CN118153059A - Database security audit method and device, electronic equipment and storage medium - Google Patents
Database security audit method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN118153059A CN118153059A CN202410328476.1A CN202410328476A CN118153059A CN 118153059 A CN118153059 A CN 118153059A CN 202410328476 A CN202410328476 A CN 202410328476A CN 118153059 A CN118153059 A CN 118153059A
- Authority
- CN
- China
- Prior art keywords
- access
- audit
- information
- user
- node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012550 audit Methods 0.000 title claims abstract description 324
- 238000000034 method Methods 0.000 title claims abstract description 44
- 230000005856 abnormality Effects 0.000 claims abstract description 78
- 238000012545 processing Methods 0.000 claims abstract description 9
- 238000012544 monitoring process Methods 0.000 claims description 52
- 230000002159 abnormal effect Effects 0.000 claims description 49
- 230000032683 aging Effects 0.000 claims description 46
- 230000001960 triggered effect Effects 0.000 claims description 11
- 238000004422 calculation algorithm Methods 0.000 claims description 7
- 238000004458 analytical method Methods 0.000 claims description 5
- 230000008014 freezing Effects 0.000 claims description 5
- 238000007710 freezing Methods 0.000 claims description 5
- 238000013507 mapping Methods 0.000 claims description 5
- 238000004590 computer program Methods 0.000 claims description 4
- 238000002372 labelling Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 4
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 230000001550 time effect Effects 0.000 description 3
- 230000006978 adaptation Effects 0.000 description 2
- 230000006399 behavior Effects 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000000802 evaporation-induced self-assembly Methods 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The application relates to the technical field of database security audit, in particular to a database security audit method, a device, electronic equipment and a storage medium, wherein the method comprises the following steps: obtaining node data information and a security audit standard, matching each node data information with the security audit standard, generating audit standard information according to a matching result, calculating a root hash value corresponding to the node data information, obtaining a storage path, forming an audit block chain by the root hash value and the storage path, determining user access authority, determining whether the user meets the access authority requirement, determining an audit code corresponding to the user access authority if the user meets the access authority requirement, feeding back the audit code to a user terminal corresponding to the user, binding an access data node with the audit block chain, determining whether the access data node has audit abnormality, and processing the access data node according to a solution if the access data node has audit abnormality. The application improves the auditing efficiency and the auditing safety of the database.
Description
Technical Field
The present application relates to the field of database security audit, and in particular, to a database security audit method, device, electronic apparatus, and storage medium.
Background
The database security audit is a management of the user operation database by an audit administrator, and the main process is to record the behavior and influence result of the user operation database. The security audit can record the operation of all users on the database and the data thereof, discover illegal access in time, and trace the source and recover the data when security accidents or unexpected faults occur. Therefore, the security audit record data is of critical importance in terms of security and integrity, and sensitive data cannot be revealed, and the data is not tampered with while being trusted.
At present, in the process of carrying out security audit on a database, behavior audit is mainly realized based on rule policy matching, and the problems faced in practice are as follows: on the one hand, an audit administrator is likely to be not a database application expert, and cannot deeply understand user business data, so that proper manual configuration cannot be realized on database audit; meanwhile, because the knowledge of the database, the business knowledge and the business environment are not mastered enough, the audit manager only configures a small number of rule strategies, and the comprehensive audit cannot be realized. On the other hand, aiming at huge data volume, the security audit task is heavy, and the audit accuracy and audit efficiency of the database cannot be ensured.
Disclosure of Invention
In order to solve at least one technical problem, the application provides a database security audit method, a database security audit device, database security audit equipment and database security audit media.
In a first aspect, the present application provides a database security audit method, which adopts the following technical scheme:
acquiring node data information of each data node corresponding to a database security audit flow and security audit standards corresponding to the node data information;
Matching each node data information with the corresponding security audit standard, and generating audit standard information corresponding to each node data information according to a matching result, wherein the audit standard information is used for characterizing whether a user accesses the node data information and determining whether the current access operation is abnormal or not;
Respectively calculating root hash values corresponding to the node data information, acquiring storage paths corresponding to the node data information, and forming an audit block chain by the root hash values and the storage paths, wherein the audit block chain comprises at least one block, and each block corresponds to each node data information;
When monitoring that a user has data access, generating an access data node, and determining user access authority according to access request information of the user, wherein the access data node is used for storing data access operation information of the user to a database, the access request information is used for representing user identity information and access data requirements, the access request information is generated after being triggered by the user, and the user access authority is used for representing a block range of the audit block chain which can be accessed by the user;
Determining whether the user meets the access right requirements according to the user identity information, the access data requirements and the user access rights, if so, determining an audit code corresponding to the user access rights according to the access request information, and feeding back the audit code to a user terminal corresponding to the user;
And after detecting that a user scans the audit code, correspondingly binding the access data node and the audit block chain according to the node data information, auditing the data access operation information in the access data node based on the security audit standard, determining whether the access data node has audit abnormality, and if so, processing the access data node according to a solution corresponding to the audit abnormality in the security audit standard.
In one possible implementation manner, the determining, according to the access request information, an audit code corresponding to the user access right further includes:
Acquiring the number of accessible blocks corresponding to each user access right in real time;
Judging whether the user access authority has a block to be accessed according to the user access authority, the corresponding relation between the user access authority and the access block and the number of the accessible blocks corresponding to the current moment;
If yes, determining the aging information of the audit code according to the current time and audit flow information, and adding the aging information to the audit code, wherein the audit flow information comprises the predicted time when the access request information flows to each node in the audit block chain;
And when the increase of the number of the accessible blocks of the access authority corresponding to the access request information is detected, updating the audit code based on the monitoring information corresponding to the newly increased accessible blocks.
In one possible implementation manner, the determining the aging information of the audit code according to the current time and the audit stream information, and adding the aging information to the audit code includes:
predicting the required circulation time length when the circulation node corresponding to the current moment flows to the node corresponding to the next block to be accessed according to the audit circulation information and the circulation node corresponding to the current moment;
Determining aging information of the audit code according to the current time and the required circulation duration;
And generating aging watermark information according to the aging information, and adding the aging watermark information to the audit code.
