CN114157501A - Parameter analysis method and device based on Tianri database - Google Patents
Parameter analysis method and device based on Tianri database Download PDFInfo
- Publication number
- CN114157501A CN114157501A CN202111489854.7A CN202111489854A CN114157501A CN 114157501 A CN114157501 A CN 114157501A CN 202111489854 A CN202111489854 A CN 202111489854A CN 114157501 A CN114157501 A CN 114157501A
- Authority
- CN
- China
- Prior art keywords
- data
- message
- database
- response
- target data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000004458 analytical method Methods 0.000 title claims abstract description 60
- 230000004044 response Effects 0.000 claims abstract description 158
- 238000012545 processing Methods 0.000 claims abstract description 7
- 238000000034 method Methods 0.000 claims description 41
- 230000002159 abnormal effect Effects 0.000 claims description 17
- 230000005540 biological transmission Effects 0.000 claims description 17
- 238000001514 detection method Methods 0.000 claims description 17
- 230000000903 blocking effect Effects 0.000 claims description 14
- 238000004590 computer program Methods 0.000 claims description 12
- 108010001267 Protein Subunits Proteins 0.000 claims description 4
- 238000012550 audit Methods 0.000 abstract description 12
- 238000010586 diagram Methods 0.000 description 10
- 238000004891 communication Methods 0.000 description 9
- 230000008569 process Effects 0.000 description 9
- 230000006399 behavior Effects 0.000 description 8
- 230000006870 function Effects 0.000 description 8
- 230000004048 modification Effects 0.000 description 5
- 238000012986 modification Methods 0.000 description 5
- 238000000586 desensitisation Methods 0.000 description 4
- 238000001914 filtration Methods 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 230000006835 compression Effects 0.000 description 2
- 238000007906 compression Methods 0.000 description 2
- 238000011217 control strategy Methods 0.000 description 2
- 238000012217 deletion Methods 0.000 description 2
- 230000037430 deletion Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000002452 interceptive effect Effects 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 238000011084 recovery Methods 0.000 description 2
- 230000008859 change Effects 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 239000000047 product Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 239000013589 supplement Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/28—Databases characterised by their database models, e.g. relational or object models
- G06F16/284—Relational databases
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Databases & Information Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the application provides a parameter analysis method and device based on a Tianri database, relates to the technical field of data processing, and comprises the following steps: acquiring a data message flowing to a TianRui database, and analyzing the data message to obtain target data; then judging whether the data message is an encrypted message or not according to the target data; if not, determining a normal response message of the answer sentence from the target data; and finally, acquiring the number of return/influence lines of the normal response message and response result data to obtain a parameter analysis result, completely restoring the response parameters of the TianRui database, and avoiding the condition that the parameters cannot be restored under the condition of data packet encryption, thereby realizing effective and safe database security audit.
Description
Technical Field
The application relates to the technical field of data processing, in particular to a parameter analysis method and device based on a TianRui database.
Background
The Tianri database (Teradata database) is a relational database, the largest commercial database in the world. The existing database parameter analysis method is generally a method for analyzing and restoring SQL commands and parameters of a Shentong database, a data packet is obtained through a bypass, interactive data of the Shentong database are obtained through filtering, and corresponding analysis and restoration processes are executed according to different data packet types to obtain SQL commands and parameter contents. However, in practice, it is found that the existing method only aims at the Shentong database, is not suitable for the Tianri database, cannot directly extract the response parameters in the Tianri database, and cannot restore the parameters of the corresponding database when the data packet is encrypted. Therefore, the existing method cannot be suitable for the Tianri database, and the situation that the parameters cannot be restored under the condition of data packet encryption exists.
Disclosure of Invention
An object of the embodiments of the present application is to provide a parameter analysis method and apparatus based on a Tianri database, which can completely restore response parameters of the Tianri database, and can avoid the situation that the parameters cannot be restored under the condition of data packet encryption, thereby realizing effective and safe database security audit.
A first aspect of an embodiment of the present application provides a parameter parsing method based on a natural Rui database, including:
acquiring a data message flowing to an application layer of the Tianri database, and analyzing the data message to obtain target data;
judging whether the data message is an encrypted message or not according to the target data;
if not, determining a normal response message of a response sentence from the target data;
and acquiring the return/influence line number and response result data of the normal response message to obtain a parameter analysis result.
In the implementation process, firstly, acquiring a data message flowing to a sky database, and analyzing the data message to obtain target data; then judging whether the data message is an encrypted message or not according to the target data; if not, determining a normal response message of the answer sentence from the target data; and finally, acquiring the number of return/influence lines of the normal response message and response result data to obtain a parameter analysis result, completely restoring the response parameters of the TianRui database, and avoiding the condition that the parameters cannot be restored under the condition of data packet encryption, thereby realizing effective and safe database security audit.
Further, the determining whether the data packet is an encrypted packet according to the target data includes:
judging whether the TianRui database is preset with transmission message encryption configuration or not;
if not, acquiring an encryption identification value of a first appointed byte of the target data head;
judging whether the encrypted identification value is a preset encrypted value or not;
if yes, determining that the data message is an encrypted message;
if not, determining that the data message is not an encrypted message.
In the implementation process, whether the data packet is encrypted or not can be judged in advance, so that the condition that the parameters cannot be restored under the condition of data packet encryption is avoided.
Further, determining a normal response packet of a response statement from the target data includes:
acquiring a message type identification value of a second specified byte in front of the head of the target data;
extracting a response message of a response statement from the target data according to the message type identification value;
acquiring a positive abnormal identification value of the target data after the target data is offset by a first offset byte;
and determining a normal response message from the target data according to the positive abnormal identification value.
