CN1360261A - By-pass intercepting and reducing method for database access - Google Patents
By-pass intercepting and reducing method for database access Download PDFInfo
- Publication number
- CN1360261A CN1360261A CN 01132337 CN01132337A CN1360261A CN 1360261 A CN1360261 A CN 1360261A CN 01132337 CN01132337 CN 01132337 CN 01132337 A CN01132337 A CN 01132337A CN 1360261 A CN1360261 A CN 1360261A
- Authority
- CN
- China
- Prior art keywords
- database
- data
- user
- packet
- type
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
A by-pass intercepting and restoring method for database access is characterized by that a database audit system is connected to network between database user and database server for filtering the data the user has accessed from the service port of database server, processing it by by-pass intercepting, and analyzing and restoring the information, so understanding all data accessed by user.
Description
Technical field
The present invention relates to the method that a kind of database access is intercepted and reduced, relate in particular to the method that a kind of bypass type database access is intercepted and reduced.
Background technology
In most of application systems, database is the core of total system, in case database is destroyed, may cause the paralysis of total system.(these pass through fire wall usually to remove threat to the network layer and the operating system of database host, intrusion detection and audit product are taken precautions against), the Database Systems platform itself faces a lot of threats, is stolen, unauthorized database manipulation, provides false data, identity to falsely use etc. as confidential data.Usually, provide the function of daily record in the database, but there is following defective in these daily records:
A, with the performance of consumption data storehouse main frame.Journal function will consume a large amount of CPU and hard disk resource, and difficult content to select to write down, or to the whole records in certain aspect, or do not have record.Such daily record often can be full of hard disk very soon.
B, INFORMATION OF INCOMPLETE.The daily record that operating system provides often lacks the information of network layer (as IP, MAC Address etc.), and be difficult to distinguish real user (should be different user adopts in the most systems be that same database is answered family ID), and can't trace back to the initiation source, be difficult in the middle practicality of investigating into a case.
C, journal function are bypassed easily.The disabled user may change some parameters in the database, makes daily record close, and perhaps makes database only write down simple data, also can completely make journal file to increase so that certain volume of system is write.
D, daily record are distorted by the hacker easily.When inner disabled user or hacker obtain the Advanced Control power of machine, just can delete whole daily record even distort daily record, confuse cracking of cases personnel or frame other people.
At present, network has become the indispensable factor of each application system, so most at present databases uses under network environment, the database of standalone version seldom uses at present.Through statistics, in network data base, make with the most use as to be following several mode at present:
A, Client/Server mode.This is the most traditional and typical Database Systems application model.Therefore most distributed establishing according to the storehouse all supported this application mode, and in an internal network environment, this mode has the efficient height, and strongly professional characteristics have the application of minority system to be based on this model development.
B, Browser/WEB Server/DBServer mode.This pattern is a kind of mode of rising after the technology of Internet/Intranet is popularized, this mode does not need client that client software is installed, adopting general browser just can to use by fulfillment database, relatively be easy to management and realization, is the mode that emerging system generally adopts.
C, adopt the middleware mode: in big system, for the efficient that improves system or use application such as redundant database, adopt the database application pattern of middleware mode to be promoted gradually.This safety of structure is than higher, and extended pattern is good, easy care.
No matter an application system is to use Client/Server, and browser/WEB/DB Server pattern also is to use the pattern of middleware, and the operation tool that the general user uses is special Client software or general Browser.But some inner destructive users may use some database client ending tools (as the sqlnet among the Oracle or by the data in the Telnet direct control database.This threat is fatal to the application system, and the user may altered data or destruction total system.
Summary of the invention
The purpose of this invention is to provide a kind of database performance, recorded information is complete and the database access of daily record safety is intercepted and reduced method of not influencing.
The object of the present invention is achieved like this, on the network between database user and database server, be connected a database auditing system, described database auditing system to the data of database user accesses data storehouse server service port filter, bypass type intercepts processing, and resolve reduction and handle the full content that the user accesses data storehouse is determined in the back intercepting the information that obtains.
Described database auditing system includes the net that has two network interface cards and visits equipment, audit center software, audit management software; Described audit center software is carried out data aggregation, and the data that described audit management software is collected the audit center software manage, and rule is set sends on the net spy equipment and control intercepting reduction.
The database auditing system filters the data of database user accesses data storehouse server service port, promptly non-visit data at database server not being intercepted, is that reduction is not resolved in the instruction that generates during interpreting user instruction becoming database server can be accepted to instruct to the visit data of the non-database service port of database server, partial information, the database that database server returns.
Described bypass type is intercepted and is comprised intercepting and intercepting the Database user access operating process database user login operation process.
Described intercepting of database user login operation process be may further comprise the steps:
The database protocol protocol header in a, the logging request packet that database user is sent and the data type of agreement are recorded in being connected in the table of packet;
In the protocol version that login in b, the packet that accepts request that database server is sent connects, the connection table that the attributive character word is recorded in packet;
C, the protocol type with in the communications protocol negotiation data bag, basic operation type are recorded in being connected in the table of packet with database user information.
D, the protocol type with log-on message, basic operation type, function type are recorded in being connected in the table of packet with the database login user name.
Described intercepting of Database user access operating process be may further comprise the steps:
A, the protocol type according to the accessing operation packet, basic operation type, function type are determined the data structure of accessing operation;
B, obtain user data visit statement according to the data structure of accessing operation;
C, the SQL statement in the accessing operation packet is sent into the SQL syntactic analyser carry out grammatical analysis and obtain database table and the database manipulation type that this statement relates to;
D, be provided with and transmit the user who comes according to management and be provided with, database table and type of database are carried out rule match.
E, carry out different disposal, if the rule response is for blocking-up then enter step f, if the rule response is for reporting to the police and record then enter step g, if the rule response is for ignoring then enter step h according to rule response;
F, net spy equipment send the blocking-up bag this connection are blocked, and send to the audit center software simultaneously;
G, will send to the audit center software according to the packet that has visit information of internal communication protocol using reorganization;
H, all bags that will connect are let pass, and do not carry out record of the audit and warning.
The host information, communications protocol version, database login name and the action statement that describedly intercept MAC Address of Network Card, database server IP address that the information that obtains comprises database server and user, calling party is used for database provide when mutual.
Described to resolve that reduction handles be that database service link field by resolving in the connection table realizes to intercepting the information that obtains, and may further comprise the steps:
A, carry out protocal analysis, obtain database connection protocol information intercepting the packet that obtains;
B, the data content of packet is analyzed according to protocol information, if data type then obtains the host information of its connection when being connection request, if data type is the user profile that user's logging request then obtains its connection, if data type is that the user data request of access then obtains the data access statement;
C, the data content that analysis is obtained write the connection table;
D, arrangement connect table information, the full content of specified data storehouse visit.
Described database service link field is kept a connection table for each bar user, and described database service link field comprises hyphen, communication protocol and database user name.
The step a of described reduction process may further comprise the steps:
A, obtain NIC address, remove the packet header of Ethernet data bag 4 from Ethernet data bag 4;
B, from the packet header of IP packet 5, obtain IP address information, the packet header of removing IP packet 5;
C, from the packet header of tcp data bag 6, obtain the port numbers of TCP, the packet header of removing tcp data bag 6;
D, from tcp data bag 6, analyze the agreement letter obtain including data length, data type and tagged word
Owing to adopted said method, the present invention to have following advantage:
A, database performance do not have influence.The control of carrying out database access by the mode of inside embedding brings very big influence to database performance.Especially under the situation of heavy traffic, the internal database audit takies ample resources, brings serious interference for the normal business service of database.The bypass type database access is intercepted with reduction technique and then database performance is had no effect.Can ensure the normal operation of data bank service.
B, information write down complete.The bypass type database access is intercepted with reduction technique can note comprehensive information.This technology can be by intercepting the computer system information that obtains the remote access user, the MAC Address of Network Card of the computing machine of using when IP address during visit and visit etc.Remedied the information deficiency of embedded database access control.To the operating process of database access, the bypass type visit is intercepted with reduction technique also can to get off by complete documentation.