In one possible implementation, the method further includes:
acquiring an access record of the audit code in a preset time period, wherein the access record is used for representing access time and access account number for accessing the audit code in the preset time period;
judging whether the audit code has access abnormality or not according to the access time and the access account in a preset time period;
When access abnormality exists, performing at least one parameter splice based on the position relation between the monitoring information corresponding to the audit code and the initial account information to obtain a parameter key corresponding to each parameter splice, and recording each splice process to obtain a splice rule corresponding to each splice process, wherein the initial account information comprises an initial account, and the initial account is an account for providing access request information triggered for the first time;
distributing the use time length for each splicing rule according to the aging information to obtain the use time length respectively corresponding to each splicing rule;
When the access request information is received again, analyzing the access request information to obtain access parameters, and recording the re-access time when the access request information is received again;
Determining a target splicing rule corresponding to the revisit moment according to the use time length respectively corresponding to each splicing rule, and performing parameter splicing on the access parameter and the monitoring information corresponding to the audit code according to the target splicing rule to obtain a monitoring information key;
And restoring the monitoring information key based on the target splicing rule and the use duration corresponding to each splicing rule respectively, matching the restored monitoring information key with the parameter key, and feeding back an audit code to the terminal equipment corresponding to the initial account if the matching is successful.
In one possible implementation manner, the performing at least one parameter splicing based on the position relationship between the monitoring information corresponding to the audit code and the initial account information to obtain a parameter key corresponding to each parameter splicing includes:
Determining a random value according to a random number algorithm;
Determining the hash address of the monitoring information corresponding to the audit code in the block chain according to the mapping relation between the hash value and the monitoring information;
Determining respective corresponding numbers for the random value, the hash address and the initial account information, and arranging the respective corresponding numbers of the random value, the hash address and the initial account information to generate a plurality of number sequences;
And performing parameter splicing on the random value, the hash address and the initial account information according to each number sequence to obtain a parameter key corresponding to each number sequence.
In one possible implementation manner, the determining whether the audit code has an access abnormality according to the access time and the access account within the preset time period includes:
Judging whether the access time and the access account number meet preset conditions in a preset time period, and determining that the audit code has access abnormality when the access time and the access account number meet the preset conditions;
Wherein the preset conditions include at least one of the following:
the access times of the same access account number in a preset time period are higher than a first preset threshold value;
The security level corresponding to the access account is lower than the preset security level;
The number of different access accounts within the preset access time period exceeds a second preset threshold.
In one possible implementation manner, the processing the access data node according to the solution corresponding to the audit exception in the security audit standard further includes:
If the safety audit standard does not have a solution matched with the audit abnormality, terminating the data access of the user;
judging whether the abnormal characteristics of the audit abnormality are consistent with the active abnormal characteristics of the user, if so, marking the abnormal characteristics of the user, freezing the user access authority of the user, and generating access abnormal information according to the active abnormal characteristics and feeding back to a user terminal;
if the access account number and the access domain name of the user are inconsistent, the abnormal characteristics representing the audit abnormality are passive abnormal characteristics, characteristic analysis is carried out on the passive abnormal characteristics based on abnormal big data, an abnormality improvement scheme is obtained, and after IPv6 stealth encryption is carried out on the access account number and the access domain name of the user according to the abnormality improvement scheme, data access of the user is restored.
In a second aspect, the present application provides a database security audit device, which adopts the following technical scheme:
A database security auditing apparatus, comprising:
The information acquisition module is used for acquiring node data information of each data node corresponding to the database security audit flow and security audit standards corresponding to the node data information;
The standard generation module is used for matching each node data information with the corresponding security audit standard, and generating audit standard information corresponding to each node data information according to a matching result, wherein the audit standard information is used for characterizing whether a user has abnormality in the current access operation when the user accesses the node data information;
the block chain forming module is used for respectively calculating root hash values corresponding to the node data information, acquiring storage paths corresponding to the node data information, and forming an audit block chain by the root hash values and the storage paths, wherein the audit block chain comprises at least one block, and each block corresponds to each node data information;
The authority determination module is used for generating access data nodes when monitoring that a user has data access, and determining user access authority according to access request information of the user, wherein the access data nodes are used for storing data access operation information of the user to a database, the access request information is used for representing user identity information and access data requirements, the access request information is generated after being triggered by the user, and the user access authority is used for representing a block range of the audit block chain which can be accessed by the user;
the audit code determining module is used for determining whether the user meets the access right requirement according to the user identity information, the access data requirement and the user access right, if so, determining an audit code corresponding to the user access right according to the access request information, and feeding back the audit code to a user terminal corresponding to the user;
And the exception handling module is used for correspondingly binding the access data node and the audit block chain according to the node data information after detecting that a user scans the audit code, auditing the data access operation information in the access data node based on the security audit standard, determining whether the access data node has audit exception, and if so, handling the access data node according to a solution corresponding to the audit exception in the security audit standard.
In one possible implementation, the apparatus further includes: the system comprises a quantity acquisition module, a judgment module to be accessed, an aging adding module and an audit code updating module, wherein,
The number acquisition module is used for acquiring the number of accessible blocks corresponding to each user access right in real time;
The to-be-accessed judging module is used for judging whether the user access authority has a to-be-accessed block or not according to the user access authority, the corresponding relation between the user access authority and the access block and the number of the accessible blocks corresponding to the current moment;
The aging adding module is used for determining aging information of the audit code according to the current moment and audit flow information when the block to be accessed exists in the user access authority, and adding the aging information to the audit code, wherein the audit flow information comprises the predicted moment when the access request information flows to each node in the audit block chain;
And the audit code updating module is used for updating the audit code based on the monitoring information corresponding to the newly added accessible blocks when the increase of the number of the accessible blocks of the access authority corresponding to the access request information is detected.
In another possible implementation manner, the aging adding module is specifically configured to, when determining the aging information of the audit code according to the current time and the audit stream information, and adding the aging information to the audit code:
predicting the required circulation time length when the circulation node corresponding to the current moment flows to the node corresponding to the next block to be accessed according to the audit circulation information and the circulation node corresponding to the current moment;
Determining aging information of the audit code according to the current time and the required circulation duration;
And generating aging watermark information according to the aging information, and adding the aging watermark information to the audit code.