Further, the obtaining the number of return/impact lines of the normal response packet and the response result data to obtain a parameter analysis result includes:
acquiring a return/influence line number identification value after the normal response message is offset by a second offset byte;
acquiring the number of return/influence lines of the normal response message after offsetting the third offset byte according to the identification value of the number of return/influence lines;
calculating the data length of a response result according to the data length of the head of the normal response message;
acquiring data of the response result data length after the normal response message deviates a fourth deviation byte to obtain response result data;
and generating a parameter analysis result according to the response result data and the return/influence line number.
Further, the method further comprises:
performing security detection on the parameter analysis result according to a preset database firewall security policy to obtain a detection result;
and performing releasing or blocking processing on the data message according to the detection result.
A second aspect of the embodiments of the present application provides a parameter analysis device based on a natural Rui database, including:
the first acquisition unit is used for acquiring a data message flowing to an application layer of the sky Rui database;
the analysis unit is used for analyzing the data message to obtain target data;
the judging unit is used for judging whether the data message is an encrypted message or not according to the target data;
a determining unit, configured to determine, when it is determined that the data packet is not an encrypted packet, a normal response packet of a response statement from the target data if the data packet is not an encrypted packet;
and the second acquisition unit is used for acquiring the return/influence line number and response result data of the normal response message to obtain a parameter analysis result.
In the implementation process, a first obtaining unit obtains a data message flowing to a sky Rui database, and an analyzing unit analyzes the data message to obtain target data; then the judging unit judges whether the data message is an encrypted message according to the target data; if not, the determining unit determines a normal response message of the answer sentence from the target data; and finally, the second acquisition unit acquires the return/influence line number and response result data of the normal response message to obtain a parameter analysis result, so that the response parameters of the Tianri database can be completely restored, the condition that the parameters cannot be restored under the condition of data packet encryption can be avoided, and effective and safe database security audit is realized.
Further, the judging unit includes:
the first subunit is used for judging whether the sky Rui database is preset with transmission message encryption configuration or not;
the second subunit is configured to, when it is determined that the transmission packet encryption configuration is not preset, obtain an encryption identification value of a first specified byte of the header of the target data;
the first subunit is further configured to determine whether the encrypted identification value is a preset encrypted value;
a third sub-unit, configured to determine that the data packet is an encrypted packet if the preset encrypted value is determined; and when the data message is judged not to be the preset encryption value, determining that the data message is not the encryption message.
Further, the determining unit includes:
a fourth sub-unit, configured to obtain a message type identifier value of a second specified byte before the header of the target data; extracting a response message of a response statement from the target data according to the message type identification value;
a fifth subunit, configured to obtain a positive abnormal identification value after the target data is offset by the first offset byte; and determining a normal response message from the target data according to the positive abnormal identification value.
A third aspect of embodiments of the present application provides an electronic device, including a memory and a processor, where the memory is used to store a computer program, and the processor runs the computer program to make the electronic device execute the method for parameter resolution based on a sky Rui database according to any one of the first aspect of embodiments of the present application.
A fourth aspect of the embodiments of the present application provides a computer-readable storage medium, which stores computer program instructions, which when read and executed by a processor, perform the method for parameter resolution based on a sky-Rui database according to any one of the first aspect of the embodiments of the present application.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and that those skilled in the art can also obtain other related drawings based on the drawings without inventive efforts.
FIG. 1 is a flowchart illustrating a parameter parsing method based on a TianRui database according to an embodiment of the present application;
FIG. 2 is a schematic structural diagram of a parameter analysis device based on a TianRui database according to an embodiment of the present application;
fig. 3 is a schematic diagram illustrating an application flow of a database firewall according to an embodiment of the present disclosure;
fig. 4 is a logic diagram of a flow of influence/return line number and response result data in a recovery antenna database message according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures. Meanwhile, in the description of the present application, the terms "first", "second", and the like are used only for distinguishing the description, and are not to be construed as indicating or implying relative importance.
Example 1
Referring to fig. 1, fig. 1 is a schematic flowchart illustrating a parameter analysis method based on a sky Rui database according to an embodiment of the present application. The parameter analysis method based on the TianRui database comprises the following steps:
s101, acquiring a data message flowing to a Tianri database, and analyzing the data message to obtain target data.
In the embodiment of the application, the method is applied to the field of database firewalls, and the execution subject is a parameter analysis device based on a Tianri database.
In the embodiment of the application, the database firewall is serially arranged in front of the database server, so that the problems of the application side and the operation and maintenance side of the database are solved, the database security protection system is based on the database protocol analysis and control technology, and access behavior control, dangerous operation blocking and suspicious behavior audit of the database can be realized.
In the embodiment of the application, the core switch can be used for guiding the communication data of the client and the Tianui database to the internet access of the database firewall equipment in a mirror image mode, then the communication data is mapped to the local by the packet capturing engine on the database firewall equipment, further, the analysis engine on the database firewall equipment directly utilizes the obtained packets to perform layer-by-layer stripping analysis to obtain the data messages, wherein the data messages comprise the data packets which are obtained by filtering according to the port number and flow to the server of the Tianui database.
In the embodiment of the application, a Tianri database (Teradata database) is an intelligent high-performance database, can automatically complete a plurality of time consuming functions of a series of tasks such as workload management, compression decision, virtual partition, time sequence condition and the like, and greatly improves the overall performance and the manageability of a data warehouse. The Tianri database supports various data formats, and is most suitable for JSON data stored in various forms of data in a BSON format, UBJSON formats specially optimized for digital data, JSON text data formats and the like. The client can seamlessly use the three JSON storage formats in a mixed mode according to the service requirements and the data attributes, and faster query performance is obtained. The Teradata database has a strong function of analyzing JSON data, operation data and historical service data.
In the embodiment of the present application, the target data includes a data header and a data body.
S102, judging whether a transmission message encryption configuration is preset in a TianRui database, and if not, executing the step S103 to the step S104; if so, step S105 is performed.
S103, acquiring the encrypted identification value of the first appointed byte of the target data header.
In the embodiment of the application, before the data message is analyzed, whether the transmission message is encrypted or not needs to be judged according to the data header, and if the transmission message is encrypted, subsequent analysis is not performed. When determining whether to encrypt, firstly, it needs to determine whether to preset transmission message encryption configuration, taking a borui official client terminal TTU connected to a server as an example, when checking ENCRYPTDATA ON the borui official client terminal interface, it indicates that transmission message encryption configuration is preset, and then data message analysis is not performed; conversely, when the selection ENCRYPTDATA is OFF, no encryption is performed.
S104, judging whether the encrypted identification value is a preset encrypted value, and if not, executing the step S106 to the step S113; if so, step S105 is performed.
In this embodiment of the present application, the data message may also be identified, a value of a second byte of the data header is obtained first, to obtain an encrypted identifier value, and if the encrypted identifier value is a preset encrypted value, the encrypted identifier value represents that the data message is encrypted, and data analysis is not performed, specifically, the preset encrypted value is 81 or 82, where 81 represents that the request message is encrypted, and 82 represents that the response message is encrypted.
S105, determining that the data message is an encrypted message, and ending the process.
S106, determining that the data message is not an encrypted message, and executing the step S107 to the step S113.
In the embodiment of the present application, by implementing the steps S102 to S106, it can be determined whether the data packet is an encrypted packet according to the target data.
In the embodiment of the application, through identifying the option mark of the Tianri official client and identifying the header mark byte of the application layer of the transmission message, the two methods can judge whether the data message of the Tianri database is encrypted in the transmission process, if the data message is encrypted, whether the message is decrypted or analyzed in a abandoning way can be judged according to the actual requirement, and the parameters and commands of the Tianri database can be more accurately identified, classified and analyzed.
S107, obtaining the message type identification value of the second specified byte in front of the target data head.
In the embodiment of the present application, when the message is not encrypted, the value of the first 4 bytes of the header of the target data is first determined, and each protocol header has 4 bytes in total, which marks the beginning of the message. The second byte is used for recording the request and response direction of the communication, 01 represents the request direction, and 02 represents the response direction.
In the embodiment of the application, the message type identification value of the second specified byte before the header of the target data is obtained, that is, the value of the first 4 bytes of the header of the target data is obtained, so as to obtain the message type identification value.
In this embodiment, the target data may include four message types, which are a response message for determining a database version packet, a request message for determining an execution program/tool, a request message for determining a request statement, and a response message for determining a response statement. The response packet needs to be identified from the target data according to the packet type identification value.
In this embodiment of the application, when the current 4 bytes are 03020 a 00, the data packet is a response packet of the database version packet. The response message structure of the protocol version packet mainly comprises: the first four bytes are 03020 a 00, which is the fixed beginning of the response protocol acquisition version packet message, then 438 fixed padding bytes, and then the version number length is 2 bytes long, the length of the version number of the sky Rui database is recorded, and the value is assumed to be A. Followed by an a-byte length version number.
In the embodiment of the application, the response message of the database version packet can be analyzed, and the corresponding version number length and version number are extracted.
In this embodiment, when the current 4 bytes are 03010 a 00, the data message is an execution program/tool request message. The structure of the request message for executing the program/tool is mainly as follows: the first four bytes 03010 a 00 is the fixed beginning of the request protocol packet, then 67 fixed padding bytes, and then the length of the executive name is 1 byte in length, which records the length of the sky database client, and assumes its value as B. Followed by the name of the executing program of B bytes in length.
In the embodiment of the application, the executive program/tool request message can be analyzed, and the corresponding executive program name length and the corresponding executive program name are extracted.
In this embodiment, when the current 4 bytes are 03010500, the data message is a request message of a request statement. The message structure of the request statement mainly comprises: the first four bytes are 03010500, which are the fixed beginning of the request protocol packet, then 75 fixed padding bytes, and then the length of the request statement of 2 bytes, and the length of the SQL statement is recorded, assuming that the value is C. Followed by a request statement of (C-4) bytes in length.
In the embodiment of the application, the request message of the request statement can be analyzed, and the corresponding length of the request statement and the corresponding request statement are extracted.
In this embodiment, when the current 4 bytes are 03020500, the response message is a response message of the response statement. The response messages are divided into two types, one is a normal response message, the other is an error reporting response, and the response message is a response message with an error code.
After step S107, the following steps are also included:
and S108, extracting the response message of the answer sentence from the target data according to the message type identification value.
And S109, acquiring the positive abnormal identification value of the target data after the target data is shifted by the first shift byte.
In the embodiment of the present application, the message structure of the normal response mainly includes: the first four bytes 03020500 are the fixed beginning of the reply protocol message, followed by a 2-byte impact/return line number flag, which is 03 when the number of impact lines is present and 01 or 02 when the number of return lines is present. And continuing to offset by 2 bytes and then obtaining the response statement length of 2 bytes, wherein the record length needs to be added by 52 to obtain the response message load length. Continuing to offset by 66 bytes and taking 4 bytes as the number of return/impact lines. Continuing to offset by 58 bytes is the result set actually output at the server echo.
In the embodiment of the present application, the message structure of the abnormal response mainly includes: the first four bytes are 03020500, which are the fixed beginning of the response protocol message, and then after 60 bytes are shifted, 2 bytes are taken, the value is error code/return code, the next 2 bytes are error information prompt length, assuming that the value is D, the error information prompt data with the length of D bytes is followed, and the prompt information related to the error code, such as error reporting content, is recorded.
In the embodiment of the application, the message of the abnormal response can be analyzed, and the corresponding error code/return code, the error information prompt length and the error information prompt data are extracted.
As an optional implementation manner, by analyzing the target data layer by layer, corresponding data information (such as a version number, an execution program name, a request statement, an error code/return code, or error information prompt data, etc.) can be extracted according to a requirement, and the data information is output for a user to browse and refer.
In the embodiment of the present application, the first offset byte is 64 bytes. Firstly, offsetting 4 bytes to determine a response message, then continuously offsetting 2 bytes to obtain an influence/return line number mark, and then continuously offsetting 58 bytes to obtain an error code/return code of two bytes, wherein the error code/return code is the positive abnormal identification value.
S110, determining a normal response message from the target data according to the positive abnormal identification value.
In the embodiment of the present application, by implementing the steps S107 to S110, the normal response packet of the response sentence can be determined from the target data.
And S111, acquiring the number of return/influence lines of the normal response message and response result data to obtain a parameter analysis result.
As an optional implementation manner, obtaining the number of return/impact lines of the normal response packet and the response result data to obtain a parameter analysis result includes:
acquiring a return/influence line number identification value after the normal response message is offset by the second offset byte;
acquiring the number of return/influence lines of the normal response message after offsetting the third offset byte according to the identification value of the number of the return/influence lines;
calculating the data length of the response result according to the data length of the head of the normal response message;
acquiring data of the response result data length after the normal response message deviates the fourth deviation byte to obtain response result data;
and generating a parameter analysis result according to the response result data and the return/influence line number.
In the above embodiment, the formula for calculating the response result data length N is: n-application layer header length-164 bytes.
In the above embodiment, after obtaining the return/impact line number identification value of the normal response packet after offsetting by the second offset byte, that is, after obtaining the normal response packet after offsetting by 4 bytes, the return/impact line number identification value of 2 bytes is obtained, where the impact line number flag is 03, and the return line number flag is 01 or 02, and when the return/impact line number identification value is 00, it indicates that there is no return/impact line number.
In the above embodiment, the number of return/impact lines after the normal response packet is shifted by the third offset byte is obtained, that is, after the normal response packet is shifted by 76 bytes, the number of return/impact lines of 4 bytes is obtained.
In the above embodiment, when the return/influence line number identification value is 00, it indicates that there is no return/influence line number, and it is not necessary to acquire the return/influence line number.
In the above embodiment, the data of the response result data length after the normal response packet is shifted by the fourth shift byte is obtained, and the response result data is obtained, that is, after the normal response packet is shifted by 134 bytes, the data of N bytes is obtained, and the response result data is obtained.
In the embodiment of the present application, the response result data includes a complete query result set.
In the embodiment of the application, the request message and the response message are classified and decomposed by capturing, filtering, analyzing and analyzing the load part of a Data type Data packet of a communication protocol between a borui application system client and a borui database, and a complete message is obtained according to the parameter position; and the bypass mode is adopted, network change or configuration modification is not needed to be carried out on the existing system, and the normal operation of the system is not influenced.
After step S111, the following steps are also included:
and S112, carrying out security detection on the parameter analysis result according to a preset database firewall security policy to obtain a detection result.
And S113, performing releasing or blocking processing on the data message according to the detection result.
In the embodiment of the application, the firewall security policy of the database is matched with the restored response result data and the number of the influence/return lines, security detection is performed, and the message is blocked or released according to the detection result, so that the aim of protecting the TianRui database is fulfilled.
In the embodiment of the application, the preset database firewall security policy comprises an anti-collision library, a dangerous operation blocking policy, a sensitive information access desensitization policy, an access return line number control policy and the like, wherein the attack terminal can be locked when the password input times reach a preset threshold value through the anti-collision library; blocking the behaviors when the dangerous behaviors such as full deletion, modification and the like are executed by applying the dangerous operation blocking strategy; the desensitization strategy can be accessed through sensitive information, different data are returned according to the authority of an accessor, real data can be seen when the authority is enough, desensitized data are returned when the authority is insufficient, and sensitive information leakage is avoided; and managing parameter analysis results according to the access return line number control strategy, so that the phenomenon that a large amount of databases are illegally exported at one time to cause large amount of data loss is avoided.
In the embodiment of the application, the method can completely restore SQL commands and parameters of the TianRui database and a complete query result set so as to realize effective and safe database security audit.
In the embodiment of the application, the method mainly depends on a bypass analysis mode and recognition aiming at message characteristics, and the difficulty and labor cost of data auditing are reduced. The bypass analysis method mainly obtains interactive messages of the sky Rui database client and the server through an unofficial channel, such as network packet analysis software, so as to analyze and analyze communication message rules.
Referring to fig. 3 and fig. 4 together, fig. 3 is a schematic diagram of a database firewall application flow provided in the embodiment of the present application, and fig. 4 is a logical diagram of a flow of influence/return row number and response result data in a recovery antenna database message provided in the embodiment of the present application. As shown in fig. 3, for example, by restoring the number of influence/return lines and the response result data in the natural database message, the specific flow is as follows, and corresponding request and response packet types are obtained according to the header analysis of the application layer header data:
firstly, judging the 2 nd byte value, and encrypting the data message without analyzing when the value is 82. When the value is 02, the message is a response message. 9-10 bytes are extracted, and the record length is the response message load length if 52 bytes need to be added.
Second, as shown in fig. 4, when the current 4 bytes are 03020500, to determine the response statement message, 2 bytes are taken as the influence line number/return line number flag without offset, the influence line number flag is 03, the return line number flag is 01 or 02, after 58 bytes are continuously offset, 2 bytes are taken as the error code/return code, and then the third step or the fourth step is executed.
Thirdly, as shown in fig. 4, when it is determined that the response message is an abnormal response message according to the error code/return code, on the basis of the second step, 2 bytes are continuously taken backward as the error information prompt length, assuming that the length is D, the error information prompt is taken by continuously shifting D bytes according to the length, and the process is ended.
And a fourth step, as shown in fig. 4, when it is determined that the response message is a normal response message according to the error code/return code, on the basis of the second step, after continuously offsetting 10 bytes, taking 4 bytes as the number of return/influence lines, if the previous return/influence flag is 00, the number of return/influence lines cannot be taken, and after continuously offsetting 58 last bytes, taking N bytes as a response result data message, and turning to the fifth step.
And fifthly, matching the firewall security policy of the database with the restored response result data and the number of the influence/return lines, performing security detection, and blocking or releasing the message according to the detection result so as to achieve the aim of protecting the TianRui database.
In the embodiment of the application, the method is used for completely analyzing and analyzing the communication protocol of the TianRui database, parameters and SQL sentences of a request and a response are restored, the accuracy of data auditing is improved, and method reference is provided for personnel engaged in related work, so that corresponding prevention and blocking are realized.
It can be seen that, by implementing the parameter analysis method based on the natural Rui database described in this embodiment, the response parameters of the natural Rui database can be completely restored, and the situation that the parameters cannot be restored under the condition of data packet encryption can be avoided, thereby realizing effective and safe database security audit.
Example 2
Please refer to fig. 2, fig. 2 is a schematic structural diagram of a parameter analysis apparatus based on a sky Rui database according to an embodiment of the present application. As shown in fig. 2, the parameter analysis apparatus based on the antenna database includes:
a first obtaining unit 210, configured to obtain a data packet flowing to a sky database;
in the embodiment of the application, the method is applied to the field of database firewalls.
In the embodiment of the application, the database firewall is serially arranged in front of the database server, so that the problems of the application side and the operation and maintenance side of the database are solved, the database security protection system is based on the database protocol analysis and control technology, and access behavior control, dangerous operation blocking and suspicious behavior audit of the database can be realized.
In the embodiment of the application, the core switch can be used for guiding the communication data of the client and the Tianui database to the internet access of the database firewall equipment in a mirror image mode, then the communication data is mapped to the local by the packet capturing engine on the database firewall equipment, further, the analysis engine on the database firewall equipment directly utilizes the obtained packets to perform layer-by-layer stripping analysis to obtain the data messages, wherein the data messages comprise the data packets which are obtained by filtering according to the port number and flow to the server of the Tianui database.
In the embodiment of the application, a Tianri database (Teradata database) is an intelligent high-performance database, can automatically complete a plurality of time consuming functions of a series of tasks such as workload management, compression decision, virtual partition, time sequence condition and the like, and greatly improves the overall performance and the manageability of a data warehouse. The Tianri database supports various data formats, and is most suitable for JSON data stored in various forms of data in a BSON format, UBJSON formats specially optimized for digital data, JSON text data formats and the like. The client can seamlessly use the three JSON storage formats in a mixed mode according to the service requirements and the data attributes, and faster query performance is obtained. The Teradata database has a strong function of analyzing JSON data, operation data and historical service data.
The parsing unit 220 is configured to parse the data packet to obtain target data;
a judging unit 230, configured to judge whether the data packet is an encrypted packet according to the target data;
a determining unit 240, configured to determine, when it is determined that the data packet is not an encrypted packet, a normal response packet of a response statement from the target data if the data packet is not the encrypted packet;
a second obtaining unit 250, configured to obtain the number of return/impact lines of the normal response packet and response result data, so as to obtain a parameter analysis result.
As an optional implementation, the determining unit 230 includes:
a first subunit 231, configured to determine whether the sky database is preset with a transmission message encryption configuration;
a second subunit 232, configured to, when it is determined that the transmission packet encryption configuration is not preset, obtain an encryption identification value of a first specified byte of a header of the target data;
the first sub-unit 231, further configured to determine whether the encrypted identifier value is a preset encrypted value;
a third sub-unit 233, configured to determine that the data packet is an encrypted packet if the predetermined encrypted value is determined; and when the data message is judged not to be the preset encryption value, determining that the data message is not the encryption message.
As an alternative embodiment, the determining unit 240 includes:
a fourth sub-unit 241, configured to obtain a message type identifier value of a second specified byte before the header of the target data; extracting a response message of a response statement from the target data according to the message type identification value;
a fifth sub-unit 242, configured to obtain a positive abnormal identification value after the target data is shifted by the first shift byte; and determining a normal response message from the target data according to the positive abnormal identification value.
As an alternative embodiment, the second obtaining unit 250 includes:
a sixth subunit 251, configured to obtain a return/impact line number identification value after the normal response packet is offset by the second offset byte; acquiring the number of return/influence lines of the normal response message after offsetting the third offset byte according to the identification value of the number of the return/influence lines;
a seventh sub-unit 252, configured to calculate a data length of a response result according to the header data length of the normal response packet; acquiring data of the response result data length after the normal response message deviates the fourth deviation byte to obtain response result data;
the eighth subunit 253 is configured to generate a parameter analysis result according to the response result data and the number of return/impact lines.
As an optional implementation, the parameter analysis apparatus based on the antenna database further includes:
the security detection unit 260 is configured to perform security detection on the parameter analysis result according to a preset database firewall security policy to obtain a detection result;
and a message processing unit 270, configured to perform passing or blocking processing on the data message according to the detection result.
In the embodiment of the application, the preset database firewall security policy comprises an anti-collision library, a dangerous operation blocking policy, a sensitive information access desensitization policy, an access return line number control policy and the like, wherein the attack terminal can be locked when the password input times reach a preset threshold value through the anti-collision library; blocking the behaviors when the dangerous behaviors such as full deletion, modification and the like are executed by applying the dangerous operation blocking strategy; the desensitization strategy can be accessed through sensitive information, different data are returned according to the authority of an accessor, real data can be seen when the authority is enough, desensitized data are returned when the authority is insufficient, and sensitive information leakage is avoided; and managing parameter analysis results according to the access return line number control strategy, so that the phenomenon that a large amount of databases are illegally exported at one time to cause large amount of data loss is avoided.
In the embodiment of the application, the parameter analysis device based on the Tianri database analyzes through the bypass, the complete analysis of the communication protocol of the Tianri database can be used for analyzing and restoring the request and responding the SQL command and the audit parameter, the accuracy of safety audit is improved, the audit difficulty is reduced, but the protection point of the scheme is not only that, any parameter analysis and restoration, replacement and content supplement of the Tianri database by using the method are all within the protection range of the scheme. Meanwhile, the two methods can be used for judging whether the data message of the Tianri database is encrypted in the transmission process or not by identifying the option mark of the Tianri official client and identifying the header mark byte of the application layer of the transmission message, if the data message is encrypted, whether the message is decrypted or analyzed is judged according to actual requirements, and parameters and commands of the Tianri database can be identified, classified and analyzed more accurately.
In this embodiment, the target data may include four message types, which are a response message for determining a database version packet, a request message for determining an execution program/tool, a request message for determining a request statement, and a response message for determining a response statement. The response packet needs to be identified from the target data according to the packet type identification value.
In the embodiment of the application, the response message of the database version packet can be analyzed, and the corresponding version number length and version number are extracted.
In the embodiment of the application, the executive program/tool request message can be analyzed, and the corresponding executive program name length and the corresponding executive program name are extracted.
In the embodiment of the application, the request message of the request statement can be analyzed, and the corresponding length of the request statement and the corresponding request statement are extracted.
In the embodiment of the application, the message of the abnormal response can be analyzed, and the corresponding error code/return code, the error information prompt length and the error information prompt data are extracted.
As an optional implementation manner, by analyzing the target data layer by layer, corresponding data information (such as a version number, an execution program name, a request statement, an error code/return code, or error information prompt data, etc.) can be extracted according to a requirement, and the data information is output for a user to browse and refer.
In the embodiment of the present application, for the explanation of the parameter analysis device based on the antenna database, reference may be made to the description in embodiment 1, and further description is not repeated in this embodiment.
It can be seen that, the parameter analysis device based on the natural Rui database described in this embodiment can completely restore the response parameters of the natural Rui database, and can avoid the situation that the parameters cannot be restored under the condition of data packet encryption, thereby implementing effective and safe database security audit.
An embodiment of the present application provides an electronic device, including a memory and a processor, where the memory is used to store a computer program, and the processor runs the computer program to make the electronic device execute the parameter parsing method based on the sky Rui database in embodiment 1 of the present application.
An embodiment of the present application provides a computer-readable storage medium, which stores computer program instructions, and when the computer program instructions are read and executed by a processor, the method for parameter resolution based on a sky Rui database in embodiment 1 of the present application is performed.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method can be implemented in other ways. The apparatus embodiments described above are merely illustrative, and for example, the flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above description is only an example of the present application and is not intended to limit the scope of the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application. It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
Claims (10)
1. A parameter analysis method based on a TianRui database is characterized by comprising the following steps:
acquiring a data message flowing to an application layer of the Tianri database, and analyzing the data message to obtain target data;
judging whether the data message is an encrypted message or not according to the target data;
if not, determining a normal response message of a response sentence from the target data;
and acquiring the return/influence line number and response result data of the normal response message to obtain a parameter analysis result.
2. The method of claim 1, wherein the determining whether the data packet is an encrypted packet according to the target data comprises:
judging whether the TianRui database is preset with transmission message encryption configuration or not;
if not, acquiring an encryption identification value of a first appointed byte of the target data head;
judging whether the encrypted identification value is a preset encrypted value or not;
if yes, determining that the data message is an encrypted message;
if not, determining that the data message is not an encrypted message.
3. The method of claim 1, wherein the determining the normal response message of the response sentence from the target data comprises:
acquiring a message type identification value of a second specified byte in front of the head of the target data;
extracting a response message of a response statement from the target data according to the message type identification value;
acquiring a positive abnormal identification value of the target data after the target data is offset by a first offset byte;
and determining a normal response message from the target data according to the positive abnormal identification value.
4. The method as claimed in claim 1, wherein the obtaining the number of return/impact lines of the normal response packet and the response result data to obtain the parameter analysis result comprises:
acquiring a return/influence line number identification value after the normal response message is offset by a second offset byte;
acquiring the number of return/influence lines of the normal response message after offsetting the third offset byte according to the identification value of the number of return/influence lines;
calculating the data length of a response result according to the data length of the head of the normal response message;
acquiring data of the response result data length after the normal response message deviates a fourth deviation byte to obtain response result data;
and generating a parameter analysis result according to the response result data and the return/influence line number.
5. The method of claim 1, wherein the method further comprises:
performing security detection on the parameter analysis result according to a preset database firewall security policy to obtain a detection result;
and performing releasing or blocking processing on the data message according to the detection result.
6. A parameter analysis device based on a Tianri database, the parameter analysis device based on the Tianri database comprising:
the first acquisition unit is used for acquiring a data message flowing to an application layer of the sky Rui database;
the analysis unit is used for analyzing the data message to obtain target data;
the judging unit is used for judging whether the data message is an encrypted message or not according to the target data;
a determining unit, configured to determine, when it is determined that the data packet is not an encrypted packet, a normal response packet of a response statement from the target data if the data packet is not an encrypted packet;
and the second acquisition unit is used for acquiring the return/influence line number and response result data of the normal response message to obtain a parameter analysis result.
7. The parameter analysis device based on the antenna database according to claim 6, wherein the determination unit comprises:
the first subunit is used for judging whether the sky Rui database is preset with transmission message encryption configuration or not;
the second subunit is configured to, when it is determined that the transmission packet encryption configuration is not preset, obtain an encryption identification value of a first specified byte of the header of the target data;
the first subunit is further configured to determine whether the encrypted identification value is a preset encrypted value;
a third sub-unit, configured to determine that the data packet is an encrypted packet if the preset encrypted value is determined; and when the data message is judged not to be the preset encryption value, determining that the data message is not the encryption message.
8. The apparatus for analyzing parameters based on a sky Rui database as claimed in claim 6, wherein the determining unit comprises:
a fourth sub-unit, configured to obtain a message type identifier value of a second specified byte before the header of the target data; extracting a response message of a response statement from the target data according to the message type identification value;
a fifth subunit, configured to obtain a positive abnormal identification value after the target data is offset by the first offset byte; and determining a normal response message from the target data according to the positive abnormal identification value.
9. An electronic device, characterized in that the electronic device comprises a memory for storing a computer program and a processor for executing the computer program to cause the electronic device to perform the method of parameter resolution based on a sky Rui database as claimed in any one of claims 1 to 5.
10. A readable storage medium, wherein computer program instructions are stored in the readable storage medium, and when the computer program instructions are read and executed by a processor, the method for parameter resolution based on a sky Rui database as claimed in any one of claims 1 to 5 is performed.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111489854.7A CN114157501B (en) | 2021-12-08 | 2021-12-08 | Parameter analysis method and device based on TianRui database |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111489854.7A CN114157501B (en) | 2021-12-08 | 2021-12-08 | Parameter analysis method and device based on TianRui database |
Publications (2)
Publication Number | Publication Date |
---|---|
CN114157501A true CN114157501A (en) | 2022-03-08 |
CN114157501B CN114157501B (en) | 2024-01-23 |
Family
ID=80453321
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202111489854.7A Active CN114157501B (en) | 2021-12-08 | 2021-12-08 | Parameter analysis method and device based on TianRui database |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114157501B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115277880A (en) * | 2022-06-17 | 2022-11-01 | 奇安信科技集团股份有限公司 | Network message analysis method and device |
CN115529110A (en) * | 2022-09-30 | 2022-12-27 | 潍柴动力股份有限公司 | Data processing method and device |
Citations (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101561806A (en) * | 2008-04-17 | 2009-10-21 | 北京启明星辰信息技术股份有限公司 | Information extraction and audit method of DB2 database operation, device and system thereof |
CN103761140A (en) * | 2013-11-29 | 2014-04-30 | 北京中启智源数字信息技术有限责任公司 | Method for implementing transaction processing in isomeric relational database |
CN105262728A (en) * | 2015-09-10 | 2016-01-20 | 北京北信源软件股份有限公司 | Control method and system for SMTP (Simple Message Transfer Protocol) non-encrypted email |
CN109639655A (en) * | 2018-11-30 | 2019-04-16 | 南京中新赛克科技有限责任公司 | A kind of intelligent depth resolution system and analytic method |
CN111177779A (en) * | 2019-12-24 | 2020-05-19 | 深圳昂楷科技有限公司 | Database auditing method, device thereof, electronic equipment and computer storage medium |
CN111209266A (en) * | 2019-12-20 | 2020-05-29 | 深圳昂楷科技有限公司 | Auditing method and device based on Redis database and electronic equipment |
CN111339552A (en) * | 2020-02-12 | 2020-06-26 | 厦门网宿有限公司 | Database access method and device |
CN111651758A (en) * | 2020-06-08 | 2020-09-11 | 成都安恒信息技术有限公司 | Method for auditing result set of relational database of operation and maintenance auditing system |
CN112463759A (en) * | 2019-09-06 | 2021-03-09 | 西安交大捷普网络科技有限公司 | Information analysis method for Gbase database audit |
CN112463824A (en) * | 2019-09-06 | 2021-03-09 | 西安交大捷普网络科技有限公司 | Analysis method of Shentong database select query result set |
CN112487483A (en) * | 2020-12-14 | 2021-03-12 | 深圳昂楷科技有限公司 | Encrypted database flow auditing method and device |
CN112769739A (en) * | 2019-11-05 | 2021-05-07 | 中国移动通信集团安徽有限公司 | Database operation violation processing method, device and equipment |
CN112769784A (en) * | 2020-12-29 | 2021-05-07 | 北京明朝万达科技股份有限公司 | Text processing method and device, computer readable storage medium and processor |
WO2021217846A1 (en) * | 2020-04-28 | 2021-11-04 | 平安国际智慧城市科技股份有限公司 | Interface data processing method and apparatus, and computer device and storage medium |
-
2021
- 2021-12-08 CN CN202111489854.7A patent/CN114157501B/en active Active
Patent Citations (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101561806A (en) * | 2008-04-17 | 2009-10-21 | 北京启明星辰信息技术股份有限公司 | Information extraction and audit method of DB2 database operation, device and system thereof |
CN103761140A (en) * | 2013-11-29 | 2014-04-30 | 北京中启智源数字信息技术有限责任公司 | Method for implementing transaction processing in isomeric relational database |
CN105262728A (en) * | 2015-09-10 | 2016-01-20 | 北京北信源软件股份有限公司 | Control method and system for SMTP (Simple Message Transfer Protocol) non-encrypted email |
CN109639655A (en) * | 2018-11-30 | 2019-04-16 | 南京中新赛克科技有限责任公司 | A kind of intelligent depth resolution system and analytic method |
CN112463824A (en) * | 2019-09-06 | 2021-03-09 | 西安交大捷普网络科技有限公司 | Analysis method of Shentong database select query result set |
CN112463759A (en) * | 2019-09-06 | 2021-03-09 | 西安交大捷普网络科技有限公司 | Information analysis method for Gbase database audit |
CN112769739A (en) * | 2019-11-05 | 2021-05-07 | 中国移动通信集团安徽有限公司 | Database operation violation processing method, device and equipment |
CN111209266A (en) * | 2019-12-20 | 2020-05-29 | 深圳昂楷科技有限公司 | Auditing method and device based on Redis database and electronic equipment |
CN111177779A (en) * | 2019-12-24 | 2020-05-19 | 深圳昂楷科技有限公司 | Database auditing method, device thereof, electronic equipment and computer storage medium |
CN111339552A (en) * | 2020-02-12 | 2020-06-26 | 厦门网宿有限公司 | Database access method and device |
WO2021217846A1 (en) * | 2020-04-28 | 2021-11-04 | 平安国际智慧城市科技股份有限公司 | Interface data processing method and apparatus, and computer device and storage medium |
CN111651758A (en) * | 2020-06-08 | 2020-09-11 | 成都安恒信息技术有限公司 | Method for auditing result set of relational database of operation and maintenance auditing system |
CN112487483A (en) * | 2020-12-14 | 2021-03-12 | 深圳昂楷科技有限公司 | Encrypted database flow auditing method and device |
CN112769784A (en) * | 2020-12-29 | 2021-05-07 | 北京明朝万达科技股份有限公司 | Text processing method and device, computer readable storage medium and processor |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115277880A (en) * | 2022-06-17 | 2022-11-01 | 奇安信科技集团股份有限公司 | Network message analysis method and device |
CN115277880B (en) * | 2022-06-17 | 2024-04-19 | 奇安信科技集团股份有限公司 | Network message analysis method and device |
CN115529110A (en) * | 2022-09-30 | 2022-12-27 | 潍柴动力股份有限公司 | Data processing method and device |
Also Published As
Publication number | Publication date |
---|---|
CN114157501B (en) | 2024-01-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107657174B (en) | Database intrusion detection method based on protocol fingerprint | |
CN114157501B (en) | Parameter analysis method and device based on TianRui database | |
CN110012005B (en) | Method and device for identifying abnormal data, electronic equipment and storage medium | |
KR101676366B1 (en) | Attacks tracking system and method for tracking malware path and behaviors for the defense against cyber attacks | |
CN108924118B (en) | Method and system for detecting database collision behavior | |
CN109344611B (en) | Application access control method, terminal equipment and medium | |
CN111641658A (en) | Request intercepting method, device, equipment and readable storage medium | |
US10505986B1 (en) | Sensor based rules for responding to malicious activity | |
CN114154990B (en) | Big data anti-attack method based on online payment and storage medium | |
CN109409113B (en) | Power grid data safety protection method and distributed power grid data safety protection system | |
CN107302586A (en) | A kind of Webshell detection methods and device, computer installation, readable storage medium storing program for executing | |
CN114154995A (en) | Abnormal payment data analysis method and system applied to big data wind control | |
CN112182604A (en) | File detection system and method | |
CN112925805A (en) | Big data intelligent analysis application method based on network security | |
CN112671801A (en) | Network security detection method and system | |
CN112714118A (en) | Network flow detection method and device | |
CN116185785A (en) | Early warning method and device for file abnormal change | |
CN109190408B (en) | Data information security processing method and system | |
CN116451071A (en) | Sample labeling method, device and readable storage medium | |
CN114969450A (en) | User behavior analysis method, device, equipment and storage medium | |
CN114186278A (en) | Database abnormal operation identification method and device and electronic equipment | |
CN112668023A (en) | Database operation security detection method and device and operation system | |
CN111934949A (en) | Safety test system based on database injection test | |
CN114760083A (en) | Method and device for issuing attack detection file and storage medium | |
CN117201190B (en) | Mail attack detection method and device, electronic equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |