analysis is finished.
After the technical scheme is adopted, the method for analyzing the excellent and dazzling database query result set has the following beneficial effects: and capturing a data packet, filtering by a specified port number to obtain a select statement response packet to be analyzed, further analyzing the header part and the query result content of the application layer message, and finally assembling to obtain a result set, thereby further realizing security audit of database behaviors and improving the security of service data.
Drawings
FIG. 1 is a flowchart illustrating an overall method for parsing a query result set of a smart database according to an embodiment of the present invention;
fig. 2 is a flowchart illustrating parsing of a header portion, i.e., a detailed process diagram of S13 in fig. 1 according to an embodiment of the present invention;
fig. 3 is a flowchart illustrating parsing of query result content according to an embodiment of the present invention, that is, a detailed process diagram of S14 in fig. 1.
Detailed Description
The technical solution of the present invention will be described in detail below with reference to the accompanying drawings.
For most scenarios, the transmitted data packet adopts an open general protocol, and the data packet can be parsed according to a known protocol. In other scenarios, however, the transmitted packets may use unknown protocols, such as custom protocols, and the packets using the unknown protocols cannot be parsed in the prior art. In a database audit product, a certain database is adopted, and a related protocol of the database of the type cannot be known, so that a data packet transmitted by the database cannot be analyzed, and the database security audit is actually similar to a nominal one. The UXDB is a typical domestic database, and effective analysis on a result set cannot be realized in the prior art. Therefore, the invention provides a targeted query result set analysis method.
As shown in fig. 1, the method for parsing the query result set of the highlight database includes:
s11, filtering according to the port number to obtain an optimal dazzle database response packet to be analyzed, and analyzing to obtain an application layer message; the response packet may use packet capturing software or hardware to capture a data packet on a transmission link of the network card by monitoring network data, and the captured data packet is stored or recorded as a data packet to be filtered or analyzed. Of course, the capturing of the data packets may also set different capturing strategies to perform necessary filtering on the unnecessary data packets. Different network requests are sent to different IPs and ports, and accordingly, the response packet includes IP and port information. Therefore, the data packet to be analyzed can be obtained by filtering according to the port number.
S12, if the value of the first byte of the message is a character T, the response packet is considered as a query result of a select statement; different response contents can be distinguished according to the content of the first byte of the database response content, such as: if the value of the first byte of the message is Q, the response packet is regarded as simple query; if the value of the first byte of the message is P, the response packet is considered as password information; the corresponding character of the select statement query result response data packet is T; if the value of the first byte of the message is not T, then no parsing is performed or other types of result set parsing may be performed.
S13, analyzing the content of each field in the header part according to the total length, the number of columns and the separators of the fields;
s14, analyzing query result contents line by line according to the length, the number of columns and the separators;
and S15, assembling the analyzed query result content according to the header fields to obtain a query result set.
As shown in fig. 2, the header parsing process in step S13 includes the following steps:
s21, starting from the 2 nd byte of the message, backward taking a value of 4 bytes to obtain the total length of the field of the header part;
s22, continuously taking the values of 2 bytes backwards to obtain the number of the columns;
s23, continuing to move backwards, taking out the character string before the character 0 to obtain the column value of the column, and ending the content of the first column when the displacement is continued for 18 bytes;
and S24, repeating the step S23 to obtain column values of other columns.
As shown in fig. 3, the parsing process of the query result content in step S14 includes the following steps performed line by line:
s31, starting each row of query result contents with a character D, and obtaining the column number of the row by backwards taking a value of 2 bytes;
s32, continuously taking the values of 4 bytes backwards to obtain the field length of the first column;
s33, the character string with the length in the step S32 is taken out backwards to obtain the column value of the column, and the content of the column is ended when the length is continuously deviated from the length in the step S32;
s34, repeating the steps S32 to S33 to obtain column values of other columns in the row;
s35, repeating the steps S31 to S34 to obtain column values of columns in other rows.
Preferably, when the byte with the value of character Z is parsed in the content of the query result, the content of the response packet of the query result is terminated.
As described above, the data packets of the dazzle database are obtained through filtering, response packets of select statement query are screened out through analysis, header fields and query result contents are analyzed respectively, and the query result contents are assembled according to the header fields to obtain a complete query result set. After the query result set is obtained, the safety audit of response and the like can be carried out according to actual requirements.
The above is only a preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can conceive changes or substitutions within the technical scope of the present invention, and the present invention shall fall within the scope of the present invention.

Claims (6)

1. The method for analyzing the query result set of the Youzan database is characterized by comprising the following steps of:
s11, filtering according to the port number to obtain an optimal dazzle database response packet to be analyzed, and analyzing to obtain an application layer message;
s12, if the value of the first byte of the message is a character T, the response packet is considered as a query result of a select statement;
s13, analyzing the content of each field in the header part according to the total length, the number of columns and the separators of the fields;
s14, analyzing query result contents line by line according to the length, the number of columns and the separators;
and S15, assembling the analyzed query result content according to the header fields to obtain a query result set.
2. The parsing method according to claim 1, wherein the parsing process of the header part in step S13 includes the following steps performed in sequence:
s21, starting from the 2 nd byte of the message, backward taking a value of 4 bytes to obtain the total length of the field of the header part;
s22, continuously taking the values of 2 bytes backwards to obtain the number of the columns;
s23, continuing to move backwards, taking out the character string before the character 0 to obtain the column value of the column, and ending the content of the first column when the displacement is continued for 18 bytes;
and S24, repeating the step S23 to obtain column values of other columns.
3. The parsing method as claimed in claim 2, wherein the parsing procedure of the query result content in step S14 includes the following steps performed line by line:
s31, starting each row of query result contents with a character D, and obtaining the column number of the row by backwards taking a value of 2 bytes;
s32, continuously taking the values of 4 bytes backwards to obtain the field length of the first column;
s33, the character string with the length in the step S32 is taken out backwards to obtain the column value of the column, and the content of the column is ended when the length is continuously deviated from the length in the step S32;
s34, repeating the steps S32 to S33 to obtain column values of other columns in the row;
s35, repeating the steps S31 to S34 to obtain column values of columns in other rows.
4. A parsing method according to claim 3, wherein when parsing to a byte with a value of character Z, it indicates that the content of the response packet is over.
5. A parsing method according to claim 2 or 3, wherein the query result contents are assembled to obtain a complete query result set according to the contents of the fields of the header part.
6. The analysis method according to claim 1,
if the value of the first byte of the message is Q, the response packet is regarded as simple query;
if the value of the first byte of the message is P, the response packet is considered as password information;
if the value of the first byte of the message is not T, the analysis is finished.
CN201910839710.6A 2019-09-06 2019-09-06 Analytical method of optimal dazzle database query result set Pending CN112463860A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910839710.6A CN112463860A (en) 2019-09-06 2019-09-06 Analytical method of optimal dazzle database query result set

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910839710.6A CN112463860A (en) 2019-09-06 2019-09-06 Analytical method of optimal dazzle database query result set

Publications (1)

Publication Number Publication Date
CN112463860A true CN112463860A (en) 2021-03-09

Family

ID=74806767

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910839710.6A Pending CN112463860A (en) 2019-09-06 2019-09-06 Analytical method of optimal dazzle database query result set

Country Status (1)

Country Link
CN (1) CN112463860A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113239105A (en) * 2021-05-21 2021-08-10 武汉一格空间科技有限公司 Method for automatically detecting and storing head, head and tail of observation data in field surgery
CN114900471A (en) * 2021-11-29 2022-08-12 上海大学 High-performance non-blocking data transmission method

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113239105A (en) * 2021-05-21 2021-08-10 武汉一格空间科技有限公司 Method for automatically detecting and storing head, head and tail of observation data in field surgery
CN113239105B (en) * 2021-05-21 2022-05-31 武汉一格空间科技有限公司 Method for automatically detecting and storing head, head and tail of observation data in field surgery
CN114900471A (en) * 2021-11-29 2022-08-12 上海大学 High-performance non-blocking data transmission method
CN114900471B (en) * 2021-11-29 2023-11-28 上海大学 High-performance non-blocking data transmission method

Similar Documents

Publication Publication Date Title
US20200112572A1 (en) Blockchain architecture for computer security applications
CN108173850A (en) A kind of identity authorization system and identity identifying method based on block chain intelligence contract
CN109462599B (en) Honeypot management system
US9641545B2 (en) Methods, systems, and computer program products for detecting communication anomalies in a network based on overlap between sets of users communicating with entities in the network
CN107566381A (en) Equipment safety control method, apparatus and system
CN107360118B (en) Advanced persistent threat attack protection method and device
CN110650128A (en) System and method for detecting digital currency stealing attack of Etheng
CN109271802A (en) A kind of user information management method, system, equipment and computer storage medium
KR20110065091A (en) System for detecting toll fraud attack for internet telephone and method for the same
CN114124476B (en) Sensitive information leakage vulnerability detection method, system and device for Web application
CN112463860A (en) Analytical method of optimal dazzle database query result set
CN108712369B (en) Multi-attribute constraint access control decision system and method for industrial control network
CN115550049A (en) Vulnerability detection method and system for Internet of things equipment
CN102238039A (en) NAT (Network Address Translation) event reporting and IP (Internet Protocol) address tracing method and network device
KR20160087187A (en) Cyber blackbox system and method thereof
Boggs et al. Discovery of emergent malicious campaigns in cellular networks
Asgharian et al. Feature engineering for detection of Denial of Service attacks in session initiation protocol
CN115883169A (en) Industrial control network attack message response method and response system based on honeypot system
CN115633359A (en) PFCP session security detection method, device, electronic equipment and storage medium
Hara et al. Profiling of malicious users using simple honeypots on the Ethereum blockchain network
CN115297033A (en) Internet of things terminal flow auditing method and system
CN109788249B (en) Video monitoring control method based on industrial internet operating system
CN112463759A (en) Information analysis method for Gbase database audit
Su et al. Using data mining approaches to identify voice over IP spam
CN112468431A (en) Method and system for analyzing Kingbase database query result set

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20210309