In another possible implementation, the apparatus further includes: the system comprises a record acquisition module, an abnormality judgment module, a first splicing module, a duration distribution module, a time recording module, a second splicing module and a key matching module,
The record acquisition module is used for acquiring an access record of the audit code in a preset time period, wherein the access record is used for representing access time and an access account number for accessing the audit code in the preset time period;
the abnormality judging module is used for judging whether the audit code has abnormal access according to the access time and the access account in a preset time period;
The first splicing module is used for carrying out parameter splicing at least once based on the position relation between the monitoring information corresponding to the audit code and the initial account information when the access abnormality exists, obtaining a parameter key corresponding to each parameter splicing, and recording each splicing process to obtain a splicing rule corresponding to each splicing process, wherein the initial account information comprises an initial account, and the initial account is an account for providing access request information triggered for the first time;
the time length distribution module is used for distributing the use time length to each splicing rule according to the aging information to obtain the use time length respectively corresponding to each splicing rule;
The time recording module is used for analyzing the access request information to obtain access parameters when the access request information is received again, and recording the revisit time when the access request information is received again;
The second splicing module is used for determining a target splicing rule corresponding to the revisit moment according to the use time length respectively corresponding to each splicing rule, and carrying out parameter splicing on the access parameter and the monitoring information corresponding to the audit code according to the target splicing rule to obtain a monitoring information key;
And the key matching module is used for restoring the monitoring information key based on the target splicing rule and the use duration corresponding to each splicing rule respectively, matching the restored monitoring information key with the parameter key, and feeding back an audit code to the terminal equipment corresponding to the initial account if the matching is successful.
In another possible implementation manner, the first splicing module is specifically configured to, when performing at least one parameter splicing based on the position relationship between the monitoring information corresponding to the audit code and the initial account information to obtain a parameter key corresponding to each parameter splicing:
Determining a random value according to a random number algorithm;
Determining the hash address of the monitoring information corresponding to the audit code in the block chain according to the mapping relation between the hash value and the monitoring information;
Determining respective corresponding numbers for the random value, the hash address and the initial account information, and arranging the respective corresponding numbers of the random value, the hash address and the initial account information to generate a plurality of number sequences;
And performing parameter splicing on the random value, the hash address and the initial account information according to each number sequence to obtain a parameter key corresponding to each number sequence.
In another possible implementation manner, the abnormality determination module is specifically configured to, when determining whether the audit code has an access abnormality according to the access time and the access account within a preset period of time:
Judging whether the access time and the access account number meet preset conditions in a preset time period, and determining that the audit code has access abnormality when the access time and the access account number meet the preset conditions;
Wherein the preset conditions include at least one of the following:
the access times of the same access account number in a preset time period are higher than a first preset threshold value;
The security level corresponding to the access account is lower than the preset security level;
The number of different access accounts within the preset access time period exceeds a second preset threshold.
In another possible implementation, the apparatus further includes: an access termination module, a feature labeling module and an access encryption module, wherein,
The access termination module is used for terminating the data access of the user when the solution matched with the audit abnormality does not exist in the security audit standard;
The feature labeling module is used for judging whether the abnormal features of the audit abnormality are consistent with the active abnormal features of the user, if so, labeling the abnormal features of the user, freezing the user access authority of the user, and generating access abnormality information according to the active abnormal features and feeding back the access abnormality information to a user terminal;
And the access encryption module is used for representing that the abnormal characteristic of the audit abnormality is a passive abnormal characteristic when the abnormal characteristic of the audit abnormality is inconsistent with the active abnormal characteristic of the user, carrying out characteristic analysis on the passive abnormal characteristic based on abnormal big data to obtain an abnormality improvement scheme, and recovering the data access of the user after carrying out IPv6 stealth encryption on the access account number and the access domain name of the user according to the abnormality improvement scheme.
Third, the application provides an electronic device, which adopts the following technical scheme:
At least one processor;
a memory;
At least one application program, wherein the at least one application program is stored in the memory and configured to be executed by the at least one processor, the at least one application program configured to: a database security auditing method as claimed in any one of the first aspects is performed.
In a fourth aspect, the present application provides a computer readable storage medium, which adopts the following technical scheme:
A computer readable storage medium having stored thereon a computer program which, when executed in a computer, causes the computer to perform the database security audit method according to any of the first aspects.
In summary, the present application includes at least one of the following beneficial technical effects:
When the database is subjected to access data audit, node data information of each data node corresponding to a database security audit flow and security audit standards corresponding to the node data information are obtained, then each node data information is matched with each corresponding security audit standard, audit standard information corresponding to each node data information is generated according to a matching result, the audit standard information is used for characterizing whether the current access operation is abnormal when the user accesses the node data information, root hash values corresponding to each node data information are calculated respectively, a storage path corresponding to each node data information is obtained, the root hash values and the storage paths form an audit block chain, the audit block chain comprises at least one block, each block corresponds to each node data information, then when the user is monitored to have data access, access data nodes are generated, and simultaneously access request information of the user is determined according to the user access request information, the access request information is used for characterizing the user identity information and the access operation information of the database, the access request information is used for triggering the user, the access request is used for triggering the user, the user access request is determined according to the user access request, if the user access request is met, the user access request is requested by the user is determined, and the user access request is met, after the user is detected to scan the audit code, the access data node and the audit block chain are correspondingly bound according to the node data information, the data access operation information in the access data node is audited based on the security audit standard, whether the access data node has audit abnormality is determined, if so, the access data node is processed according to a solution corresponding to the audit abnormality in the security audit standard, and therefore the audit efficiency and audit security of a database are improved.
Drawings
Fig. 1 is a schematic flow chart of a database security audit method according to an embodiment of the present application.
Fig. 2 is a schematic structural diagram of a database security audit device according to an embodiment of the present application.
Fig. 3 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
The application is described in further detail below with reference to fig. 1-3.
The present embodiment is merely illustrative of the present application and is not intended to limit the present application, and those skilled in the art, after having read the present specification, may make modifications to the present embodiment without creative contribution as necessary, but are protected by patent laws within the scope of the present application.
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present application more apparent, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application, and it is apparent that the described embodiments are some embodiments of the present application, but not all embodiments of the present application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
In addition, the term "and/or" herein is merely an association relationship describing an association object, and means that three relationships may exist, for example, a and/or B may mean: a exists alone, A and B exist together, and B exists alone. In this context, unless otherwise specified, the term "/" generally indicates that the associated object is an "or" relationship.
Embodiments of the application are described in further detail below with reference to the drawings.
The embodiment of the application provides a method for database security audit, which is executed by electronic equipment, wherein the electronic equipment can be a server or terminal equipment, and the server can be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server for providing cloud computing service. The terminal device may be, but is not limited to, a smart phone, a tablet computer, a notebook computer, a desktop computer, etc., and the terminal device and the server may be directly or indirectly connected through wired or wireless communication, which is not limited herein, and as shown in fig. 1, the method includes:
And step S10, acquiring node data information of each data node corresponding to the database security audit flow and security audit standards corresponding to the node data information.
For the embodiment of the application, the security audit standard is used for judging the judgment standard of different audit results of the database and the solutions corresponding to different audit anomalies.
And S11, matching the data information of each node with the corresponding security audit standard, and generating audit standard information corresponding to the data information of each node according to a matching result.
The audit standard information is used for characterizing whether the current access operation is abnormal or not when the user accesses the node data information.
And step S12, respectively calculating root hash values corresponding to the data information of each node, acquiring storage paths corresponding to the data information of each node, and forming an audit block chain by the root hash values and the storage paths, wherein the audit block chain comprises at least one block, and each block corresponds to each node data information.
Specifically, a sub hash value corresponding to each data type in the node data information is calculated through a hash algorithm, then a root hash value corresponding to the node data information is calculated through a merck tree algorithm and each sub hash value contained in the node data information, and all data information contained in the node data information is conveniently checked through the root hash value.
And step S13, when the data access of the user is monitored, generating an access data node, and determining the access authority of the user according to the access request information of the user.
The access data node is used for storing data access operation information of a user to a database, the access request information is used for representing user identity information and access data requirements, the access request information is generated after being triggered by the user, and the user access authority is used for representing the block range of an audit block chain which can be accessed by the user.
And S14, determining whether the user meets the access right requirement according to the user identity information, the access data requirement and the user access right, if so, determining an audit code corresponding to the user access right according to the access request information, and feeding back the audit code to a user terminal corresponding to the user.
And S15, after detecting that the user scans the audit code, correspondingly binding the access data node and the audit block chain according to the node data information, auditing the data access operation information in the access data node based on a security audit standard, determining whether the access data node has audit abnormality, and if so, processing the access data node according to a solution corresponding to the audit abnormality in the security audit standard.
Based on the above embodiment, when the database is accessed for data audit, node data information of each data node corresponding to the database security audit flow and security audit standards corresponding to the node data information are obtained, then each node data information is matched with each corresponding security audit standard, audit standard information corresponding to each node data information is generated according to the matching result, the audit standard information is used for characterizing that when a user accesses the node data information, whether the current access operation is abnormal or not is determined, root hash values corresponding to each node data information are calculated respectively, storage paths corresponding to each node data information are obtained, the root hash values and the storage paths form an audit block chain, the audit block chain comprises at least one block, each block corresponds to each node data information, then when monitoring that the user has data access, generating an access data node, simultaneously determining user access authority according to access request information of the user, using data access operation information of the storage user to a database by the access data node, wherein the access request information is used for representing user identity information and access data requirements, generating after being triggered by the user, the user access authority is used for representing the block range of an audit block chain which can be accessed by the user, then determining whether the user meets the access authority requirements according to the user identity information, the access data requirements and the user access authority, if so, determining an audit code corresponding to the user access authority according to the access request information, feeding the audit code back to a user terminal corresponding to the user, after detecting the user scanning the audit code, correspondingly binding the access data node and the audit block chain according to the node data information, and auditing the data access operation information in the access data node based on the security audit standard, determining whether the access data node has audit abnormality, and if so, processing the access data node according to a solution corresponding to the audit abnormality in the security audit standard, thereby improving the audit efficiency and audit security of the database.
Further, in the embodiment of the present application, an audit code corresponding to the user access authority is determined according to the access request information, and the method further includes: and acquiring the number of accessible blocks corresponding to each user access right in real time, judging whether the user access right has a block to be accessed according to the corresponding relation between the user access right and the access blocks and the number of accessible blocks corresponding to the current moment, if so, determining the aging information of the auditing code according to the current moment and the auditing circulation information, adding the aging information to the auditing code, wherein the auditing circulation information comprises the predicted moment that the access request information flows to each node in an auditing block chain, and updating the auditing code based on the monitoring information corresponding to the newly-added accessible blocks when the increase of the number of accessible blocks corresponding to the access request information is detected.
In one possible implementation manner of the embodiment of the present application, determining the aging information of the audit code according to the current time and the audit stream information, and adding the aging information to the audit code, including: according to the audit stream information and the stream node corresponding to the current moment, predicting the stream duration required by stream from the stream node corresponding to the current moment to the node corresponding to the next block to be accessed, determining the aging information of the audit code according to the current moment and the required stream duration, generating aging watermark information according to the aging information, and adding the aging watermark information to the audit code.
In one possible implementation manner of the embodiment of the present application, the method further includes: obtaining an access record of an audit code in a preset time period, wherein the access record is used for representing access time and an access account for accessing the audit code in the preset time period, judging whether the audit code has access abnormality according to the access time and the access account in the preset time period, when the access abnormality exists, performing at least one parameter splicing based on the position relationship between monitoring information corresponding to the audit code and initial account information, obtaining a parameter key corresponding to each parameter splicing, recording a splicing rule corresponding to each splicing process, wherein the initial account information comprises an initial account, the initial account is an account for providing first triggering access request information, distributing use time for each splicing rule according to aging information, obtaining use time corresponding to each splicing rule respectively, analyzing the access request information to obtain access parameters when the access request information is received again, recording re-access time when the access request information is received again, determining a target splicing rule corresponding to the re-access time according to each splicing rule respectively, performing parameter splicing on the monitoring information corresponding to the access parameters and the initial account according to the target splicing rule, obtaining a monitoring information key, recovering the monitoring key, and if the target splicing rule and the corresponding splicing rule are used respectively, recovering the monitoring key, and if the monitoring key is successfully matched with the initial key.
Specifically, the number of the splicing rules is related to the number of the numbers participating in the random ordering, if the number of the numbers participating in the random ordering is X, the number sequence number corresponding to the X numbers can be obtained by fully arranging the generated X numbers, wherein the number X can be obtained by introducing the number X into a full-arrangement number calculation formula when the generated X numbers are fully arranged, wherein the full-arrangement number calculation formula is f (n) =n-! For example, X is 3, the number of number sequences generated is 3-! The number sequences of 3×2×1=6 and 6 may be 123, 132, 231, 213, 312, 321, respectively, and the time duration allocated to each number sequence according to the time-efficiency information is, for example, 60 minutes (10 points-11 points) of the required circulation duration corresponding to the time-efficiency information, and then the use duration corresponding to each number sequence is 10 minutes.
When the target splicing rule is determined from the corresponding relation between the use time length and the splicing rule, the determination can be performed based on the revisit time, for example, when the determined splicing rule is 312 when the visit abnormality exists (10 points), the splicing rule corresponding to 10 points-10 points is determined to be 312 according to the corresponding relation between the use time length and the splicing rule, the splicing rule corresponding to 10 points-10 points 20 points is determined to be 321, and the corresponding relation between the use time period and the splicing rule is obtained by the same, and when the visit is performed again, the target splicing rule is determined from the corresponding relation between the use time period and the splicing rule according to the revisit time, and after the target splicing rule is obtained, the random value, the hash address and the initial account information are spliced according to the target splicing rule, so as to obtain the monitoring information key.
In one possible implementation manner of the embodiment of the present application, at least one parameter splice is performed based on a positional relationship between monitoring information corresponding to an audit code and initial account information, to obtain a parameter key corresponding to each parameter splice, including: determining a random value according to a random number algorithm, determining a hash address of monitoring information corresponding to an audit code in a blockchain according to a mapping relation of the hash value and the monitoring information, determining respective corresponding numbers for the random value, the hash address and the initial account information, arranging the respective corresponding numbers of the random value, the hash address and the initial account information to generate a plurality of number sequences, and performing parameter splicing on the random value, the hash address and the initial account information according to each number sequence to obtain a parameter key corresponding to each number sequence.
In one possible implementation manner of the embodiment of the present application, determining whether the audit code has an access abnormality according to the access time and the access account in a preset time period includes: judging whether the access time and the access account number meet preset conditions in a preset time period, and determining that the audit code has access abnormality when the access time and the access account number meet the preset conditions.
Wherein the preset conditions include at least one of the following:
the access times of the same access account number in a preset time period are higher than a first preset threshold value;
The security level corresponding to the access account is lower than the preset security level;
The number of different access accounts within the preset access time period exceeds a second preset threshold.
For the embodiment of the present application, the first preset threshold, the second preset threshold and the preset security level standard are not specifically limited in the embodiment of the present application, and may be input by a related technician.
In one possible implementation manner of the embodiment of the present application, the processing of the access data node according to the solution corresponding to the audit abnormality in the security audit standard further includes: if the solution matched with the audit abnormality does not exist in the security audit standard, terminating the data access of the user, judging whether the abnormality feature of the audit abnormality is consistent with the active abnormality feature of the user, if so, marking the abnormality feature of the user, freezing the user access authority of the user, generating access abnormality information according to the active abnormality feature, feeding back the access abnormality information to the user terminal, if not, indicating that the abnormality feature of the audit abnormality is a passive abnormality feature, carrying out feature analysis on the passive abnormality feature based on the abnormal big data to obtain an abnormality improvement scheme, and recovering the data access of the user after IPv6 stealth encryption is carried out on the access account number and the access domain name of the user according to the abnormality improvement scheme.
Referring to fig. 2, fig. 2 is a schematic structural diagram of a database security audit device 20 according to an embodiment of the present application, where the database security audit device described below and the database security audit method described above can be referred to correspondingly, and the method includes:
The information acquisition module 21 is configured to acquire node data information of each data node corresponding to the database security audit flow and a security audit standard corresponding to the node data information;
The standard generating module 22 is configured to match each node data information with a corresponding security audit standard, and generate audit standard information corresponding to each node data information according to a matching result, where the audit standard information is used to characterize whether a user has an abnormality in a current access operation when performing an access operation on the node data information;
the block chain forming module 23 is configured to calculate root hash values corresponding to the data information of each node respectively, obtain storage paths corresponding to the data information of each node, and form an audit block chain from the root hash values and the storage paths, where the audit block chain includes at least one block, and each block corresponds to each node data information;
The permission determining module 24 is configured to generate an access data node when the user is monitored to have data access, and determine a user access permission according to access request information of the user, where the access data node is configured to store data access operation information of the user to the database, the access request information is used to characterize user identity information and access data requirements, the access request information is generated after being triggered by the user, and the user access permission is used to characterize a block range in which the user can access the audit block chain;
The audit code determining module 25 is configured to determine whether the user meets the access permission requirement according to the user identity information, the access data requirement and the user access permission, if so, determine an audit code corresponding to the user access permission according to the access request information, and feed back the audit code to a user terminal corresponding to the user;
And the exception handling module 26 is configured to, after detecting that the user scans the audit code, bind the access data node with the audit blockchain according to the node data information, audit the data access operation information in the access data node based on the security audit standard, determine whether the access data node has an audit exception, and if so, handle the access data node according to a solution corresponding to the audit exception in the security audit standard.
In one possible implementation manner of the embodiment of the present application, the apparatus 20 further includes: the system comprises a quantity acquisition module, a judgment module to be accessed, an aging adding module and an audit code updating module, wherein,
The number acquisition module is used for acquiring the number of accessible blocks corresponding to each user access right in real time;
The to-be-accessed judging module is used for judging whether the user access authority has the to-be-accessed block or not according to the user access authority, the corresponding relation between the user access authority and the access block and the number of the accessible blocks corresponding to the current moment;
The time-effect adding module is used for determining time-effect information of an audit code according to the current moment and audit flow information when the user access authority has a block to be accessed, and adding the time-effect information to the audit code, wherein the audit flow information comprises a predicted moment when the access request information flows to each node in an audit block chain;
and the audit code updating module is used for updating the audit code based on the monitoring information corresponding to the newly added accessible blocks when the increase of the number of the accessible blocks of the access authority corresponding to the access request information is detected.
In another possible implementation manner of the embodiment of the present application, when determining the aging information of the audit code according to the current time and the audit flow information and adding the aging information to the audit code, the aging adding module is specifically configured to:
Predicting the required circulation time length when the circulation node corresponding to the current moment flows to the node corresponding to the next block to be accessed according to the audit circulation information and the circulation node corresponding to the current moment;
determining the aging information of the audit code according to the current moment and the required circulation duration;
And generating ageing watermark information according to the ageing information, and adding the ageing watermark information to an audit code.
In another possible implementation manner of the embodiment of the present application, the apparatus 20 includes: the system comprises a record acquisition module, an abnormality judgment module, a first splicing module, a duration distribution module, a time recording module, a second splicing module and a key matching module,
The record acquisition module is used for acquiring an access record of the audit code in a preset time period, wherein the access record is used for representing access time and access account number for accessing the audit code in the preset time period;
The abnormality judging module is used for judging whether the audit code has abnormal access according to the access time and the access account in the preset time period;
The first splicing module is used for carrying out at least one parameter splicing based on the position relation between the monitoring information corresponding to the audit code and the initial account information when the access abnormality exists, obtaining a parameter key corresponding to each parameter splicing, recording each splicing process to obtain a splicing rule corresponding to each splicing process, wherein the initial account information comprises an initial account, and the initial account is an account for providing access request information triggered for the first time;
the time length distribution module is used for distributing the use time length to each splicing rule according to the aging information to obtain the use time length respectively corresponding to each splicing rule;
The time recording module is used for analyzing the access request information to obtain access parameters when the access request information is received again, and recording the revisit time when the access request information is received again;
the second splicing module is used for determining a target splicing rule corresponding to the revisit moment according to the use time length respectively corresponding to each splicing rule, and performing parameter splicing on the access parameters and the monitoring information corresponding to the audit code according to the target splicing rule to obtain a monitoring information key;
And the key matching module is used for restoring the monitoring information key based on the target splicing rule and the use duration respectively corresponding to each splicing rule, matching the restored monitoring information key with the parameter key, and feeding back the audit code to the terminal equipment corresponding to the initial account if the matching is successful.
In another possible implementation manner of the embodiment of the present application, the first splicing module performs at least one parameter splicing based on the position relationship between the monitoring information corresponding to the audit code and the initial account information, so as to obtain a parameter key corresponding to each parameter splicing, where the first splicing module is specifically configured to:
Determining a random value according to a random number algorithm;
determining the hash address of the monitoring information corresponding to the audit code in the block chain according to the mapping relation between the hash value and the monitoring information;
Determining respective corresponding numbers for the random value, the hash address and the initial account information, and arranging the respective corresponding numbers of the random value, the hash address and the initial account information to generate a plurality of number sequences;
And performing parameter splicing on the random value, the hash address and the initial account information according to each number sequence to obtain a parameter key corresponding to each number sequence.
In another possible implementation manner of the embodiment of the present application, when the abnormality determination module determines whether the audit code has an access abnormality according to the access time and the access account in the preset time period, the abnormality determination module is specifically configured to:
Judging whether the access time and the access account number meet preset conditions in a preset time period, and determining that the audit code has abnormal access when the access time and the access account number meet the preset conditions;
Wherein the preset conditions include at least one of the following:
the access times of the same access account number in a preset time period are higher than a first preset threshold value;
The security level corresponding to the access account is lower than the preset security level;
The number of different access accounts within the preset access time period exceeds a second preset threshold.
In another possible implementation manner of the embodiment of the present application, the apparatus 20 further includes: an access termination module, a feature labeling module and an access encryption module, wherein,
The access termination module is used for terminating the data access of the user when no solution matched with the audit abnormality exists in the security audit standard;
The feature labeling module is used for judging whether the abnormal features of the audit abnormality are consistent with the active abnormal features of the user, if so, labeling the abnormal features of the user, freezing the user access authority of the user, and generating access abnormal information according to the active abnormal features and feeding back the access abnormal information to the user terminal;
and the access encryption module is used for representing that the abnormal characteristic of the audit abnormality is a passive abnormal characteristic when the abnormal characteristic of the audit abnormality is inconsistent with the active abnormal characteristic of the user, carrying out characteristic analysis on the passive abnormal characteristic based on the abnormal big data to obtain an abnormality improvement scheme, and recovering the data access of the user after carrying out IPv6 stealth encryption on the access account number and the access domain name of the user according to the abnormality improvement scheme.
The electronic device provided by the embodiment of the application is introduced below, and the electronic device described below and the database security audit method described above can be referred to correspondingly.
An embodiment of the present application provides an electronic device, as shown in fig. 3, fig. 3 is a schematic structural diagram of the electronic device provided in the embodiment of the present application, and an electronic device 300 shown in fig. 3 includes: a processor 301 and a memory 303. Wherein the processor 301 is coupled to the memory 303, such as via a bus 302. Optionally, the electronic device 300 may also include a transceiver 304. It should be noted that, in practical applications, the transceiver 304 is not limited to one, and the structure of the electronic device 300 is not limited to the embodiment of the present application.
The processor 301 may be a CPU (central processing unit), general purpose processor, DSP (digital signal processor), ASIC (ApplicationSpecificIntegratedCircuit ), FPGA (FieldProgrammableGateArray, field programmable gate array) or other programmable logic device, transistor logic device, hardware component, or any combination thereof. Which may implement or perform the various exemplary logic blocks, modules and circuits described in connection with the disclosure of embodiments of the application. Processor 301 may also be a combination that implements computing functionality, e.g., comprising one or more microprocessor combinations, a combination of a DSP and a microprocessor, etc.
Bus 302 may include a path to transfer information between the components. Bus 302 may be a PCI (PeripheralComponentInterconnect, peripheral component interconnect standard) bus or an EISA (ExtendedIndustryStandardArchitecture ) bus, or the like. Bus 302 may be divided into an address bus, a data bus, a control bus, and the like. For ease of illustration, only one thick line is shown in fig. 3, but not only one bus or one type of bus.
The memory 303 may be, but is not limited to, a ROM (read only memory) or other type of static storage device that can store static information and instructions, a RAM (random access memory) or other type of dynamic storage device that can store information and instructions, an EEPROM (ElectricallyErasableProgrammableReadOnlyMemory ), a CD-ROM (CompactDiscReadOnlyMemory, compact disc read only memory) or other optical disc storage, optical disc storage (including compact disc, laser disc, optical disc, digital versatile disc, blu-ray disc, etc.), magnetic disk storage media or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer.
The memory 303 is used for storing application program codes for executing embodiments of the present application and is controlled to be executed by the processor 301. The processor 301 is configured to execute the application code stored in the memory 303 to implement what is shown in the foregoing method embodiments.
Among them, electronic devices include, but are not limited to: mobile terminals such as mobile phones, notebook computers, digital broadcast receivers, PDAs (personal digital assistants), PADs (tablet computers), PMPs (portable multimedia players), in-vehicle terminals (e.g., in-vehicle navigation terminals), and the like, and stationary terminals such as digital TVs, desktop computers, and the like. The electronic device shown in fig. 3 is only an example and should not be construed as limiting the functionality and scope of use of the embodiments of the application.
A computer readable storage medium provided in the embodiments of the present application is described below, and the computer readable storage medium described below and the method described above may be referred to correspondingly.
The embodiment of the application provides a computer readable storage medium, wherein a computer program is stored on the computer readable storage medium, and the computer program realizes the steps of the database security audit method when being executed by a processor.
Since embodiments of the computer-readable storage medium portion and embodiments of the method portion correspond to each other, embodiments of the computer-readable storage medium portion are described with reference to embodiments of the method portion.
It should be understood that, although the steps in the flowcharts of the figures are shown in order as indicated by the arrows, these steps are not necessarily performed in order as indicated by the arrows. The steps are not strictly limited in order and may be performed in other orders, unless explicitly stated herein. Moreover, at least some of the steps in the flowcharts of the figures may include a plurality of sub-steps or stages that are not necessarily performed at the same time, but may be performed at different times, the order of their execution not necessarily being sequential, but may be performed in turn or alternately with other steps or at least a portion of the other steps or stages.
The foregoing is only a partial embodiment of the present application, and it should be noted that it will be apparent to those skilled in the art that modifications and adaptations can be made without departing from the principles of the present application, and such modifications and adaptations should and are intended to be comprehended within the scope of the present application.
Claims (10)
1. A database security audit method, comprising:
acquiring node data information of each data node corresponding to a database security audit flow and security audit standards corresponding to the node data information;
Matching each node data information with the corresponding security audit standard, and generating audit standard information corresponding to each node data information according to a matching result, wherein the audit standard information is used for characterizing whether a user accesses the node data information and determining whether the current access operation is abnormal or not;
Respectively calculating root hash values corresponding to the node data information, acquiring storage paths corresponding to the node data information, and forming an audit block chain by the root hash values and the storage paths, wherein the audit block chain comprises at least one block, and each block corresponds to each node data information;
When monitoring that a user has data access, generating an access data node, and determining user access authority according to access request information of the user, wherein the access data node is used for storing data access operation information of the user to a database, the access request information is used for representing user identity information and access data requirements, the access request information is generated after being triggered by the user, and the user access authority is used for representing a block range of the audit block chain which can be accessed by the user;
Determining whether the user meets the access right requirements according to the user identity information, the access data requirements and the user access rights, if so, determining an audit code corresponding to the user access rights according to the access request information, and feeding back the audit code to a user terminal corresponding to the user;
And after detecting that a user scans the audit code, correspondingly binding the access data node and the audit block chain according to the node data information, auditing the data access operation information in the access data node based on the security audit standard, determining whether the access data node has audit abnormality, and if so, processing the access data node according to a solution corresponding to the audit abnormality in the security audit standard.
2. The database security audit method according to claim 1, wherein determining an audit code corresponding to the user access right according to the access request information further includes:
Acquiring the number of accessible blocks corresponding to each user access right in real time;
Judging whether the user access authority has a block to be accessed according to the user access authority, the corresponding relation between the user access authority and the access block and the number of the accessible blocks corresponding to the current moment;
If yes, determining the aging information of the audit code according to the current time and audit flow information, and adding the aging information to the audit code, wherein the audit flow information comprises the predicted time when the access request information flows to each node in the audit block chain;
And when the increase of the number of the accessible blocks of the access authority corresponding to the access request information is detected, updating the audit code based on the monitoring information corresponding to the newly increased accessible blocks.
3. The database security audit method according to claim 2, wherein determining the time-of-day information of the audit code according to the current time and the audit stream information, and adding the time-of-day information to the audit code includes:
predicting the required circulation time length when the circulation node corresponding to the current moment flows to the node corresponding to the next block to be accessed according to the audit circulation information and the circulation node corresponding to the current moment;
Determining aging information of the audit code according to the current time and the required circulation duration;
And generating aging watermark information according to the aging information, and adding the aging watermark information to the audit code.
4. A database security auditing method according to claim 2, in which the method further comprises:
acquiring an access record of the audit code in a preset time period, wherein the access record is used for representing access time and access account number for accessing the audit code in the preset time period;
judging whether the audit code has access abnormality or not according to the access time and the access account in a preset time period;
When access abnormality exists, performing at least one parameter splice based on the position relation between the monitoring information corresponding to the audit code and the initial account information to obtain a parameter key corresponding to each parameter splice, and recording each splice process to obtain a splice rule corresponding to each splice process, wherein the initial account information comprises an initial account, and the initial account is an account for providing access request information triggered for the first time;
distributing the use time length for each splicing rule according to the aging information to obtain the use time length respectively corresponding to each splicing rule;
When the access request information is received again, analyzing the access request information to obtain access parameters, and recording the re-access time when the access request information is received again;
Determining a target splicing rule corresponding to the revisit moment according to the use time length respectively corresponding to each splicing rule, and performing parameter splicing on the access parameter and the monitoring information corresponding to the audit code according to the target splicing rule to obtain a monitoring information key;
And restoring the monitoring information key based on the target splicing rule and the use duration corresponding to each splicing rule respectively, matching the restored monitoring information key with the parameter key, and feeding back an audit code to the terminal equipment corresponding to the initial account if the matching is successful.
5. The database security audit method according to claim 4, wherein the performing at least one parameter splice based on the positional relationship between the monitoring information corresponding to the audit code and the initial account information to obtain a parameter key corresponding to each parameter splice includes:
Determining a random value according to a random number algorithm;
Determining the hash address of the monitoring information corresponding to the audit code in the block chain according to the mapping relation between the hash value and the monitoring information;
Determining respective corresponding numbers for the random value, the hash address and the initial account information, and arranging the respective corresponding numbers of the random value, the hash address and the initial account information to generate a plurality of number sequences;
And performing parameter splicing on the random value, the hash address and the initial account information according to each number sequence to obtain a parameter key corresponding to each number sequence.
6. The database security audit method according to claim 4, wherein the determining whether the audit code has access anomalies according to the access time and the access account within a preset time period includes:
Judging whether the access time and the access account number meet preset conditions in a preset time period, and determining that the audit code has access abnormality when the access time and the access account number meet the preset conditions;
Wherein the preset conditions include at least one of the following:
the access times of the same access account number in a preset time period are higher than a first preset threshold value;
The security level corresponding to the access account is lower than the preset security level;
The number of different access accounts within the preset access time period exceeds a second preset threshold.
7. A database security audit method according to claim 1 wherein the processing of the access data node according to a solution in the security audit standard corresponding to the audit anomaly is followed by:
If the safety audit standard does not have a solution matched with the audit abnormality, terminating the data access of the user;
judging whether the abnormal characteristics of the audit abnormality are consistent with the active abnormal characteristics of the user, if so, marking the abnormal characteristics of the user, freezing the user access authority of the user, and generating access abnormal information according to the active abnormal characteristics and feeding back to a user terminal;
if the access account number and the access domain name of the user are inconsistent, the abnormal characteristics representing the audit abnormality are passive abnormal characteristics, characteristic analysis is carried out on the passive abnormal characteristics based on abnormal big data, an abnormality improvement scheme is obtained, and after IPv6 stealth encryption is carried out on the access account number and the access domain name of the user according to the abnormality improvement scheme, data access of the user is restored.
8. A database security auditing apparatus, comprising:
The information acquisition module is used for acquiring node data information of each data node corresponding to the database security audit flow and security audit standards corresponding to the node data information;
The standard generation module is used for matching each node data information with the corresponding security audit standard, and generating audit standard information corresponding to each node data information according to a matching result, wherein the audit standard information is used for characterizing whether a user has abnormality in the current access operation when the user accesses the node data information;
the block chain forming module is used for respectively calculating root hash values corresponding to the node data information, acquiring storage paths corresponding to the node data information, and forming an audit block chain by the root hash values and the storage paths, wherein the audit block chain comprises at least one block, and each block corresponds to each node data information;
The authority determination module is used for generating access data nodes when monitoring that a user has data access, and determining user access authority according to access request information of the user, wherein the access data nodes are used for storing data access operation information of the user to a database, the access request information is used for representing user identity information and access data requirements, the access request information is generated after being triggered by the user, and the user access authority is used for representing a block range of the audit block chain which can be accessed by the user;
the audit code determining module is used for determining whether the user meets the access right requirement according to the user identity information, the access data requirement and the user access right, if so, determining an audit code corresponding to the user access right according to the access request information, and feeding back the audit code to a user terminal corresponding to the user;
And the exception handling module is used for correspondingly binding the access data node and the audit block chain according to the node data information after detecting that a user scans the audit code, auditing the data access operation information in the access data node based on the security audit standard, determining whether the access data node has audit exception, and if so, handling the access data node according to a solution corresponding to the audit exception in the security audit standard.
9. An electronic device, comprising:
At least one processor;
a memory;
At least one application program, wherein the at least one application program is stored in the memory and configured to be executed by the at least one processor, the at least one application program configured to: a database security auditing method according to any of claims 1 to 7.
10. A computer readable storage medium storing a computer program loadable by a processor and performing a database security auditing method according to any of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410328476.1A CN118153059A (en) | 2024-03-21 | 2024-03-21 | Database security audit method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410328476.1A CN118153059A (en) | 2024-03-21 | 2024-03-21 | Database security audit method and device, electronic equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN118153059A true CN118153059A (en) | 2024-06-07 |
Family
ID=91297962
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410328476.1A Pending CN118153059A (en) | 2024-03-21 | 2024-03-21 | Database security audit method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN118153059A (en) |
-
2024
- 2024-03-21 CN CN202410328476.1A patent/CN118153059A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10740411B2 (en) | Determining repeat website users via browser uniqueness tracking | |
| CN111416811A (en) | Unauthorized vulnerability detection method, system, equipment and storage medium | |
| CN111064745A (en) | Self-adaptive back-climbing method and system based on abnormal behavior detection | |
| CN113489713A (en) | Network attack detection method, device, equipment and storage medium | |
| CN111431753A (en) | Asset information updating method, device, equipment and storage medium | |
| CN110888838A (en) | Object storage based request processing method, device, equipment and storage medium | |
| CN113591068B (en) | Online login device management method and device and electronic device | |
| CN112995236B (en) | Internet of things equipment safety management and control method, device and system | |
| CN116074843B (en) | Zero trust security trusted audit method for 5G dual-domain private network | |
| CN111680282B (en) | Node management method, device, equipment and medium based on block chain network | |
| CN111131166B (en) | User behavior prejudging method and related equipment | |
| CN117134979A (en) | Data communication method, device, equipment and medium | |
| CN118153059A (en) | Database security audit method and device, electronic equipment and storage medium | |
| CN113190812A (en) | Login method, system, electronic equipment and storage medium | |
| CN114598509B (en) | Method and device for determining vulnerability result | |
| CN113094717B (en) | Effect evaluation method and device, electronic equipment and readable storage medium | |
| CN116094847B (en) | Honeypot identification method, honeypot identification device, computer equipment and storage medium | |
| CN111967043B (en) | Method, device, electronic equipment and storage medium for determining data similarity | |
| CN117910021B (en) | Data security management method and device, electronic equipment and medium | |
| CN112581011B (en) | Lease management method, lease management device, terminal equipment and storage medium | |
| CN117272278B (en) | Decentralization management method and device for digital asset platform | |
| CN112417328B (en) | Webpage monitoring method and device | |
| CN114880702A (en) | Request processing method and device based on rank-level authority, electronic equipment and medium | |
| CN116961993A (en) | Service configuration method, system, equipment and medium | |
| CN115664772A (en) | Access request processing method and device, computer equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination |