CN114722387A - Database abnormal tampering detection method, device, equipment and storage medium - Google Patents

Database abnormal tampering detection method, device, equipment and storage medium Download PDF

Info

Publication number
CN114722387A
CN114722387A CN202210362974.9A CN202210362974A CN114722387A CN 114722387 A CN114722387 A CN 114722387A CN 202210362974 A CN202210362974 A CN 202210362974A CN 114722387 A CN114722387 A CN 114722387A
Authority
CN
China
Prior art keywords
transaction log
database
backup file
abstract
file
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210362974.9A
Other languages
Chinese (zh)
Inventor
孙翀
彭佳丽
雷建云
帖军
郑禄
吴立锋
莫海芳
夏昌松
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
South Central Minzu University
Original Assignee
South Central University for Nationalities
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by South Central University for Nationalities filed Critical South Central University for Nationalities
Priority to CN202210362974.9A priority Critical patent/CN114722387A/en
Publication of CN114722387A publication Critical patent/CN114722387A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operation
    • G06F11/1402Saving, restoring, recovering or retrying
    • G06F11/1446Point-in-time backing up or restoration of persistent data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/34Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
    • G06F11/3466Performance evaluation by tracing or monitoring
    • G06F11/3476Data logging
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/23Updating

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Quality & Reliability (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Databases & Information Systems (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention belongs to the field of data storage, and discloses a method, a device, equipment and a storage medium for detecting abnormal tampering of a database. The method comprises the following steps: acquiring a first transaction log abstract on a block chain at the current moment and a transaction log file in a database at the current moment; determining a second transaction log abstract corresponding to the transaction log file, and judging whether the first transaction log abstract is the same as the second transaction log abstract; if not, judging that the transaction log is tampered in the current database. According to the method and the device, whether the transaction log is tampered in the current database is judged according to the first transaction log abstract on the block chain and the second transaction log abstract corresponding to the transaction log file. Compared with the existing mode that whether the database is tampered or not can be judged only according to the data stored in the database, the mode provided by the invention can solve the problem of tampering over the transaction log.

Description

Database abnormal tampering detection method, device, equipment and storage medium
Technical Field
The invention relates to the technical field of data tamper resistance, in particular to a method, a device, equipment and a storage medium for detecting abnormal tampering of a database.
Background
A transaction log file (transaction log file) is a file which is important in ensuring the security of the database, and is a file for recording the updating condition of the database data, and each time the database updating data is updated, the change record is stored in the transaction log file. If the database is abnormally tampered, the state of a certain previous safety moment can be recovered through the transaction log file.
In recent years, researchers have conducted a great deal of research into securing the security and credibility of transaction log data. For example, a novel transaction recovery log model adopts an abstract state machine to describe log generation rules and an intrusion response model, so that successors influenced by malicious transactions can be recovered without rolling back all the transactions, and the survivability of a database system is improved. Or a scheme that can be used for recovery on user and application errors and rollback the database in time using the transaction log. The above solutions are all applications of transaction logs, but no solution is provided for the problem of whether database data is abnormally tampered.
The above is only for the purpose of assisting understanding of the technical aspects of the present invention, and does not represent an admission that the above is prior art.
Disclosure of Invention
The invention mainly aims to provide a method, a device, equipment and a storage medium for detecting abnormal tampering of a database, and aims to solve the technical problem that in the prior art, whether the database is abnormally tampered or not can only be judged according to data in the database, so that the security of the database is not high.
In order to achieve the above object, the present invention provides a method for detecting database abnormal tampering, which comprises the following steps:
acquiring a first transaction log abstract on a block chain at the current moment and a transaction log file in a database at the current moment;
determining a second transaction log abstract corresponding to the transaction log file, and judging whether the first transaction log abstract is the same as the second transaction log abstract;
if not, the current database is judged to have the tampering of the transaction log.
Optionally, after the step of determining a second transaction log summary corresponding to the transaction log file and determining whether the first transaction log summary is the same as the second transaction log summary, the method further includes:
if yes, acquiring a target backup file at a target moment, and determining a first backup file according to the target backup file and the transaction log file;
determining a second backup file corresponding to the current database at the current moment, and judging whether the first backup file is the same as the second backup file;
if not, judging that the current database has file tampering.
Optionally, if not, after the step of determining that the file tampering exists in the current database, the method further includes:
acquiring a target backup file at a target moment;
acquiring a target transaction log generated from a target moment to a current moment;
and performing data recovery on the current database according to the target backup file and the target transaction log.
Optionally, before the step of obtaining the first transaction log summary on the blockchain at the current time and the transaction log file in the database at the current time, the method further includes:
acquiring a third backup file abstract on a block chain at a target moment and a target backup file at the target moment;
determining a fourth backup file abstract corresponding to the target backup file, and judging whether the third backup file abstract is the same as the fourth backup file abstract or not;
and if so, executing the step of acquiring the first transaction log abstract on the block chain at the current moment and the transaction log file in the database at the current moment.
Optionally, before the step of obtaining the third backup file summary on the block chain at the target time and the target backup file at the target time, the method further includes:
the method comprises the steps of backing up a database to generate an initial backup file, and determining a backup file abstract of the initial backup file;
storing the backup file abstract into a preset block chain;
when a data updating request is received, data updating is carried out on the current database, and a current transaction log is generated;
and determining a current transaction log abstract of the current transaction log, and storing the current transaction log abstract into a preset block chain.
Optionally, after the step of determining a fourth backup file digest corresponding to the target backup file and determining whether the third backup file digest is the same as the fourth backup file digest, the method further includes:
and if the third backup file abstract is different from the fourth backup file abstract, judging that the current database is abnormally tampered.
Optionally, if not, after the step of determining that the transaction log of the current database is tampered with, the method further includes:
acquiring a target backup file at a target moment;
and performing data recovery on the current database according to the target backup file, the first transaction log abstract and the second transaction log abstract.
In addition, to achieve the above object, the present invention provides a database abnormal tampering detection apparatus, including:
the acquisition module is used for acquiring a first transaction log abstract on a block chain at the current moment and a transaction log file in the database at the current moment;
the judging module is used for determining a second transaction log abstract corresponding to the transaction log file and judging whether the first transaction log abstract is the same as the second transaction log abstract or not;
and the judging module is used for judging that the transaction log is tampered in the current database if the transaction log is not tampered in the current database.
In addition, in order to achieve the above object, the present invention further provides a database abnormal tampering detection device, including: a memory, a processor and a database exception tampering detection program stored on said memory and executable on said processor, said database exception tampering detection program being configured to implement the steps of the database exception tampering detection method as described above.
In addition, in order to achieve the above object, the present invention further provides a storage medium, where a database abnormal tampering detection program is stored, and the database abnormal tampering detection program, when executed by a processor, implements the steps of the database abnormal tampering detection method as described above.
The method comprises the steps of obtaining a first transaction log abstract on a block chain at the current moment and a transaction log file in a database at the current moment; determining a second transaction log abstract corresponding to the transaction log file, and judging whether the first transaction log abstract is the same as the second transaction log abstract; if not, judging that the transaction log is tampered in the current database. According to the method and the device, whether the transaction log is tampered in the current database is judged according to the first transaction log abstract on the block chain and the second transaction log abstract corresponding to the transaction log file. Compared with the existing mode that whether the database is tampered or not can be judged only according to the data stored in the database, the mode provided by the invention can solve the problem of tampering over the transaction log.
Drawings
Fig. 1 is a schematic structural diagram of a database abnormal tampering detection device of a hardware operating environment according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating a database tampering detection method according to a first embodiment of the present invention;
FIG. 3 is a flowchart illustrating a database abnormal tampering detection method according to a second embodiment of the present invention;
FIG. 4 is a block chain and database architecture diagram illustrating a database tampering detection method according to a second embodiment of the present invention;
FIG. 5 is a diagram illustrating database anomaly tampering detection according to a second embodiment of the database anomaly tampering detection method of the present invention;
fig. 6 is a block diagram illustrating a first embodiment of an apparatus for detecting database tampering abnormality according to the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Referring to fig. 1, fig. 1 is a schematic structural diagram of a database abnormal tampering detection device in a hardware operating environment according to an embodiment of the present invention.
As shown in fig. 1, the database abnormality tampering detection apparatus may include: a processor 1001, such as a Central Processing Unit (CPU), a communication bus 1002, a user interface 1003, a network interface 1004, and a memory 1005. Wherein a communication bus 1002 is used to enable connective communication between these components. The user interface 1003 may include a Display screen (Display), an input unit such as a Keyboard (Keyboard), and the optional user interface 1003 may also include a standard wired interface, a wireless interface. The network interface 1004 may optionally include a standard wired interface, a Wireless interface (e.g., a Wireless-Fidelity (WI-FI) interface). The Memory 1005 may be a high-speed Random Access Memory (RAM) or a Non-Volatile Memory (NVM), such as a disk Memory. The memory 1005 may alternatively be a storage device separate from the processor 1001 described previously.
Those skilled in the art will appreciate that the configuration shown in fig. 1 does not constitute a definition of a database anomaly tampering detection apparatus, and may include more or fewer components than those shown, or some components in combination, or a different arrangement of components.
As shown in fig. 1, a memory 1005, which is a storage medium, may include therein an operating system, a network communication module, a user interface module, and a database abnormality tampering detection program.
In the database abnormality tampering detection apparatus shown in fig. 1, the network interface 1004 is mainly used for data communication with a network server; the user interface 1003 is mainly used for data interaction with a user; the processor 1001 and the memory 1005 in the database abnormal tampering detection device of the present invention may be disposed in the database abnormal tampering detection device, and the database abnormal tampering detection device invokes, through the processor 1001, the database abnormal tampering detection program stored in the memory 1005, and executes the database abnormal tampering detection method provided in the embodiment of the present invention.
Based on the above device for detecting database abnormal tampering, an embodiment of the present invention provides a method for detecting database abnormal tampering, and referring to fig. 2, fig. 2 is a schematic flowchart of a first embodiment of the method for detecting database abnormal tampering according to the present invention.
In this embodiment, the method for detecting the database abnormal tampering includes the following steps:
step S10: and acquiring a first transaction log abstract on a block chain at the current moment and a transaction log file in the database at the current moment.
It should be noted that the execution main body of the embodiment may be a computing service device with data processing, network communication, and program running functions, such as a mobile phone, a tablet computer, a personal computer, and the like, or an electronic device or a database abnormal tampering detection device capable of implementing the above functions. The present embodiment and the following embodiments will be described below by taking the database abnormality tampering detection device as an example.
It should be noted that the first transaction log digest may be a hash value of a transaction log file generated when the database is updated from the target time to the current time. The transaction log file may be a transaction log file stored in the database from the target time to the current time. The target time may be a time at which it can be determined that the database has not been abnormally tampered with or that abnormally tampered data has been restored.
Step S20: and determining a second transaction log summary corresponding to the transaction log file, and judging whether the first transaction log summary is the same as the second transaction log summary.
It should be noted that, the hash value of the transaction log file is determined, and the hash value of the transaction log file is used as the second transaction log digest.
It should be noted that, when the current database is updated normally, the digest of the generated transaction log file, that is, the hash value corresponding to the generated transaction log file, needs to be uploaded to the block chain, and when the database is tampered maliciously, although the corresponding transaction log file is also generated, the digest of the generated transaction log file is not uploaded to the block chain for storage, so that it is possible to determine whether the transaction log is tampered in the current database according to the digest of the normal transaction log on the block chain, that is, the first transaction log digest and the second transaction log digest.
Further, in order to more accurately determine whether the database is abnormally tampered with, after the step S20, the method further includes: if yes, acquiring a target backup file at a target moment, and determining a first backup file according to the target backup file and the transaction log file; determining a second backup file corresponding to the current database at the current moment, and judging whether the first backup file is the same as the second backup file; if not, judging that the current database has file tampering.
It should be noted that the target time may be a time at which it can be determined that the database has not been abnormally tampered with or the abnormally tampered data has been restored. The target backup file may be a file generated by backing up the database at a target time. The first transaction log abstract is the same as the second transaction log abstract, so that the transaction log can be judged to be not tampered, and at the moment, the first backup file determined according to the target backup file and the transaction log file is a correct backup file which is not tampered in the database at the current moment. The second backup file is a file corresponding to actual data stored in the database at the current moment. Namely, the data in the database at the current moment is backed up to generate a backup file. And judging whether the database has abnormal file tampering according to the first backup file and the second backup file, namely the data in the database is tampered and the data is tampered beyond the transaction log file.
Further, in order to improve the data reliability of the database, after the step of determining that the file tampering exists in the current database if the file tampering does not exist in the current database, the method further includes: acquiring a target backup file at a target moment; acquiring a target transaction log generated from a target moment to a current moment; and performing data recovery on the current database according to the target backup file and the target transaction log.
It should be noted that the target backup file is a file generated by backing up the database at the target time. The target transaction log may be a transaction log generated from a target time to a current time. Because the transaction log file is not tampered, data recovery can be carried out on the current database according to the target transaction log and the target backup file.
Step S30: if not, the current database is judged to have the tampering of the transaction log.
It should be noted that, if the first transaction log digest is different from the second transaction log digest, it indicates that the transaction log of the current database is changed, that is, it can be determined that the transaction log file is changed due to tampering of the data in the database.
Further, in order to improve the data reliability of the database, after the step S30, the method further includes: acquiring a target backup file at a target moment; and performing data recovery on the current database according to the target backup file, the first transaction log abstract and the second transaction log abstract.
It should be noted that the first transaction log summary and the second transaction log summary each include a plurality of transaction logs, and the first transaction log summary includes a summary generated by a transaction log file corresponding to normal database update. And the second transaction log abstract comprises an abstract generated by a transaction log file corresponding to normal updating of the database and a transaction log file abstract corresponding to malicious tampering of the database, so that only the transaction log file corresponding to the same abstract in the first transaction log abstract and the second transaction log abstract needs to be obtained, and data recovery is performed on the current database according to the transaction log file corresponding to the same abstract and the target backup file at the target moment.
The embodiment acquires a first transaction log abstract on a block chain at the current moment and a transaction log file in a database at the current moment; determining a second transaction log abstract corresponding to the transaction log file, and judging whether the first transaction log abstract is the same as the second transaction log abstract or not; if not, judging that the transaction log is tampered in the current database. In this embodiment, whether the transaction log is tampered exists in the current database is determined according to the first transaction log digest and the second transaction log digest corresponding to the transaction log file in the block chain. Compared with the existing mode that whether the database is tampered can only be judged according to the data stored in the database, the method can solve the problem of tampering over the transaction log.
Referring to fig. 3, fig. 3 is a flowchart illustrating a database tampering detection method according to a second embodiment of the present invention.
Based on the first embodiment, in this embodiment, before the step S10, the method further includes:
step S01: and acquiring a third backup file abstract on the block chain at the target moment and the target backup file at the target moment.
It should be noted that the third digest of the backup file may be a digest of a backup file generated by performing a backup operation on the database at the target time. And storing the generated hash value of the backup file to a preset block chain to obtain the third backup file abstract. The target backup file may be a backup file generated by performing a backup operation on the database at a target time.
Step S02: and determining a fourth backup file abstract corresponding to the target backup file, and judging whether the third backup file abstract is the same as the fourth backup file abstract.
It should be noted that the determining of the fourth backup file digest corresponding to the target backup file may be calculating a hash value of the target backup file, and using the calculated hash value as the fourth backup file digest.
Step S03: and if so, executing the step of acquiring the first transaction log abstract on the block chain at the current moment and the transaction log file in the database at the current moment.
It should be noted that, if the third backup file digest is the same as the fourth backup file digest, it indicates that the data in the database at the target time has not been abnormally tampered with, and at this time, the data in the database at the current time may be recovered through the backup file at the target time. The target time is earlier than the current time. And if the third backup file abstract and the fourth backup file abstract at the target moment are different, judging that the data in the database is tampered at the target moment, and at the moment, performing data recovery operation on the database according to the backup file and the transaction log at the target moment. However, the target time may be the current time, and the time at which it can be determined that the database data is normal or the time at which the data recovery operation has been performed may be the target time to perform data recovery on the database, and the recovery step may refer to the foregoing embodiments, which are not limited herein.
In the implementation, as shown in fig. 4, fig. 4 is a schematic diagram of a block chain and a database architecture of a second embodiment of the database abnormal tampering detection method of the present invention. The down-link database in fig. 4 is a MYSQL database, but may be other databases. On the chain is a hyper-hedgehog fabric block chain network, which comprises a peer node and an order node. And at the time t1, the database is backed up to generate a backup file, and a message digest value of the backup file is calculated and sent to the peer node for uplink operation. In the time period from t1 to t2, data is stored in a database, and a message digest value is calculated by a transaction log file generated in the process and stored in any node in the block chain. With specific reference to the following algorithm:
t1 time
if data==t1backupFile then
Hx=hash(t1backupFile);
putBLK(Hx);
return true;
end if
t1 time-t2 time
if data==databasedata then
putDB(data);
return true;
end if
if data==logs then
Hx=hash(logs)
putBLK(Hx)
return true;
end if
return false
wherein, the algorithm is as follows: t1 background file the
Hx=hash(t1backupFile);
putBLK(Hx);
return true; namely, at the time t1, chaining the message digest value of the backup file t1backup file at the time t1 by using a putBLK method;
the algorithm is as follows: if data is data of the
putDB(data);
return true; that is, in the time period from t1 to t2, the user stores the data databasedata in the database by using the putDB method;
the algorithm is as follows: if data is logs the n
Hx=hash(logs)
putBLK(Hx)
return true; i.e., during the time period t1 to t2, the transaction log logs digest value are linked.
Further, the data is verified, specifically referring to the following algorithm:
B=Hash(t1backupFile);
Hx1=GetState(t1backupFile);
L=Hash(logs);
Hx2=GetState(logs)
if B!=Hx1 then
return t1backupFile Tamper;
else if L!=Hx2 then
return logs Tamper;
else if t2backupFile!=t1calculatebackupFile then
return overLogTamper;
end if
return no tamper;
wherein, the algorithm B is Hash (t1backup file);
Hx1=GetState(t1backupFile);
L=Hash(logs);
hx2 ═ getstate (logs); acquiring a backup file abstract value at a time t 1; acquiring a summary value of a backup file at t1 on a chain by a GetState method; calculating the summary value of log files in the time period from t1 to t2 under the link; and acquiring the summary value of the log files in the time period from t1 to t2 on the chain by a GetState method.
Algorithm if B! Hx1 then
return t1backup File pointer; judging whether the backup file is tampered at the moment t 1;
the algorithm is as follows: else if L! Hx2 then
return logs pointer; judging whether malicious operations recorded on the log file exist or not;
the algorithm is as follows: else if t2backup file! T1 calcalatebackupfile the n
return overlogpointer; and judging whether malicious operations for tampering the database beyond the log file exist.
Specifically, referring to fig. 5, fig. 5 is a schematic diagram illustrating abnormal database tampering detection according to a second embodiment of the method for detecting abnormal database tampering according to the present invention; (1) the message digest value of the backup file at time t1 is calculated and compared with the message digest value at time t1 on the chain. If the two abstract values are not equal, the backup file is maliciously tampered at the time t 1; if the two digest values are equal, the backup file is not tampered at the time t1, and the next verification step can be performed;
(2) the message digest values of each transaction log file for the time periods t1 through t2 are calculated in the order of generation and compared with the message digest values of the transaction log files stored on the chain in turn. If the digest values of a certain pair of transaction logs are not equal, the data are maliciously tampered, and the maliciousness operation is recorded on the transaction log file; if the digest values are equal, no malicious operation may exist from time t1 to time t2, and a third verification step is performed;
(3) and calculating the database backup file at the time t2 by using the backup file at the time t1 and all the transaction log files at the time t1 to t2, and comparing the calculated backup file with the actual backup file of the database at the time t 2. If the database operations recorded by the two backup files are not equal, the data from t1 to t2 are tampered, and malicious operations cross the transaction log file to tamper the database; if the recorded operations of the two backup files are the same, all the data of the database are not tampered with in the time period from t1 to t 2.
After the abnormal tampering detection of the database is performed, data recovery is performed on the database according to the detection result, and the following algorithm can be specifically referred to:
if validation==t1backupFileTamper then
return Unable to recover
else if validation==logTamper then
recover(t1backupFile,partiaILogs);
return succeeds;
else if validation==overLogTamper then
recover(t1backupFile,logs);
return succeeds;
end if
return fails;
wherein, the algorithm if identification ═ t1 back-up FileTamper the n
When the return unscable to receiver indicates that the backup file is tampered at the time t1 as a verification result, the return cannot restore the backup file. Algorithm else if evaluation ═ logTamper then
recover(t1backupFile,partiaILogs);
return succeeds; if the verification result is that the log is tampered, the database is restored by the backup file and the partial log file at the time t1, and success is returned.
The algorithm else if evaluation ═ over LogTamperthe then
recover(t1backupFile,logs);
return succeeds;
end if
return failures; if the verification result indicates that the log is tampered, the backup file and all log files are restored at time t1, and success is returned.
The embodiment acquires a third backup file abstract on a block chain at a target moment and a target backup file at the target moment; determining a fourth backup file abstract corresponding to the target backup file, and judging whether the third backup file abstract is the same as the fourth backup file abstract or not; and if so, executing the step of acquiring the first transaction log abstract on the block chain at the current moment and the transaction log file in the database at the current moment. The embodiment stores the data in the database, and the data abstract value is stored on the blockchain, thereby increasing the system throughput and reducing the storage pressure of the blockchain. And whether the transaction log is tampered is verified, so that whether the database data is tampered is deduced, and the safety of the system is improved.
Referring to fig. 6, fig. 6 is a block diagram illustrating a first embodiment of the database tampering detection apparatus according to the present invention.
As shown in fig. 6, the database abnormal tampering detection apparatus according to the embodiment of the present invention includes:
an obtaining module 10, configured to obtain a first transaction log summary on a block chain at a current time and a transaction log file in the database at the current time;
a determining module 20, configured to determine a second transaction log summary corresponding to the transaction log file, and determine whether the first transaction log summary is the same as the second transaction log summary;
and the judging module 30 is used for judging that the transaction log of the current database is tampered if the transaction log is not tampered.
The embodiment acquires a first transaction log abstract on a block chain at the current moment and a transaction log file in a database at the current moment; determining a second transaction log abstract corresponding to the transaction log file, and judging whether the first transaction log abstract is the same as the second transaction log abstract or not; if not, the current database is judged to have the tampering of the transaction log. In this embodiment, whether the transaction log is tampered in the current database is determined according to the first transaction log digest on the blockchain and the second transaction log digest corresponding to the transaction log file. Compared with the existing mode that whether the database is tampered can only be judged according to the data stored in the database, the method can solve the problem of tampering over the transaction log.
It should be noted that the above-described work flows are only exemplary, and do not limit the scope of the present invention, and in practical applications, a person skilled in the art may select some or all of them to achieve the purpose of the solution of the embodiment according to actual needs, and the present invention is not limited herein.
In addition, the technical details that are not described in detail in this embodiment may refer to the database exception tampering detection method provided in any embodiment of the present invention, and are not described herein again.
Based on the first embodiment of the database abnormal tampering detection device of the present invention, a second embodiment of the database abnormal tampering detection device of the present invention is provided.
In this embodiment, the determining module 20 is further configured to, if the first transaction log summary is the same as the second transaction log summary, obtain a target backup file at a target time, and determine a first backup file according to the target backup file and the transaction log file; determining a second backup file corresponding to the current database at the current moment, and judging whether the first backup file is the same as the second backup file; if not, judging that the current database has file tampering.
Further, the determining module 20 is further configured to obtain a target backup file at a target time; acquiring a target transaction log generated from a target moment to a current moment; and performing data recovery on the current database according to the target backup file and the target transaction log.
Further, the obtaining module 10 is further configured to obtain a third backup file summary on the block chain at the target time and the target backup file at the target time; determining a fourth backup file abstract corresponding to the target backup file, and judging whether the third backup file abstract is the same as the fourth backup file abstract or not; and if so, executing the step of acquiring the first transaction log abstract on the block chain at the current moment and the transaction log file in the database at the current moment.
Further, the obtaining module 10 is further configured to backup a database to generate an initial backup file, and determine a summary of the initial backup file; storing the backup file abstract into a preset block chain; when a data updating request is received, data updating is carried out on the current database, and a current transaction log is generated; and determining a current transaction log abstract of the current transaction log, and storing the current transaction log abstract into a preset block chain.
Further, the obtaining module 10 is further configured to determine that the current database is abnormally tampered with if the third backup file digest is different from the fourth backup file digest.
Further, the determining module 30 is further configured to obtain a target backup file at a target time; and performing data recovery on the current database according to the target backup file, the first transaction log abstract and the second transaction log abstract.
Other embodiments or specific implementation manners of the database anomaly tampering detection device of the present invention may refer to the above method embodiments, and are not described herein again.
In addition, an embodiment of the present invention further provides a storage medium, where a database abnormal tampering detection program is stored on the storage medium, and when the database abnormal tampering detection program is executed by a processor, the steps of the database abnormal tampering detection method described above are implemented.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present invention or portions thereof contributing to the prior art may be embodied in the form of a software product, where the computer software product is stored in a storage medium (such as a rom/ram, a magnetic disk, and an optical disk), and includes several instructions for enabling a terminal device (such as a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.

Claims (10)

1. A database abnormal tampering detection method is characterized by comprising the following steps:
acquiring a first transaction log abstract on a block chain at the current moment and a transaction log file in a database at the current moment;
determining a second transaction log abstract corresponding to the transaction log file, and judging whether the first transaction log abstract is the same as the second transaction log abstract;
if not, the current database is judged to have the tampering of the transaction log.
2. The method for detecting database abnormal tampering as claimed in claim 1, wherein after the step of determining the second transaction log digest corresponding to the transaction log file and determining whether the first transaction log digest is the same as the second transaction log digest, the method further comprises:
if yes, acquiring a target backup file at a target moment, and determining a first backup file according to the target backup file and the transaction log file;
determining a second backup file corresponding to the current database at the current moment, and judging whether the first backup file is the same as the second backup file;
if not, judging that the current database has file tampering.
3. The database abnormal tampering detection method according to claim 2, wherein after the step of determining that the file tampering exists in the current database if the file tampering does not exist in the current database, the method further comprises:
acquiring a target backup file at a target moment;
acquiring a target transaction log generated from a target moment to a current moment;
and performing data recovery on the current database according to the target backup file and the target transaction log.
4. The method for detecting database abnormal tampering as claimed in claim 1, wherein the step of obtaining the first transaction log digest on the blockchain at the current time and the transaction log file in the database at the current time is preceded by the steps of:
acquiring a third backup file abstract on a block chain at a target moment and a target backup file at the target moment;
determining a fourth backup file abstract corresponding to the target backup file, and judging whether the third backup file abstract is the same as the fourth backup file abstract or not;
and if so, executing the step of acquiring the first transaction log abstract on the block chain at the current moment and the transaction log file in the database at the current moment.
5. The database anomaly tampering detection method according to claim 4, wherein before the step of obtaining the third backup file digest on the blockchain at the target time and the target backup file at the target time, the method further comprises:
the method comprises the steps of backing up a database to generate an initial backup file, and determining a backup file abstract of the initial backup file;
storing the backup file abstract into a preset block chain;
when a data updating request is received, data updating is carried out on the current database, and a current transaction log is generated;
and determining a current transaction log abstract of the current transaction log, and storing the current transaction log abstract into a preset block chain.
6. The method for detecting database abnormal tampering as claimed in claim 4, wherein after the step of determining the fourth backup file digest corresponding to the target backup file and determining whether the third backup file digest is the same as the fourth backup file digest, the method further comprises:
and if the third backup file abstract is different from the fourth backup file abstract, judging that the current database is abnormally tampered.
7. The database abnormal tampering detection method according to any one of claims 1 to 6, wherein after the step of determining that there is a tampering of the transaction log in the current database if no, the method further comprises:
acquiring a target backup file at a target moment;
and performing data recovery on the current database according to the target backup file, the first transaction log abstract and the second transaction log abstract.
8. A database abnormal tampering detection apparatus, characterized by comprising:
the acquisition module is used for acquiring a first transaction log abstract on a block chain at the current moment and a transaction log file in the database at the current moment;
the judging module is used for determining a second transaction log abstract corresponding to the transaction log file and judging whether the first transaction log abstract is the same as the second transaction log abstract or not;
and the judging module is used for judging that the transaction log is tampered in the current database if the transaction log is not tampered in the current database.
9. A database anomaly tampering detection device, the device comprising: a memory, a processor and a database exception tampering detection program stored on the memory and executable on the processor, the database exception tampering detection program being configured to implement the steps of the database exception tampering detection method of any of claims 1 to 7.
10. A storage medium having stored thereon a database abnormal tampering detection program, the database abnormal tampering detection program when executed by a processor implementing the steps of the database abnormal tampering detection method according to any one of claims 1 to 7.
CN202210362974.9A 2022-04-02 2022-04-02 Database abnormal tampering detection method, device, equipment and storage medium Pending CN114722387A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210362974.9A CN114722387A (en) 2022-04-02 2022-04-02 Database abnormal tampering detection method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210362974.9A CN114722387A (en) 2022-04-02 2022-04-02 Database abnormal tampering detection method, device, equipment and storage medium

Publications (1)

Publication Number Publication Date
CN114722387A true CN114722387A (en) 2022-07-08

Family

ID=82241308

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210362974.9A Pending CN114722387A (en) 2022-04-02 2022-04-02 Database abnormal tampering detection method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN114722387A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115766166A (en) * 2022-11-08 2023-03-07 鼎铉商用密码测评技术(深圳)有限公司 Log processing method, log processing device and storage medium
CN117472868A (en) * 2023-09-18 2024-01-30 北京景安云信科技有限公司 Method for realizing log integrity assurance based on HMAC algorithm

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115766166A (en) * 2022-11-08 2023-03-07 鼎铉商用密码测评技术(深圳)有限公司 Log processing method, log processing device and storage medium
CN115766166B (en) * 2022-11-08 2023-09-19 鼎铉商用密码测评技术(深圳)有限公司 Log processing method, device and storage medium
CN117472868A (en) * 2023-09-18 2024-01-30 北京景安云信科技有限公司 Method for realizing log integrity assurance based on HMAC algorithm
CN117472868B (en) * 2023-09-18 2024-04-19 北京景安云信科技有限公司 Method for realizing log integrity assurance based on HMAC algorithm

Similar Documents

Publication Publication Date Title
CN114722387A (en) Database abnormal tampering detection method, device, equipment and storage medium
US8997253B2 (en) Method and system for preventing browser-based abuse
CN112035472B (en) Data processing method, device, computer equipment and storage medium
WO2019236321A1 (en) Tracking and recovering transactions performed across multiple applications
CN110647750B (en) File integrity measurement method and device, terminal and security management center
CN109815697B (en) Method and device for processing false alarm behavior
CN111431726A (en) Algorithm authorization method, device, computer equipment and storage medium
CN110457953B (en) Method and device for detecting integrity of file
CN117391099B (en) Data downloading and checking method and system for smart card and storage medium
CN106682512B (en) Method, device and system for preventing program from being modified
CN112579330B (en) Processing method, device and equipment for abnormal data of operating system
CN117499412A (en) Cluster optimization processing method based on high-availability link and related equipment thereof
CN112713996A (en) Fault verification method based on block chain, server and terminal
CN111931192A (en) rootkit detection method and device and electronic equipment
CN112765588B (en) Identity recognition method and device, electronic equipment and storage medium
CN114091017A (en) Computer software defense method and device, computer equipment and storage medium
CN112054927B (en) Anti-tampering website updating method and device based on fingerprint verification and electronic equipment
CN113918384A (en) Data saving method, device, equipment and storage medium
CN114398994A (en) Method, device, equipment and medium for detecting business abnormity based on image identification
CN109740386B (en) Method and device for detecting static resource file
US11392952B2 (en) Fraud detection system, method, and non-temporary computer readable storage medium
CN110572371A (en) identity uniqueness check control method based on HTML5 local storage mechanism
CN109753799B (en) Tamper-proofing method and system for Android application program and computer storage medium
CN116418655B (en) TBOX fault repairing method and system
US10063348B2 (en) Retransmission data processing device, retransmission data communication device, retransmission data communication system, retransmission data processing method, retransmission data communication method, and non-transitory computer readable medium for detecting abnormality by comparing retransmission data to transmission data

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination