CN114756902A - Security audit method and device for efficient trusted structured database - Google Patents
Security audit method and device for efficient trusted structured database Download PDFInfo
- Publication number
- CN114756902A CN114756902A CN202210377030.9A CN202210377030A CN114756902A CN 114756902 A CN114756902 A CN 114756902A CN 202210377030 A CN202210377030 A CN 202210377030A CN 114756902 A CN114756902 A CN 114756902A
- Authority
- CN
- China
- Prior art keywords
- block chain
- log file
- information
- transaction
- security audit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012550 audit Methods 0.000 title claims abstract description 42
- 238000000034 method Methods 0.000 title claims abstract description 33
- 238000013507 mapping Methods 0.000 claims abstract description 25
- 230000006399 behavior Effects 0.000 abstract description 61
- 230000000694 effects Effects 0.000 abstract description 8
- 238000004458 analytical method Methods 0.000 description 4
- 238000004364 calculation method Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 230000006872 improvement Effects 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 238000004806 packaging method and process Methods 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000004804 winding Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/23—Updating
- G06F16/2358—Change logging, detection, and notification
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2151—Time stamp
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Data Mining & Analysis (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- Storage Device Security (AREA)
Abstract
The application discloses a security audit method and device for a high-efficiency credible structured database. The method comprises the following steps: collecting log files in a non-invasive self-defined configuration mode; calculating the abstract value of the operation behavior record in the log file by using an abstract algorithm, and constructing a block chain transaction; and describing and configuring the block chain transaction, and establishing a multi-element set mapping relation. The method and the device solve the technical problem that the audit result is not credible due to the fact that the operation behavior record is erased randomly; the audit indexes can be acquired by self-defining configuration of the operation records of the structured database through the information display, the behavior mapper and the chain querier, so that malicious operation behaviors can be efficiently and accurately positioned; and generating log files and display effects which are uniform in format, strong in readability and capable of being configured in a user-defined mode from multiple log formats of the database by configuring a collecting plug-in and an information displayer according to the requirements of behavior operation audit indexes.
Description
Technical Field
The application relates to the field of databases, in particular to a security audit method and a security audit device for a high-efficiency trusted structured database.
Background
The inventor finds that with the continuous improvement of I T information systems, the amount of logs generated by a structured database is becoming huge, but the log contents have the risk of tampering the log file contents, lack of operation fingerprints and the situation of randomly erasing operation behavior records, so that the audit result is not credible.
Aiming at the problem that the audit result is not reliable due to the fact that operation behavior records are erased randomly in the related technology, an effective solution is not provided at present.
Disclosure of Invention
The application mainly aims to provide a security audit method and a security audit device for a high-efficiency credible structured database, so as to solve the problem that an audit result is not credible due to the fact that operation behavior records are erased randomly.
In order to achieve the aim, according to one aspect of the application, a security auditing method for an efficient trusted structured database is provided.
The security auditing method of the high-efficiency credible structured database comprises the following steps: collecting log files in a non-invasive and user-defined configuration mode; calculating the abstract value of the operation behavior record in the log file by using an abstract algorithm, and constructing a block chain transaction; and describing and configuring the block chain transaction, and establishing a multi-element set mapping relation.
Further, the describing and configuring the block chain transaction, and after establishing the multi-element set mapping relationship, the method further includes: sending out query information; matching a search result corresponding to the query information based on a preset multi-element set mapping relation; judging whether a corresponding first block chain transaction stored in a block chain network account book exists or not according to the search result; if so, then an anti-sequence decode and expose operation is performed on the first blockchain transaction.
Further, before collecting the log file in a non-intrusive self-defined configurable manner, the method further includes: and configuring the operation information of the database in a non-embedded self-defined configuration mode and generating a log file with a uniform format.
Further, after the log file is collected in a non-invasive self-defined configuration mode, a summary value of an operation behavior record in the log file is calculated by a summary algorithm, and the method further comprises the following steps before the block chain transaction is constructed: and delivering the log file to a message queue center.
Further, performing the anti-sequence decoding and exposing operation on the first blockchain transaction comprises: performing reverse sequence decoding on the first block chain transaction to obtain a second block chain transaction; the second blockchain transaction is exposed in the form of custom configuration information.
In order to achieve the above purpose, according to another aspect of the present application, a security audit device for an efficient trusted structured database is provided.
According to the application, the security audit device of the high-efficiency credible structured database comprises: the acquisition gateway is used for acquiring the log files in a non-invasive self-defined configuration mode; the chain weight determiner is used for calculating the abstract value of the operation behavior record in the log file by using an abstract algorithm and constructing a block chain transaction; and the behavior mapper is used for describing and configuring the block chain transaction and establishing a multi-element set mapping relation.
Further, the method also comprises the following steps: the information display device is used for sending out query information; the behavior retriever is used for matching a search result corresponding to the query information based on a preset multi-element set mapping relation; the chain querier is used for judging whether a corresponding first block chain transaction stored in a block chain network account book exists or not according to the search result; if so, performing anti-sequence decoding on the first blockchain transaction, and returning a decoding result to the information displayer for displaying.
Further, it is characterized by also comprising: and the acquisition plug-in is used for configuring the operation information of the database in a non-embedded self-defined configuration mode and generating a log file with a uniform format to the acquisition gateway.
Further, the method also comprises the following steps: and the message queue center is used for receiving the log file for collecting the plug-in delivery.
Further, the chain querier further comprises: performing reverse sequence decoding on the first block chain transaction to obtain a second block chain transaction; the information presenter further comprises: the second blockchain transaction is exposed in the form of custom configuration information.
In the embodiment of the application, a mode of combining audit and a block chain is adopted, and a non-invasive self-defined configuration mode is adopted to collect log files; calculating the abstract value of the operation behavior record in the log file by using an abstract algorithm, and constructing a block chain transaction; describing and configuring the block chain transaction, and establishing a multi-element set mapping relation; the purpose of fingerprint locking of the operation record behavior data of the structured database is achieved, so that the situation that the operation record is erased at will is avoided, the technical effect of credibility of the audit result is guaranteed, and the technical problem that the audit result is unreliable due to the situation that the operation record is erased at will is solved.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this application, are included to provide a further understanding of the application and to enable other features, objects, and advantages of the application to be more apparent. The drawings and their description illustrate the embodiments of the invention and do not limit it. In the drawings:
FIG. 1 is a schematic flowchart of a security auditing method for a high-efficiency trusted structured database according to an embodiment of the application;
FIG. 2 is a flowchart illustrating a method for security auditing of a high-efficiency trusted structured database, in accordance with a preferred embodiment of the present application;
FIG. 3 is a schematic structural diagram of a security audit device of an efficient trusted structured database according to an embodiment of the application;
fig. 4 is a schematic structural diagram of a security audit device of a high-efficiency trusted structured database according to a preferred embodiment of the present application.
Detailed Description
In order to make the technical solutions better understood by those skilled in the art, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only partial embodiments of the present application, but not all embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present application without making any creative effort shall fall within the protection scope of the present application.
It should be noted that the terms "first," "second," and the like in the description and claims of this application and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It should be understood that the data so used may be interchanged under appropriate circumstances such that embodiments of the application described herein may be used. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
In this application, the terms "upper", "lower", "left", "right", "front", "rear", "top", "bottom", "inner", "outer", "middle", "vertical", "horizontal", "lateral", "longitudinal", and the like indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings. These terms are used primarily to better describe the invention and its embodiments and are not intended to limit the indicated devices, elements or components to a particular orientation or to be constructed and operated in a particular orientation.
Moreover, some of the above terms may be used to indicate other meanings besides the orientation or positional relationship, for example, the term "on" may also be used to indicate some kind of attachment or connection relationship in some cases. The specific meanings of these terms in the present invention can be understood by those skilled in the art as appropriate.
Furthermore, the terms "mounted," "disposed," "provided," "connected," and "sleeved" are to be construed broadly. For example, it may be a fixed connection, a removable connection, or a unitary construction; can be a mechanical connection, or an electrical connection; may be directly connected, or indirectly connected through intervening media, or may be in internal communication between two devices, elements or components. The specific meanings of the above terms in the present invention can be understood by those of ordinary skill in the art according to specific situations.
It should be noted that, in the present application, the embodiments and features of the embodiments may be combined with each other without conflict. The present application will be described in detail below with reference to the embodiments with reference to the attached drawings.
According to an embodiment of the present invention, a security audit method for an efficient trusted structured database is provided, as shown in fig. 1, the method includes the following steps S101 to S103:
s101, collecting a log file in a non-invasive self-defined configuration mode;
step S401, delivering the log file to a message queue center;
the real-time acquisition gateway adopts a non-invasive customizable configuration mode to acquire the generated log files in a line-by-line or multi-line combination mode and delivers the acquired data to a message queue center.
In this embodiment, the real-time acquisition gateway: configuring a sample, a collection path, a line-by-line mode/multi-line mode, an analysis method and an analysis expression of a log file. And packaging and delivering the acquired information to a message queue center.
Step S102, calculating a summary value of an operation behavior record in a log file by using a summary algorithm, and constructing a block chain transaction;
the chain authority determiner records the operation behavior record in the log file, calculates the summary algorithm to form a summary value, constructs a block chain transaction T, and asynchronously links the uplink:
record→T=(D’,record,h(record)),
Wherein h represents a summarization algorithm; d' represents the time stamp of the current uplink.
In this embodiment, the block chain authorizer: and performing summary algorithm calculation (Hash) on each record in the log file to form a summary value, constructing a block chain transaction, and issuing the block chain transaction to a specified account of the block chain network in an asynchronous mode. Ensuring that the record is not maliciously modified.
And fingerprint locking is carried out on the operation record behavior data of the structured database through the block chain authority confirming device, so that the operation record is prevented from being maliciously tampered, and credible evidence guarantee is provided for auditing.
And step S103, describing and configuring the block chain transaction, and establishing a multi-element set mapping relation.
The behavior mapper describes and configures T, and establishes a multi-element set mapping relation:
(h,PubKey,Memo,...),
wherein h represents an abstract value of the operation record, RubKey represents an account address (an example is an account address) opened by the database example on the block chain network, and Memo represents the description information and includes: instance name, table name, operation type, timestamp, IP address, etc.
From the above description, it can be seen that the present invention achieves the following technical effects:
in the embodiment of the application, a mode of combining audit and a block chain is adopted, and a non-invasive self-defined configuration mode is adopted to collect log files; calculating the abstract value of the operation behavior record in the log file by using an abstract algorithm, and constructing a block chain transaction; describing and configuring the block chain transaction, and establishing a multi-element set mapping relation; the purpose of fingerprint locking of the operation record behavior data of the structured database is achieved, so that the situation that the operation record is erased at will is avoided, the technical effect of credibility of the audit result is guaranteed, and the technical problem that the audit result is unreliable due to the situation that the operation record is erased at will is solved.
According to the embodiment of the present invention, preferably, as shown in fig. 2, after the description configuration is performed on the block chain transaction and the multi-element set mapping relationship is established, the method further includes:
step S201, sending out query information;
the user can input the keyword query in the description information Memo through the information displayer, and the information displayer wants to initiate a request to the retriever so as to provide corresponding keywords for subsequent matching search.
In this embodiment, the behavior presenter: according to the retrieval result, behavior operation index display can be configured in a user-defined mode, and query information (namely description information) can be input.
Step S202, matching a search result corresponding to query information based on a preset multi-element set mapping relation;
and the behavior retriever calls a behavior mapper, and performs matching query on the description information { MEMo } data set according to a preset multi-element set mapping relation to obtain a search result (h, PubKey, MEMo.), wherein h in the search result is an abstract value, PubKey is an account address, and MEMo is description information.
In this embodiment, the behavior mapper: and establishing a mapping relation aiming at the record information in the log file, the recorded abstract value, the account address on the block chain network and the description information of the behavior record.
In this embodiment, the behavior retriever: and searching and querying through the keywords of the readable information, and calling a block chain querier for data abstract values to compare with the searched results.
Step S203, judging whether a corresponding first block chain transaction stored in a block chain network account book exists or not according to the search result;
and step S204, if the transaction exists, performing anti-sequence decoding and displaying operation on the first block chain transaction.
According to the embodiment of the present invention, preferably, the performing of the anti-sequence decoding and exposing operation on the first blockchain transaction includes:
performing reverse sequence decoding on the first block chain transaction to obtain a second block chain transaction;
the second blockchain transaction is exposed in the form of custom configuration information.
The behavior retriever calls a chain querier to inquire a corresponding first block chain transaction T stored in a block chain network account book according to the abstract value h and the PubKey account address in the search result, and if the first block chain transaction T exists, deserializing and decoding are carried out to obtain: t 'is returned to the information presenter, str (json. umarshal ([ ] byte (T)), and if T' does not exist, it is returned directly.
In this embodiment, the chain querier: and providing an efficient cache mechanism, efficiently inquiring the digest value of the specified record, comparing the digest value with the digest value of the record in the log file, and if the digest values are the same, returning the record details to the information displayer for displaying. Otherwise, the stored behavior record is maliciously tampered.
In conclusion, the audit indexes can be acquired by self-defining configuration of the operation records of the structured database through the information display device and the behavior mapper in combination with the chain querier, so that malicious operation behaviors can be efficiently and accurately positioned.
According to the embodiment of the present invention, as shown in fig. 2, before collecting the log file in a non-intrusive customizable configurable manner, the method further includes:
and configuring the operation information of the database in a non-embedded self-defined configuration mode, and generating a log file with a uniform format.
Step S301, configuring operation information of a database in a non-embedded self-defined configuration mode, and generating log files with a uniform format;
the acquisition plug-in adopts a non-embedded self-defined configuration mode, and configures the operation information of the database according to the database instance name, the table name, the operation type, the date and the like to generate log files with a uniform format:
F=∑(record,...),
single record in log file:
record=(D,DBname,Tname,User,SourceIP,Op,...),
wherein D represents a timestamp of behavior operation, DBname represents a database instance name, Tname represents an instance table name, User represents a behavior operator, SourceIP represents a client IP of the operator, and Op represents operation behavior.
In this example, plug-ins are collected: and generating a log file in a unified standard format by adopting a non-embedded self-defined configuration mode and the auditable operation behavior indexes of the database.
The log files and the display effect which are in a uniform format, strong in readability and capable of being configured in a user-defined mode are generated in various log formats of the database according to the requirements of behavior operation audit indexes through the configuration acquisition plug-in and the information displayer.
It should be noted that the steps illustrated in the flowcharts of the figures may be performed in a computer system such as a set of computer-executable instructions and that, although a logical order is illustrated in the flowcharts, in some cases, the steps illustrated or described may be performed in an order different than presented herein.
According to an embodiment of the present invention, there is further provided an apparatus for implementing the security audit method for an efficient trusted structured database, as shown in fig. 3, the apparatus includes:
the acquisition gateway 10 is used for acquiring the log file in a non-invasive self-defined configuration mode;
the message queue center is used for receiving log files for collecting plug-in delivery;
the real-time acquisition gateway adopts a non-invasive customizable configuration mode to acquire the generated log files in a line-by-line or multi-line combination mode and delivers the acquired data to a message queue center.
In this embodiment, the real-time acquisition gateway: configuring a sample, a collection path, a line-by-line mode/multi-line mode, an analysis method and an analysis expression of a log file. And packaging and delivering the acquired information to a message queue center.
The chain authority determiner 20 is configured to calculate a digest value of an operation behavior record in the log file by using a digest algorithm, and construct a block chain transaction;
the chain authority determiner records the operation behavior in the log file into record, performs summary algorithm calculation to form a summary value, constructs a block chain transaction T, and the T is used for asynchronously winding the chain:
record→T=(D’,record,h(record)),
wherein h represents a summarization algorithm; d' represents the time stamp of the current uplink.
In this embodiment, the block chain authorizer: and (3) performing summary algorithm calculation (Hash) on each record in the log file to form a summary value, then constructing a block chain transaction, and issuing the block chain transaction to a specified account of the block chain network in an asynchronous mode. Ensuring that the record is not maliciously modified.
The fingerprint locking is carried out on the operation record behavior data of the structured database through the block chain authority confirming device, malicious tampering of the operation record is prevented, credible evidence guarantee is provided for auditing, and credible and traceable auditing indexes are guaranteed without malicious tampering.
And the behavior mapper 30 is used for describing and configuring the block chain transaction and establishing a multi-element set mapping relationship.
The behavior mapper describes and configures T, and establishes a multi-element set mapping relation:
(h,PubKey,Memo,...),
wherein h represents an abstract value of the operation record, PubKey represents an account address (an example is an account address) opened by the database example on the block chain network, and the Memo represents the description information and includes: instance name, table name, operation type, timestamp, IP address, etc.
From the above description, it can be seen that the present invention achieves the following technical effects:
in the embodiment of the application, a mode of combining audit and a block chain is adopted, and a non-invasive mode capable of self-defining configuration is adopted to collect log files; calculating the abstract value of the operation behavior record in the log file by using an abstract algorithm, and constructing a block chain transaction; describing and configuring the block chain transaction, and establishing a multi-element set mapping relation; the purpose of fingerprint locking of the operation record behavior data of the structured database is achieved, so that the situation that the operation record is erased at will is avoided, the technical effect of credibility of the audit result is guaranteed, and the technical problem that the audit result is unreliable due to the situation that the operation record is erased at will is solved.
According to the embodiment of the present invention, preferably, as shown in fig. 4, the method further includes:
the information display device is used for sending out query information;
the user can input the keyword query in the description information Memo through the information displayer, and the information displayer wants to initiate a request to the retriever so as to provide corresponding keywords for subsequent matching search.
In this embodiment, the behavior presenter: according to the retrieval result, behavior operation index display can be configured in a user-defined mode, and query information (namely description information) can be input.
The behavior retriever is used for matching a search result corresponding to the query information based on a preset multi-element set mapping relation;
and the behavior retriever calls a behavior mapper, and performs matching query on the description information { MEMo } data set according to a preset multi-element set mapping relation to obtain a search result (h, PubKey, MEMo.), wherein h in the search result is an abstract value, PubKey is an account address, and MEMo is description information.
In this embodiment, the behavior mapper: and establishing a mapping relation aiming at the record information in the log file, the recorded abstract value, the account address on the block chain network and the description information of the behavior record.
In this embodiment, the behavior retriever: and searching and querying through the keywords of the readable information, and calling a block chain querier for data abstract values to compare with the searched results.
The chain querier is used for judging whether a corresponding first block chain transaction stored in a block chain network account book exists or not according to the search result; and if so, performing anti-sequence decoding on the first block chain transaction, and returning a decoding result to the information displayer for displaying.
According to the embodiment of the present invention, preferably, the chain inquirer further comprises: performing reverse sequence decoding on the first block chain transaction to obtain a second block chain transaction;
The information presenter further comprises: the second blockchain transaction is exposed in the form of custom configuration information.
The behavior retriever calls a chain querier, inquires a corresponding first block chain transaction T stored in a block chain network account book according to the abstract value h and the PubKey account address in the search result, and if the first block chain transaction T exists, deserializes and decodes the first block chain transaction T into: t ' str (json. umarshal ([ ] byte (T)), returns T ' to the information presenter, and returns directly if T ' does not exist.
In this embodiment, the chain querier: and providing an efficient cache mechanism, efficiently inquiring the digest value of the specified record, comparing the digest value with the digest value of the record in the log file, and if the digest values are the same, returning the record details to the information display for displaying. Otherwise, the stored behavior record is maliciously tampered.
In conclusion, the information display device and the behavior mapper are combined with the chain querier to configure and collect audit indexes of the operation records of the structured database in a user-defined mode, and therefore problems can be located efficiently and accurately for malicious operation behaviors.
According to the embodiment of the present invention, preferably, as shown in fig. 4, the method further includes:
the acquisition plug-in is used for configuring the operation information of the database in a non-embedded self-defined configuration mode and generating log files with a uniform format to the acquisition gateway;
The acquisition plug-in adopts a non-embedded self-defined configuration mode, and configures the operation information of the database according to the database instance name, the table name, the operation type, the date and the like to generate log files with a uniform format:
F=∑(record,...),
single record in log file:
record=(D,DBname,Tname,User,SourceIP,Op,...),
wherein D represents a timestamp of behavior operation, DBname represents a database instance name, Tname represents an instance table name, User represents a behavior operator, SourceIP represents a client IP of the operator, and Op represents operation behavior.
In this example, plug-ins are collected: and generating a log file in a unified standard format by adopting a non-embedded self-defined configuration mode and the auditable operation behavior indexes of the database.
The log file and the display effect which are uniform in format, strong in readability and capable of being configured in a user-defined mode are generated for various log formats of the database through the configuration of the acquisition plug-in and the information displayer according to the requirements of behavior operation audit indexes.
It will be apparent to those skilled in the art that the modules or steps of the present invention described above may be implemented by a general purpose computing device, they may be centralized on a single computing device or distributed across a network of multiple computing devices, and they may alternatively be implemented by program code executable by a computing device, such that they may be stored in a storage device and executed by a computing device, or fabricated separately as individual integrated circuit modules, or fabricated as a single integrated circuit module from multiple modules or steps. Thus, the present invention is not limited to any specific combination of hardware and software.
The above description is only a preferred embodiment of the present application and is not intended to limit the present application, and various modifications and changes may be made to the present application by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present application shall be included in the protection scope of the present application.
Claims (10)
1. A security audit method of an efficient credible structured database is characterized by comprising the following steps:
collecting log files in a non-invasive and user-defined configuration mode;
calculating the abstract value of the operation behavior record in the log file by using an abstract algorithm, and constructing a block chain transaction;
and describing and configuring the block chain transaction, and establishing a multi-element set mapping relation.
2. The security audit method of claim 1 wherein the configuration of block chain transactions is described, and after the multi-element set mapping relationship is established, the method further comprises:
sending out query information;
matching a search result corresponding to the query information based on a preset multi-element set mapping relation;
judging whether a corresponding first block chain transaction stored in a block chain network account book exists or not according to the search result;
if so, then an anti-sequence decode and expose operation is performed on the first blockchain transaction.
3. The security audit method of claim 1 wherein prior to collecting the log file in a non-intrusive, custom configurable manner, further comprising:
and configuring the operation information of the database in a non-embedded self-defined configuration mode, and generating a log file with a uniform format.
4. The security audit method of claim 1 wherein after collecting the log file in a non-intrusive, user-definable and configurable manner, calculating a digest value of the operation behavior record in the log file using a digest algorithm, and before constructing the blockchain transaction, further comprising:
and delivering the log file to a message queue center.
5. The security audit method of claim 2 wherein performing an anti-sequence decode and expose operation on a first blockchain transaction comprises:
performing reverse sequence decoding on the first block chain transaction to obtain a second block chain transaction;
the second blockchain transaction is exposed in the form of custom configuration information.
6. A security audit device of an efficient credible structured database is characterized by comprising:
the acquisition gateway is used for acquiring the log file in a non-invasive self-defined configuration mode;
The chain weight determiner is used for calculating the abstract value of the operation behavior record in the log file by using an abstract algorithm and constructing a block chain transaction;
and the behavior mapper is used for describing and configuring the block chain transaction and establishing a multi-element set mapping relation.
7. The security audit device of claim 6, further comprising:
the information display device is used for sending out query information;
the behavior retriever is used for matching a search result corresponding to the query information based on a preset multi-element set mapping relation;
the chain querier is used for judging whether a corresponding first block chain transaction stored in a block chain network account book exists or not according to the search result; if so, performing anti-sequence decoding on the first blockchain transaction, and returning a decoding result to the information displayer for displaying.
8. The security audit device of claim 6, further comprising:
and the acquisition plug-in is used for configuring the operation information of the database in a non-embedded self-defined configuration mode and generating a log file with a uniform format to the acquisition gateway.
9. The security audit device of claim 6, further comprising:
and the message queue center is used for receiving the log file for collecting the plug-in delivery.
10. A security audit device according to claim 7,
the chain querier further comprises: performing reverse sequence decoding on the first block chain transaction to obtain a second block chain transaction;
the information presenter further comprises: the second blockchain transaction is exposed in the form of custom configuration information.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210377030.9A CN114756902A (en) | 2022-04-11 | 2022-04-11 | Security audit method and device for efficient trusted structured database |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210377030.9A CN114756902A (en) | 2022-04-11 | 2022-04-11 | Security audit method and device for efficient trusted structured database |
Publications (1)
Publication Number | Publication Date |
---|---|
CN114756902A true CN114756902A (en) | 2022-07-15 |
Family
ID=82330046
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210377030.9A Pending CN114756902A (en) | 2022-04-11 | 2022-04-11 | Security audit method and device for efficient trusted structured database |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114756902A (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108959445A (en) * | 2018-06-13 | 2018-12-07 | 云南电网有限责任公司信息中心 | Distributed information log processing method and processing device |
CN111241104A (en) * | 2020-01-14 | 2020-06-05 | 腾讯科技(深圳)有限公司 | Operation auditing method and device, electronic equipment and computer-readable storage medium |
KR20200084136A (en) * | 2019-01-02 | 2020-07-10 | 주식회사 체커 | System for auditing data access based on block chain and the method thereof |
CN111427869A (en) * | 2020-04-10 | 2020-07-17 | 科通工业技术(深圳)有限公司 | Log system based on block chain |
-
2022
- 2022-04-11 CN CN202210377030.9A patent/CN114756902A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108959445A (en) * | 2018-06-13 | 2018-12-07 | 云南电网有限责任公司信息中心 | Distributed information log processing method and processing device |
KR20200084136A (en) * | 2019-01-02 | 2020-07-10 | 주식회사 체커 | System for auditing data access based on block chain and the method thereof |
CN111241104A (en) * | 2020-01-14 | 2020-06-05 | 腾讯科技(深圳)有限公司 | Operation auditing method and device, electronic equipment and computer-readable storage medium |
CN111427869A (en) * | 2020-04-10 | 2020-07-17 | 科通工业技术(深圳)有限公司 | Log system based on block chain |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109271411B (en) | Report generation method, report generation device, computer equipment and storage medium | |
US20220156249A1 (en) | Correlating different types of data of a distributed ledger system | |
US11640474B2 (en) | Method and apparatus for operating database | |
EP4099170B1 (en) | Method and apparatus of auditing log, electronic device, and medium | |
US11042899B2 (en) | System and method for tracking users across a plurality of media platforms | |
CN111881011A (en) | Log management method, platform, server and storage medium | |
CN107016027A (en) | The method and apparatus for realizing business information fast search | |
WO2020000726A1 (en) | Performance test report generating method, electronic device, and readable storage medium | |
CN112686717B (en) | Data processing method and system for advertisement recall | |
CN115329381A (en) | Sensitive data-based analysis and early warning method and device, computer equipment and medium | |
CN111814045A (en) | Data query method and device, electronic equipment and storage medium | |
CN110572364A (en) | Method for realizing threat alarm in virtual environment | |
CN107451301B (en) | Processing method, device, equipment and storage medium for real-time delivery bill mail | |
CN113934733A (en) | Problem positioning method, device, system, storage medium and electronic equipment | |
CN114153703A (en) | Micro-service exception positioning method and device, electronic equipment and program product | |
CN112434062A (en) | Quasi-real-time data processing method, device, server and storage medium | |
CN112187509A (en) | Multi-architecture cloud platform execution log management method, system, terminal and storage medium | |
CN114756902A (en) | Security audit method and device for efficient trusted structured database | |
CN116010480A (en) | Time sequence database auditing method and system | |
CN114882965A (en) | Single disease type data reporting method, terminal equipment and storage medium | |
WO2021103409A1 (en) | Data generation method and apparatus, electronic device and storage medium | |
CN112579673A (en) | Multi-source data processing method and device | |
CN112416875A (en) | Log management method and device, computer equipment and storage medium | |
TWI578173B (en) | Statistical e-commerce transaction data, e-commerce transaction data statistics system and application server | |
US11947540B1 (en) | Query language for metric data |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20220715 |