C, daily record safety.The bypass type database access is intercepted to make with reduction technique and is isolated the network that business service is provided and provide the network of security service to become possibility.Embedded access control can not guarantee the safety of its data and daily record, the safety of more cannot say for sure to protect database data simultaneously.And the bypass type database access intercept with reduction technique by Network Isolation, can ensure inherently safe and the visit of monitor database server constantly.
Description of drawings Fig. 1 is that bypass type database access of the present invention is intercepted and the reduction process synoptic diagram; Fig. 2 is a bypass type database reduction splicing synoptic diagram of the present invention.
Embodiment
Below in conjunction with accompanying drawing, further the present invention will be described by following embodiment.
Described bypass type database access is intercepted with method of reducing and is applied in the oracle database auditing system 3.As shown in Figure 1, network environment is a 100 m ethernet, and equipment comprises database user 1, oracle database server 2, database auditing system 3, and operation platform is Linux.100,000,000 net spy equipment 31, audit center software 32 and audit management software 33 are housed on the database auditing system 3, and a MS SQL SERVER database is housed carries out the Audit data access.100,000,000 net spy equipment 31 are furnished with two hundred Broadcoms, and one of them network interface card does not have the IP address, and are set to promiscuous mode and listen to packet in the network, and another network interface card links to each other with oracle database server 2, promptly keeps the auditing system internal communication normal.
When 1 pair of ORACLE database server 2 of database user conducts interviews, 100,000,000 net spy equipment 31 can be heard the packet of its transmission from network interface card, 100,000,000 net spy equipment 31 will connect coupling to packet, seek the connection table of this connection, when this packet is initiated bag for connecting, will set up new connection table according to these data.
With the oracle database access process is the preface explanation.Database user 1 main frame begins to carry out the transmission of database access information after the normal TCP of service with oracle database server 2 shakes hands.At first database user 1 will send a link information bag.When net spy equipment 31 obtains this packet, will wrap data analysis to this.From this packet, we can obtain its TNS data type by parsing ORACLE database protocol TNS protocol header is 1, on behalf of these data, this initiate the information that connects for client 1, TNS version comprising the use of TNS protocol client software, with current some attributes that will adopt that are connected, bag is big or small as connecting, maximum can be accepted data length etc.Respond in the bag at oracle database server 2, we can know whether oracle database server 2 accepts this request, if accept then can obtain connecting the TNS version of actual employings and the attributive character word of reality employing.We will be to the analysis with the packet that makes things convenient for the back in the connection table of these attribute records.
After link information, database user 1 software sends own acceptable all versions to oracle database server 2, and oracle database server 2 will select the acceptable version of both sides to connect according to own spendable version.Obtain in this packet at net spy equipment 31, can obtain this TNS type is 4, and its basic operation type is 1 to be protocol negotiation as can be known.Be kept at the connection table from wherein reading host information again.
After protocol negotiation, database user 1 begins to send the log-on message of oneself to oracle database server 2.Net spy equipment 31 can be 4 according to its TNS type, and its basic operation type is 3 to be the customer data base request type, and function type is that 82 promptly initial half parts are logined types.Net spy equipment 31 can be judged its type and obtain the database login user name according to its actual pack arrangement, and write down this information and show in connection.
After user login information obtained the affirmation of oracle database server 2 and returns success, database user 1 can begin a series of database access operations.Its data structure operable can obtain according to three types that rise in the TNS agreement, i.e. TNS type, basic operation type, function type.According to dissimilar, net spy equipment 31 carries out the parsing of packet.Data structure according to accessing operation obtains user data visit statement, therefrom obtains SQL statement.SQL statement sent in the SQL syntactic analyser SQL statement is carried out grammatical analysis, obtain database table that this statement relates to and database manipulation type to carry out rule match.Be provided with and transmit the user who comes according to management and be provided with, carry out the condition coupling, if this bag satisfies the rule that the user is provided with.Net spy equipment 31 will carry out different disposal according to this rule, if the rule response is blocking-up, net spy equipment 31 will call network interface card one transmission blocking-up bag immediately this connection will be blocked, and send to simultaneously the audit center software 32, if for reporting to the police and record then this bag is sent to audit center software 32, if for ignoring, all bags that then will connect are let pass, and do not carry out record of the audit and warning.
After unpacking, the data that audit center software 32 sends net spy equipment 31 leave in the MS SQL SERVER database.Audit management software 33 will be obtained up-to-date data and show from MS SQL SERVER database.Audit management software 33 can also carry out the inquiry of historical record and the setting of type of alarm.Database user 1 can be seen NIC address, IP address and the port information that should be connected of ORACLE database and calling party from audit management software 33, can see rule name and this rule responsive measures of this connection coupling.Other information such as database access connect the initiation time, the statement of database access user login name and database access matched rule all will directly be presented in the warning message, and database user 1 can also view the operation of doing behind this connection matched rule from the detailed content of warning message.
Filter and at first will filter out the visit data that is not at oracle database server 2, next filters out the visit data of the non-database service port of oracle database server 2, in other data, we also will filter out the partial information that oracle database server 2 returns, as, after carrying out SELECT*FROM EXAMPLETABLE, oracle database server 2 may return bulk information, and these information will be filtered; Once more, we need filter out the instruction that oracle database is generation during interpreting user instruction becoming oracle database server 2 can be accepted to instruct.The mass data of instructing, returning as oracle database server 2 as the vernier detailed process all will be filtered out by the handling procedure of 100,000,000 net spy equipment 31.The information that does not filter out comprises that database user 1 connects the information of database, the information of database user 1 log database, and database user 1 is submitted to the instruction of database.The important information that oracle database server 2 returns, as whether success of login, whether success of database user 1 operation, whether the agreement that the main frame of database user 1 provides is supported by oracle database server 2 etc.
To intercepting the information reverting that obtains and splicing as described in Figure 2, the function of net spy equipment 31 can be divided into three parts, i.e. ICP/IP protocol analysis part, the concrete protocal analysis part of database, more inner communication parts.Can listen from network by 100,000,000 net spy equipment 31 and to get Ethernet data bag 4, data at first enter the ICP/IP protocol analysis part, and Ethernet data bag 4 has comprised the network interface card information of access to netwoks main frame, i.e. NIC address.Behind the packet header of removing Ethernet data bag 4, can from the packet header of IP packet 5, obtain the IP address information, remove the packet informations such as port numbers that can in tcp data bag 6 packet header, obtain TCP behind the IP packet header.
When this connection is not found respective items in existing connection table, set up new connection table, its connection table is set up as follows, according to Given informations such as the IP address of TCP/IP bag and ports, for connecting, this network sets up a table, comprising from the ICP/IP protocol analysis with regard to available NIC address and IP address and port address, and the time of connection initiation etc., also comprise the information in this connection subsequent packet, the log-on message of using as logon data in connecting, database user name, the host information of the client information of login and accessed oracle database, database and database user are consulted the protocol information of employing etc., remove outside the packet information, also need in connecting table, preserve the journal file title of its connection, conveniently to connect writing of daily record.
After the packet header of tcp data bag 6 is analyzed, 100,000,000 net spy equipment 31 will call the analysis that the database protocol analysis module carries out concrete database protocol.As the ORACLE data its TNS (transparent network bottom) agreement is arranged, SQL SERVER also has the TDS agreement.Because of every kind of database all has different agreements, 100,000,000 net spy equipment, 31/ block device provides identical interface to be connected with various database protocol analysis modules, therefore can be used for various database services, existing database protocol analysis module existing ORACLE, INFORMIX, several common type of MS SQL SERVER.
According to data type and data length information that the protocol header of database protocol packet 7 obtains, we can analyze data content 8.When being connection request as the data type, we can obtain the host information of its connection from data content 8, when if data type is user's logging request, we can obtain database user 1 information of its connection from data content 8, if when data type was database user 1 data access request, we can obtain the data access statement.
The information that will from data content 8, obtain write in the connection table and with the data access statement carry out SQL analyze with the specified data visit related to which tables of data and type of data access (to the storehouse operation as: build storehouse CREATE DATABASE, build table CREATE TABLE, operation note: SELECT, INSERT, DELETE, UPDATE) etc. packet restore information 9.Then connection is shown finish message and become specific format packet 10, and specific format packet 10 is passed to audit center software 32 by the internal system communications protocol, the information of arrangement specific format packet 10, the full content of specified data storehouse visit.
Claims (10)
1, a kind of bypass type database access method of intercepting and reducing, it is characterized in that, on the network between database user and database server, be connected a database auditing system, described database auditing system to the data of database user accesses data storehouse server service port filter, bypass type intercepts processing, and resolve reduction and handle the full content that the user accesses data storehouse is determined in the back intercepting the information that obtains.
2, the method for claim 1, it is further characterized in that described database auditing system comprises that the net that has two network interface cards is visited equipment, audit center software, audit management software; Described audit center software collection network equipment is uploaded data, and the data that described audit management software is collected the audit center software manage, and rule is set sends on the net spy equipment and control intercepting reduction.
3, the method for claim 1, it is further characterized in that, described database auditing system filters the data of database user accesses data storehouse server service port, promptly non-visit data at database server not being intercepted, is that reduction is not resolved in the instruction that generates during interpreting user instruction becoming server can be accepted to instruct to the visit data of the non-database service port of the database server that listens to, partial information, the database that server returns.
4, the method for claim 1, it is further characterized in that described bypass type is intercepted and comprised intercepting and intercepting the Database user access operating process database user login operation process.
5, method as claimed in claim 4, it is further characterized in that, described intercepting of database user login operation process be may further comprise the steps:
The database protocol protocol header in a, the logging request packet that database user is sent and the data type of agreement are recorded in being connected in the table of packet;
In the protocol version that login in b, the packet that accepts request that database server is sent connects, the connection table that the attributive character word is recorded in packet;
C, the protocol type with in the communication protocol negotiation data bag, basic operation type and database user information are recorded in being connected in the table of packet;
D, judge protocol type, basic operation type, function type and the database login user name of log-on message according to connecting information in the table;
E, the protocol type with log-on message, basic operation type, function type and database login user name are recorded in being connected in the table of packet;
F, the audit center software is sent in the information in connection table reorganization.
6, method as claimed in claim 4, it is further characterized in that, described intercepting of Database user access operating process be may further comprise the steps:
A, the protocol type according to the accessing operation packet, basic operation type, function type are determined the data structure of accessing operation;
B, obtain user data visit statement according to the data structure of accessing operation;
C, user data is visited SQL statement in the statement send into the SQL syntactic analyser and carry out grammatical analysis and obtain database table and the database manipulation type that this statement relates to;
D, be provided with and transmit the user who comes according to management and be provided with, database table and type of database are carried out rule match.
E, carry out different disposal, if the rule response is for blocking-up then enter step f, if the rule response is for reporting to the police and record then enter step g, if the rule response is for ignoring then enter step h according to rule response;
F, net spy equipment send the blocking-up bag this connection are blocked, and send to the audit center software simultaneously;
G, will send to the audit center software according to the packet that has visit information of internal communication agreement reorganization;
H, all bags that will connect are let pass, and do not carry out record of the audit and warning.
7, the method for claim 1, it is further characterized in that, the host information, communications protocol version, database login name and the action statement that describedly intercept MAC Address of Network Card, database server IP address that the information that obtains comprises database server and subscriber's main station, calling party is used for database provide when mutual.
8, the method for claim 1, it is further characterized in that, described the information that listens to is resolved that reduction handles is that database service link field by resolving in the connection table realizes, may further comprise the steps:
A, carry out protocal analysis, obtain database connection protocol information intercepting the packet that obtains;
B, the data content of packet is analyzed according to protocol information, if data type then obtains the host information of its connection when being connection request, if data type is the user profile that user's logging request then obtains its connection, if data type is that the user data request of access then obtains the data access statement;
C, the data content that analysis is obtained write the connection table;
D, arrangement connect table information, the full content of specified data storehouse visit.
9, method as claimed in claim 8, it is further characterized in that described database service link field is kept a connection table for each bar user, described database service link field comprises hyphen, communication protocol and database user name.
10, method as claimed in claim 8, it is further characterized in that, in step a, describedly packet is carried out protocal analysis specifically may further comprise the steps:
A, obtain NIC address, remove the packet header of Ethernet data bag from the Ethernet data bag;
B, from the packet header of IP packet, obtain IP address information, the packet header of removing the IP packet;
C, from the packet header of tcp data bag, obtain the port numbers of TCP, the packet header of removing the tcp data bag;
D, from the tcp data bag, analyze the protocol information obtain including data length, data type and tagged word.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 01132337 CN1360261A (en) | 2001-11-29 | 2001-11-29 | By-pass intercepting and reducing method for database access |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 01132337 CN1360261A (en) | 2001-11-29 | 2001-11-29 | By-pass intercepting and reducing method for database access |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN1360261A true CN1360261A (en) | 2002-07-24 |
Family
ID=4671369
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 01132337 Pending CN1360261A (en) | 2001-11-29 | 2001-11-29 | By-pass intercepting and reducing method for database access |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1360261A (en) |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101388010B (en) * | 2007-09-12 | 2010-09-15 | 北京启明星辰信息技术股份有限公司 | Oracle database audit method and system |
| CN101453359B (en) * | 2007-12-06 | 2011-05-04 | 北京启明星辰信息技术股份有限公司 | Database error information extracting method and system |
| CN102065147A (en) * | 2011-01-07 | 2011-05-18 | 深圳市易聆科信息技术有限公司 | Method and device for obtaining user login information based on enterprise application system |
| CN102654864A (en) * | 2011-03-02 | 2012-09-05 | 华北计算机系统工程研究所 | Independent transparent security audit protection method facing real-time database |
| CN102801714A (en) * | 2012-07-26 | 2012-11-28 | 杭州电子科技大学 | Method for analyzing and reducing SQL (Structured Query Language) command in TNS (Transparent Network Substrate) protocol in by-pass manner |
| CN104063473A (en) * | 2014-06-30 | 2014-09-24 | 江苏华大天益电力科技有限公司 | Database auditing monitoring system and database auditing monitoring method |
| CN1664818B (en) * | 2004-03-03 | 2015-08-05 | 微软公司 | The neologisms collection method split for word and system |
| CN105260378A (en) * | 2015-09-08 | 2016-01-20 | 上海上讯信息技术股份有限公司 | Database audit method and device |
| CN105718599A (en) * | 2016-03-07 | 2016-06-29 | 深圳前海微众银行股份有限公司 | Method and device for analyzing database access data packet |
| CN105930967A (en) * | 2016-04-19 | 2016-09-07 | 成都晨越建设项目管理股份有限公司 | Safe and reliable subway construction cost audit information system |
| CN107193902A (en) * | 2017-05-11 | 2017-09-22 | 北京交通大学 | A kind of method for parsing and reducing sql command in Cach é database communication agreements |
| CN107451491A (en) * | 2017-07-28 | 2017-12-08 | 杭州安恒信息技术有限公司 | A kind of method for improving protocol analysis accuracy when database linkage information is lost |
| CN107465661A (en) * | 2017-07-04 | 2017-12-12 | 重庆邮电大学 | A kind of cloud Method of Database Secure Audit method based on Docker virtualizations |
-
2001
- 2001-11-29 CN CN 01132337 patent/CN1360261A/en active Pending
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1664818B (en) * | 2004-03-03 | 2015-08-05 | 微软公司 | The neologisms collection method split for word and system |
| CN101388010B (en) * | 2007-09-12 | 2010-09-15 | 北京启明星辰信息技术股份有限公司 | Oracle database audit method and system |
| CN101453359B (en) * | 2007-12-06 | 2011-05-04 | 北京启明星辰信息技术股份有限公司 | Database error information extracting method and system |
| CN102065147A (en) * | 2011-01-07 | 2011-05-18 | 深圳市易聆科信息技术有限公司 | Method and device for obtaining user login information based on enterprise application system |
| CN102654864A (en) * | 2011-03-02 | 2012-09-05 | 华北计算机系统工程研究所 | Independent transparent security audit protection method facing real-time database |
| CN102801714A (en) * | 2012-07-26 | 2012-11-28 | 杭州电子科技大学 | Method for analyzing and reducing SQL (Structured Query Language) command in TNS (Transparent Network Substrate) protocol in by-pass manner |
| CN102801714B (en) * | 2012-07-26 | 2015-03-11 | 杭州电子科技大学 | Method for analyzing and reducing SQL (Structured Query Language) command in TNS (Transparent Network Substrate) protocol in by-pass manner |
| CN104063473B (en) * | 2014-06-30 | 2017-11-17 | 北京华电天益信息科技有限公司 | A kind of database audit monitoring system and its method |
| CN104063473A (en) * | 2014-06-30 | 2014-09-24 | 江苏华大天益电力科技有限公司 | Database auditing monitoring system and database auditing monitoring method |
| CN105260378A (en) * | 2015-09-08 | 2016-01-20 | 上海上讯信息技术股份有限公司 | Database audit method and device |
| CN105718599A (en) * | 2016-03-07 | 2016-06-29 | 深圳前海微众银行股份有限公司 | Method and device for analyzing database access data packet |
| CN105930967A (en) * | 2016-04-19 | 2016-09-07 | 成都晨越建设项目管理股份有限公司 | Safe and reliable subway construction cost audit information system |
| CN107193902A (en) * | 2017-05-11 | 2017-09-22 | 北京交通大学 | A kind of method for parsing and reducing sql command in Cach é database communication agreements |
| CN107193902B (en) * | 2017-05-11 | 2020-04-17 | 北京交通大学 | Method for analyzing and restoring SQL (structured query language) command in Cach é database communication protocol |
| CN107465661A (en) * | 2017-07-04 | 2017-12-12 | 重庆邮电大学 | A kind of cloud Method of Database Secure Audit method based on Docker virtualizations |
| CN107451491A (en) * | 2017-07-28 | 2017-12-08 | 杭州安恒信息技术有限公司 | A kind of method for improving protocol analysis accuracy when database linkage information is lost |
| CN107451491B (en) * | 2017-07-28 | 2020-03-10 | 杭州安恒信息技术股份有限公司 | Method for improving protocol analysis accuracy when database connection information is lost |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10397279B2 (en) | Directing audited data traffic to specific repositories | |
| US10104095B2 (en) | Automatic stability determination and deployment of discrete parts of a profile representing normal behavior to provide fast protection of web applications | |
| US11030335B2 (en) | Effectively validating dynamic database queries through database activity monitoring | |
| KR102033169B1 (en) | intelligence type security log analysis method | |
| US8321952B2 (en) | Method and system for monitoring online computer network behavior and creating online behavior profiles | |
| US6292801B1 (en) | System and method for managing computer and phone network resources | |
| EP1955159B1 (en) | Log collection, structuring and processing | |
| US7207067B2 (en) | Enforcing data protection legislation in Web data services | |
| AU756407B2 (en) | Information security analysis system | |
| CN112383546A (en) | Method for processing network attack behavior, related device and storage medium | |
| CN1360261A (en) | By-pass intercepting and reducing method for database access | |
| CN102065147A (en) | Method and device for obtaining user login information based on enterprise application system | |
| WO2014085952A1 (en) | Policy processing method and network device | |
| CN101639879A (en) | Database security monitoring method, device and system | |
| CN107172022A (en) | APT threat detection method and system based on intrusion feature | |
| US20050185673A1 (en) | System and Method for Managing Computer and Phone Network Resources | |
| CN111191247A (en) | Database security audit system | |
| CN111314301A (en) | Website access control method and device based on DNS (Domain name Server) analysis | |
| KR100593661B1 (en) | Method and system for monitoring and securing a database | |
| CN111177480A (en) | Block chain directory file system | |
| CN1170229C (en) | Bypass access control system based on SQL statement | |
| KR20020012855A (en) | Integrated log analysis and management system and method thereof | |
| CN114650185A (en) | Security risk analysis method and security monitoring management system with network data assets as cores | |
| CN1630252A (en) | Broadband IP access equipment and method for realizing user log in same equipment | |
| CN116886449B (en) | Method for intelligently identifying and intercepting domain name |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C06 | Publication | ||
| PB01 | Publication | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |