CN102480385A - Database security protection method and device - Google Patents
Database security protection method and device Download PDFInfo
- Publication number
- CN102480385A CN102480385A CN201010570372XA CN201010570372A CN102480385A CN 102480385 A CN102480385 A CN 102480385A CN 201010570372X A CN201010570372X A CN 201010570372XA CN 201010570372 A CN201010570372 A CN 201010570372A CN 102480385 A CN102480385 A CN 102480385A
- Authority
- CN
- China
- Prior art keywords
- operations
- database
- message
- model
- observation cycle
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a database security protection method and device, relates to the technical field of networks, and solves the problem of low security of a database. The method comprises the following steps of: receiving and resolving a message, and extracting database operation information in the message; carrying out statistics on the database operation information; and generating a normal behavioral model according to a statistical result, and detecting whether the database operation is abnormal or not according to the normal behavioral model. The technical scheme provided by the invention is suitable for database security protection.
Description
Technical field
The present invention relates to networking technology area, relate in particular to a kind of database security guard method and device.
Background technology
Along with informationalized development, more and more be deep in the middle of all trades and professions for the use of various databases such as DB2, Oracle, MySQL or the like.Especially relating in the middle of the industries such as finance, information, database all is used to store a large amount of significant datas, and becomes the problem that network security product must be considered for the audit and the protection of various data.
Present diverse network safety product can only detect and protect external attack or potential safety hazard like fire compartment wall, intruding detection system etc., but can't effectively find and protect for database internal staff's violation operation.And only can carry out the extraction of operation information to the operation of types of databases at present to the user in the middle of the current business system for common data bank service auditing system.Wherein the user comprise substantially for the operation of database increase, delete, change, action type such as inquiry; A lot of data bank service auditing systems can extract all kinds of database manipulation messages accurately, comprises action type, operand, operating time or the like.It is not enough that but present data bank service development trend has determined only can to extract the operation information of various databases; From the consideration of database safeguarding angle, need in the operation information of lot of data storehouse, to detect to have unusual database manipulation behavior.For example in the middle of the case of an actual generation; Certain Pharmaceutical Sales Representative is for taking kick-backs in the middle of the buying medicine; The repeatedly operating position and the price of various kinds of drug in the middle of the Query Database, iff depends on traditional data storehouse operating audit system, though each time the query event of can auditing accurately; But, therefore can't detect wherein unusual because each time query manipulation all belongs to legal database manipulation.In the middle of the operation of this case is a certain user's inquiry times and frequency and the unusual greatly database manipulation behavior in a period of time of operation ratio and be reflected in.And for example the user is seek that private interests do not stop the back-end data database data is made amendment in certain case; Though in the auditing system modification data behavior each time of auditing; But can't find this frequent data modification abnormal behaviour, reduce safeness of Data Bank.
Summary of the invention
The invention provides a kind of database security guard method and device, solved the low problem of database security.
A kind of database security guard method comprises:
Receive and analytic message, extract the database manipulation message in the said message;
Said database manipulation message is added up;
Generate the normal behaviour model according to statistics;
According to said normal behaviour model, detect database manipulation and whether exist unusually.
Preferably, receive and analytic message, the database manipulation message that extracts in the said message is specially:
Receive message, extract the SQL statement of sign database manipulation in the message, from said SQL statement, extract said database manipulation message.
Preferably, said database manipulation message comprises action type, operation source IP address, operating time and type of database, and said reception and analytic message extract before the step of the database manipulation message in the said message, also comprise:
Formulate the model generation strategy; Said model generation strategy comprises policing parameter, model self study cycle, model self-learning algorithm, observation cycle and sampling period; Said policing parameter comprises effective action type and type of database, and the said model self study cycle comprises at least one observation cycle.
Preferably, said said database manipulation message is added up is specially;
To carrying out statistic of classification with said policing parameter matching databases operation information, obtain statistics, said statistic of classification is specially the number of operations of adding up each generic operation in the observation cycle according to action type.
Preferably, saidly generate the normal behaviour model according to statistics and comprise:
Generate the cycle at each model,, calculate the number of operations that each observation cycle is all operated in the last sampling period respectively according to said statistics;
The number of operations that calculates each generic operation in each observation cycle respectively accounts for the ratio of the number of operations of said whole operations;
Account for the ratio of the number of operations of said whole operations according to the number of operations of the number of operations of said whole operations and each generic operation,, generate the normal behaviour model according to said model generation strategy.
Preferably, said according to said model generation strategy, generate the normal behaviour model and comprise:
Pass through expression formula
The number of operations average of calculating generic operation in an observation cycle, wherein, N is the number of the observation cycle that comprises in the sampling period, x
iBe illustrated in the number of operations of this generic operation in each observation cycle,
It is the number of operations average of a generic operation in the observation cycle;
Calculate the variance yields of the number of operations of a generic operation in the sampling period through expression formula
;
Pass through expression formula
The number of operations of calculating generic operation in an observation cycle accounts in this observation cycle all averages of the ratio of the number of operations of operation, and wherein, N is the number of the observation cycle that comprises in the sampling period, y
jThe number of operations that is illustrated in this generic operation in each observation cycle accounts for the ratio of the number of operations of all operating in this observation cycle;
Account for the variance of proportion value of the number of operations of all operating in this observation cycle through expression formula
calculating number of operations of a generic operation in a sampling period;
With said
σ
1, y
jAnd σ
2As the normal running model.
Preferably, according to said normal behaviour model, whether the detection database manipulation exists unusually is specially:
With poor to the number of operations average of the number of operations of a generic operation and this generic operation in the last sampling period in the observation cycle of current place; Compare with the variance yields of the number of operations of this generic operation; According to comparative result, judge whether to exist database manipulation unusual.
Preferably, according to said normal behaviour model, whether the detection database manipulation exists unusually is specially:
With average poor that in the observation cycle of current place the number of operations of a generic operation is accounted in this observation cycle all ratio of number of operations and this ratio in the last model generation cycle; The variance of proportion value that accounts for whole number of operations with the number of operations of this generic operation compares; According to comparative result, judge whether to exist database manipulation unusual.
The present invention also provides a kind of database security protective device, comprising:
The packet parsing module is used for receiving and analytic message, extracts the database manipulation message in the said message;
Statistical module is used for said database manipulation message is added up;
The model generation module is used for generating the normal behaviour model according to statistics;
Whether the abnormality detection module is used for according to said normal behaviour model, detect database manipulation and exist unusually.
Preferably, above-mentioned database security protective device also comprises:
The policy development module; Be used to formulate the model generation strategy; Said model generation strategy comprises policing parameter, model self study cycle, model self-learning algorithm and observation cycle; Said policing parameter comprises effective action type and type of database, and the said model self study cycle comprises at least one observation cycle
The invention provides a kind of database security guard method and device, receive and analytic message, extract the database manipulation message in the said message at the database side joint; And said database manipulation message added up; Generate the normal behaviour model according to statistics then,, detect database manipulation and whether exist unusually again according to said normal behaviour model; Can detect the abnormal behaviour on the database manipulation, solve the low problem of database security.
Description of drawings
The flow chart of a kind of database security guard method that Fig. 1 provides for embodiments of the invention one;
The flow chart of a kind of database security guard method that Fig. 2 provides for embodiments of the invention two;
The structural representation of a kind of database security protective device that Fig. 3 provides for embodiments of the invention;
The structural representation of a kind of database security protective device that Fig. 4 provides for another embodiment of the present invention.
Embodiment
In order to solve the problem of database security; The invention provides a kind of method that can realize for the abnormality detection of types of databases operation behavior; Thereby can improve the protective capacities of Database Systems by the database manipulation behavior that notes abnormalities in the middle of the Action Events of lot of data storehouse.
Hereinafter will combine accompanying drawing that embodiments of the invention are elaborated.Need to prove that under the situation of not conflicting, embodiment among the application and the characteristic among the embodiment be combination in any each other.
Embodiments of the invention have proposed a kind of database security guard method and device that is used for the central operation behavior abnormality detection of Database Systems; Under the data bank service environment of practical application through the data message being resolved and the collection of types of databases operation information generates the normal behaviour model of each generic operation under the current data lab environment, and be that standard logarithmic detects according to the storehouse abnormal operation with this model.This database manipulation abnormal behavior detection model can be brought in constant renewal in the normal behaviour model to adapt to the needs of abnormality detection through the mode of self study in testing process simultaneously.Database security guard method and system that the embodiment of the invention provided; The types of databases operation behavior of carrying in can the network message according to actual acquisition is set up the normal behaviour model of database manipulation and dynamically model is adjusted with the self study mode; Can find the central abnormal behaviour of hiding of types of databases operation behavior accurately; Thereby reflect that to a certain extent the potential safety hazard that possibly exist reports user or keeper, for Database Systems provide accurate audit and safeguard function.
At first, embodiments of the invention one are described.
Use embodiments of the invention one, protect the flow process that detects abnormal behaviour as shown in Figure 1, comprising database security:
The database security guard method that the embodiment of the invention provides is received and analytic message at the database side joint, extracts the database manipulation message in the said message; And said database manipulation message added up; Generate the normal behaviour model according to statistics then,, detect database manipulation and whether exist unusually again according to said normal behaviour model; Can detect the abnormal behaviour on the database manipulation, solve the low problem of database security.
Below in conjunction with accompanying drawing, embodiments of the invention two are described.
The embodiment of the invention provides a kind of database security guard method, uses this method, protects the flow process that detects abnormal behaviour as shown in Figure 2 to database security, comprising:
In this step, according to actual database system environments setting model generation strategy, the generation that the model generation strategy is used to types of databases operating data statistics and normal behaviour model provides foundation.
Said model generation strategy comprises policing parameter, model self study cycle, model self-learning algorithm and observation cycle, and said policing parameter comprises effective action type and type of database, and the said model self study cycle comprises at least one observation cycle.
Under different database environments, possibly be different to factors such as the access frequency of database, access types.For example for some database environment, be different for the criteria for classification of the operations of database, possibly only need to pay close attention to main behaviors such as inquiry, change, deletion, what also possibly pay close attention to is all types of database manipulations.And for example different database environments is different for the access of database frequency; Some is only needed a few minutes or even a few second like the observation cycle that the system of hot topics such as finance, bank possibly set; And for the not high database environment of access frequency, possibly set observation cycle is that dozens of minutes gets final product.Required each item policing parameter when this clear steps set to generate the normal behaviour model meets the demand of practical application to guarantee the normal behaviour model of follow-up generation.
This step is specially, and receives message, extracts the SQL statement of sign database manipulation in the message, from said SQL statement, extracts said database manipulation message.
Said message specifically can be data message; Data message according to actual acquisition carries out protocol analysis; Carry out the types of databases operation information that each field contents extracts and the model generation strategy of foundation setting will wherein comprise according to the corresponding database protocol format and carry out statistic of classification, and the data after will adding up offer the generation that the detection model maker carries out detection model.
Specific as follows:
Suppose that the policing parameter of in step 201, setting is:
Type of database: oracle database;
Valid function type: inquiry, change and other operation.
In this step, protocol resolver is operated the data message of catching, and carries out corresponding field according to different database protocol forms and extracts.For example for informix database; Can in the middle of type of message is 0002 or 0001 data message, extract the SQL statement of identification database operation, and oracle database can extract the SQL statement that identification database is operated at 0351 message or through the matching technique of setting tagged words such as " select, insert " according to different driving types.After this this step is classified the types of databases operation that extracts and is generated the database manipulation data with unified information format, comprising database manipulation type, operation IP, operating time, object data library name or the like.
The observation cycle that is provided with is 5 minutes, is sampled as 5 days, and the model generation cycle is 1 hour.To the record that receives the database manipulation message that comprises in the message (each parameter of each bar record is followed successively by: action type, address, time, type of database) as follows:
Select 201.220.74.104?10-05-23?8:00?Oracle
update 162.195.54.101?10-05-23?8:01?Oracle
insert 130.114.52.162?10-05-23?8:01?Oracle
Select 192.168.172.1 10-05-23?8:01?DB2
update 60.192.173.162?10-05-23?8:02?Oracle
update 211.182.16.13 10-05-23?8:02?Oracle
Select 210.171.62.17 10-05-23?8:03?Oracle
Select 166.193.14.124?10-05-23?8:03?Oracle
Delete 202.168.72.181?10-05-23?8:04?Oracle
In this step,, can be categorized as inquiry 3 times, upgrade 3 times, other 2 times for the operation for oracle database in the observation cycle 8:00-8:05 according to the record in the step 202.Record 4 wherein is invalid record.Similarly, also can set strategies such as monitoring IP in the middle of this step.
The model that this step can be followed an appointment generates the cycle, also can be to carry out aperiodic.Generating the normal behaviour model with periodicity in the embodiment of the invention is that example describes, and according to aperiodic mode generation model, generation model algorithm that it is concrete and sampling principle are with periodically identical, in this no longer repeat specification.
In this step, generate the database manipulation normal behaviour model under the current data lab environment, and this model is offered database, as the unusual examination criteria of operation behavior according to classified database manipulation statistics.
Generate the database manipulation normal behaviour model under the current data lab environment according to classified database manipulation statistics, and this model is offered the standard of database manipulation abnormal behavior checkout gear as abnormality detection.
The statistics of Various types of data operation is calculated total number of operations and database manipulation proportion of all categories and is generated detection model with this in each observation cycle that provides according to database manipulation data statistics step.This step adopts the self study mode to carry out the generation of model, can adopt periodic mode of learning or acyclic mode of learning to carry out the generation of detection model as required.Be without loss of generality; The present embodiment hypothesis adopts periodic mode of learning to carry out the generation of model; According to the model generation strategy of setting up in the step 202, according to the database manipulation statistics of the 8:00-9:00 in past 5 days data object as the normal behaviour modelling.Observation cycle in this sampling period is 5 minutes, and then should the observation cycle in the time period be 12 every day, and total observation cycle in past 5 days is 60.With this we generate should be in the time period normal behaviour model of (8:00-9:00) database manipulation.Concrete computational methods are following:
Pass through expression formula
The number of operations average of calculating generic operation in an observation cycle, wherein, N is the number of the observation cycle that comprises in the sampling period, x
iBe illustrated in the number of operations of this generic operation in each observation cycle,
It is the number of operations average of a generic operation in the observation cycle;
Calculate the variance yields of the number of operations of a generic operation in the sampling period through expression formula
.
According to the statistics in above-mentioned the giving an example, need to calculate respectively average and variance yields, the average of change generic operation and the average and the variance yields of variance yields and other generic operations of inquiry generic operation in this step.Then for inquiry generic operation, the inquiry generic operation number of times x in the sampling period in first observation cycle
1=3.
In addition, through expression formula
The number of operations of calculating generic operation in an observation cycle accounts in this observation cycle all averages of the ratio of the number of operations of operation, and wherein, N is the number of the observation cycle that comprises in the sampling period, y
jBe illustrated in the ratio that interior this generic operation of each observation cycle accounts for the number of operations of all operating in this observation cycle;
Account for the variance of proportion value of the number of operations of all operating in this observation cycle through expression formula
calculating number of operations of a generic operation in a sampling period.According to above-mentioned statistics of giving an example, for observation cycle 1, y
1=0.375.
Need explain; When having adopted periodic self-learning algorithm to generate the normal behaviour model; The normal behaviour model will periodically upgrade according to the model generation cycle; When each the renewal, with the current point in time starting point all, a plurality of test period value of getting forward in the sampling period is upgraded for unit.Be as the criterion with up-to-date model threshold when carrying out abnormality detection.
In this step, the normal behaviour model and the follow-up types of databases operation information of receiving that generate according to step 204 carry out abnormality detection, judge whether current database manipulation behavior exists unusually, and testing result is exported to user or keeper.
Concrete, at real-time monitor stages,, compare with its baseline with the actual value of the database manipulation behavior of adding up in certain observation cycle, according to departure degree and preset threshold, whether judgment data storehouse operation behavior exists unusually.Here need carry out the comparison of two types of data: the comparison of the database manipulation number of times of predefined type, with the comparison that accounts for total number of operations percentage, finally the result according to two comparisons comprehensively judges whether to exist unusual.The employed determination methods of the embodiment of the invention adopts monolateral comparison in relatively, just might produce abnormal alarm when promptly having only actual value greater than threshold value, if actual value less than threshold value, then no matter deviation has and does not muchly all report to the police.
For example determination methods is described, determination methods is at present:
mile abnormality;
severely subnormal;
For example; Suppose that current point in time is 6:30; The object that needs statistical analysis is all data base querying behaviors, the actual value of the data base querying number of times of current statistics then, and the user of the 6:00-7:00 that need set up with the self study stage lands behavior normal behaviour model and compares.Suppose that this model comprises: the inquiry times average is 100, and variance is 10, and operation percentage average is 30%, and the percentage variance is 0.05.Criterion is default standard (is mile abnormality, moderate are unusual, severely subnormal standard be respectively 2 σ, 3 σ and 4 σ).
Suppose in the current observation cycle that observing the data base querying number of times is 120 times, accounts for 35% of total number of operations, then judges according to number of operations:
Therefore 120-100=20=2 * 10 are mile abnormality
Judge according to percentage:
0.35-0.3=0.05<2 * 0.05, be normal therefore.
Take all factors into consideration the result of determination of the two, assert that active user's inquiry behavior is normal.Here can be according to the synthetic determination mode of two threshold values of actual database environment set, for example above-mentioned example decidable for normally also decidable be mile abnormality, this can set or preset the weighted average mode and judge automatically according to actual environment or user's needs.
Embodiments of the invention also provide a kind of database security protective device, and its structure is as shown in Figure 3, comprising:
Whether abnormality detection module 304 is used for according to said normal behaviour model, detect database manipulation and exist unusually.
Further, this device is as shown in Figure 4, also comprises:
Policy development module 305; Be used to formulate the model generation strategy; Said model generation strategy comprises policing parameter, model self study cycle, model self-learning algorithm and observation cycle; Said policing parameter comprises effective action type and type of database, and the said model self study cycle comprises at least one observation cycle.Above-mentioned database security protective device; Can combine with a kind of database security guard method that embodiments of the invention provide, receive and analytic message, extract the database manipulation message in the said message at the database side joint; And said database manipulation message added up; Generate the normal behaviour model according to statistics then,, detect database manipulation and whether exist unusually again according to said normal behaviour model; Can detect the abnormal behaviour on the database manipulation, solve the low problem of database security.Solve the data bank service auditing system simultaneously and only can show the problem that the types of databases operation information but can't therefrom note abnormalities and operate.The normal behaviour model that has adopted abnormality detection technology and self study technology to produce database manipulation in the current data lab environment carries out abnormality detection and has realized the self study update functions for the normal behaviour model.Perfect to a certain extent whether there is the comprehensive and safeguard function of unusual detection for database manipulation; Can be promptly and accurately show contingent attack or potential safety hazard for user or administrative staff from the database built-in function; Help management system or administrative staff to the comprehensive assurance of current database system and the protection of abnormal data storehouse operation behavior; Have good performance and accuracy, can be widely used in the network security product.
The all or part of step that the one of ordinary skill in the art will appreciate that the foregoing description program circuit that can use a computer is realized; Said computer program can be stored in the computer-readable recording medium; Said computer program (like system, unit, device etc.) on the relevant hardware platform is carried out; When carrying out, comprise one of step or its combination of method embodiment.
Alternatively, all or part of step of the foregoing description also can use integrated circuit to realize, these steps can be made into integrated circuit modules one by one respectively, perhaps a plurality of modules in them or step is made into the single integrated circuit module and realizes.Like this, the present invention is not restricted to any specific hardware and software combination.
Each device/functional module/functional unit in the foregoing description can adopt the general calculation device to realize, they can concentrate on the single calculation element, also can be distributed on the network that a plurality of calculation element forms.
Each device/functional module/functional unit in the foregoing description is realized with the form of software function module and during as independently production marketing or use, can be stored in the computer read/write memory medium.The above-mentioned computer read/write memory medium of mentioning can be a read-only memory, disk or CD etc.
Any technical staff who is familiar with the present technique field is in the technical scope that the present invention discloses, and the variation that can expect easily or replacement all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the described protection range of claim.
Claims (10)
1. a database security guard method is characterized in that, comprising:
Receive and analytic message, extract the database manipulation message in the said message;
Said database manipulation message is added up;
Generate the normal behaviour model according to statistics;
According to said normal behaviour model, detect database manipulation and whether exist unusually.
2. database security guard method according to claim 1 is characterized in that, receives and analytic message, and the database manipulation message that extracts in the said message is specially:
Receive message, extract the SQL statement of sign database manipulation in the message, from said SQL statement, extract said database manipulation message.
3. database security guard method according to claim 1; It is characterized in that; Said database manipulation message comprises action type, operation source IP address, operating time and type of database; Said reception and analytic message extract before the step of the database manipulation message in the said message, also comprise:
Formulate the model generation strategy; Said model generation strategy comprises policing parameter, model self study cycle, model self-learning algorithm, observation cycle and sampling period; Said policing parameter comprises effective action type and type of database, and the said model self study cycle comprises at least one observation cycle.
4. database security guard method according to claim 3 is characterized in that, said said database manipulation message is added up is specially;
To carrying out statistic of classification with said policing parameter matching databases operation information, obtain statistics, said statistic of classification is specially the number of operations of adding up each generic operation in the observation cycle according to action type.
5. database security guard method according to claim 4 is characterized in that, saidly generates the normal behaviour model according to statistics and comprises:
Generate the cycle at each model,, calculate the number of operations that each observation cycle is all operated in the last sampling period respectively according to said statistics;
The number of operations that calculates each generic operation in each observation cycle respectively accounts for the ratio of the number of operations of said whole operations;
Account for the ratio of the number of operations of said whole operations according to the number of operations of the number of operations of said whole operations and each generic operation,, generate the normal behaviour model according to said model generation strategy.
6. database security guard method according to claim 5 is characterized in that, and is said according to said model generation strategy, generates the normal behaviour model and comprises:
Pass through expression formula
The number of operations average of calculating generic operation in an observation cycle, wherein, N is the number of the observation cycle that comprises in the sampling period, x
iBe illustrated in the number of operations of this generic operation in each observation cycle,
It is the number of operations average of a generic operation in the observation cycle;
Calculate the variance yields of the number of operations of a generic operation in the sampling period through expression formula
;
Pass through expression formula
The number of operations of calculating generic operation in an observation cycle accounts in this observation cycle all averages of the ratio of the number of operations of operation, and wherein, N is the number of the observation cycle that comprises in the sampling period, y
jThe number of operations that is illustrated in this generic operation in each observation cycle accounts for the ratio of the number of operations of all operating in this observation cycle;
Account for the variance of proportion value of the number of operations of all operating in this observation cycle through expression formula
calculating number of operations of a generic operation in a sampling period;
With said
σ
1, y
jAnd σ
2As the normal running model.
7. according to claim 1 or 6 described database security guard methods, it is characterized in that according to said normal behaviour model, whether the detection database manipulation exists unusually is specially:
With poor to the number of operations average of the number of operations of a generic operation and this generic operation in the last sampling period in the observation cycle of current place; Compare with the variance yields of the number of operations of this generic operation; According to comparative result, judge whether to exist database manipulation unusual.
8. according to claim 1 or 6 described database security guard methods, it is characterized in that according to said normal behaviour model, whether the detection database manipulation exists unusually is specially:
With average poor that in the observation cycle of current place the number of operations of a generic operation is accounted in this observation cycle all ratio of number of operations and this ratio in the last model generation cycle; The variance of proportion value that accounts for whole number of operations with the number of operations of this generic operation compares; According to comparative result, judge whether to exist database manipulation unusual.
9. a database security protective device is characterized in that, comprising:
The packet parsing module is used for receiving and analytic message, extracts the database manipulation message in the said message;
Statistical module is used for said database manipulation message is added up;
The model generation module is used for generating the normal behaviour model according to statistics;
Whether the abnormality detection module is used for according to said normal behaviour model, detect database manipulation and exist unusually.
10. database security protective device according to claim 9 is characterized in that, this device also comprises:
The policy development module; Be used to formulate the model generation strategy; Said model generation strategy comprises policing parameter, model self study cycle, model self-learning algorithm and observation cycle; Said policing parameter comprises effective action type and type of database, and the said model self study cycle comprises at least one observation cycle.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010570372.XA CN102480385B (en) | 2010-11-26 | 2010-11-26 | database security protection method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010570372.XA CN102480385B (en) | 2010-11-26 | 2010-11-26 | database security protection method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102480385A true CN102480385A (en) | 2012-05-30 |
| CN102480385B CN102480385B (en) | 2014-10-22 |
Family
ID=46092872
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010570372.XA Expired - Fee Related CN102480385B (en) | 2010-11-26 | 2010-11-26 | database security protection method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102480385B (en) |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102882701A (en) * | 2012-08-14 | 2013-01-16 | 深圳供电局有限公司 | Alarm system and method for intelligently monitoring power grid core service data |
| CN103248630A (en) * | 2013-05-20 | 2013-08-14 | 上海交通大学 | Network safety situation analyzing methods based on data excavating |
| CN104767640A (en) * | 2015-03-25 | 2015-07-08 | 亚信科技(南京)有限公司 | Early-warning method and system |
| CN105825137A (en) * | 2015-01-05 | 2016-08-03 | 中国移动通信集团江苏有限公司 | Method and device determining sensitive data diffusion behavior |
| CN106484803A (en) * | 2016-09-22 | 2017-03-08 | 北京润科通用技术有限公司 | A kind of data analysing method and system |
| CN106776704A (en) * | 2016-11-14 | 2017-05-31 | 平安科技(深圳)有限公司 | Statistical information collection method and device |
| CN107465651A (en) * | 2016-06-06 | 2017-12-12 | 腾讯科技(深圳)有限公司 | Network attack detecting method and device |
| CN105678188B (en) * | 2016-01-07 | 2019-01-29 | 杨龙频 | The leakage-preventing protocol recognition method of database and device |
| CN110365698A (en) * | 2019-07-29 | 2019-10-22 | 杭州数梦工场科技有限公司 | Methods of risk assessment and device |
| CN111159706A (en) * | 2019-12-26 | 2020-05-15 | 深信服科技股份有限公司 | Database security detection method, device, equipment and storage medium |
| CN111177779A (en) * | 2019-12-24 | 2020-05-19 | 深圳昂楷科技有限公司 | Database auditing method, device thereof, electronic equipment and computer storage medium |
| CN111444534A (en) * | 2020-03-12 | 2020-07-24 | 中国建设银行股份有限公司 | Method, device, equipment and computer readable medium for monitoring user operation |
| CN112988765A (en) * | 2019-12-02 | 2021-06-18 | 青岛海尔电冰箱有限公司 | Refrigerator fresh-keeping model data updating method, equipment and storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101145971A (en) * | 2007-10-12 | 2008-03-19 | 杭州华三通信技术有限公司 | A statistical method and device for network topology change |
| US20090030907A1 (en) * | 2002-09-04 | 2009-01-29 | International Business Machines Corporation | Row-level security in a relational database management system |
-
2010
- 2010-11-26 CN CN201010570372.XA patent/CN102480385B/en not_active Expired - Fee Related
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090030907A1 (en) * | 2002-09-04 | 2009-01-29 | International Business Machines Corporation | Row-level security in a relational database management system |
| CN101145971A (en) * | 2007-10-12 | 2008-03-19 | 杭州华三通信技术有限公司 | A statistical method and device for network topology change |
Cited By (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102882701B (en) * | 2012-08-14 | 2015-07-29 | 深圳供电局有限公司 | A kind of electrical network core business data intelligent monitoring warning system and method |
| CN102882701A (en) * | 2012-08-14 | 2013-01-16 | 深圳供电局有限公司 | Alarm system and method for intelligently monitoring power grid core service data |
| CN103248630A (en) * | 2013-05-20 | 2013-08-14 | 上海交通大学 | Network safety situation analyzing methods based on data excavating |
| CN105825137A (en) * | 2015-01-05 | 2016-08-03 | 中国移动通信集团江苏有限公司 | Method and device determining sensitive data diffusion behavior |
| CN105825137B (en) * | 2015-01-05 | 2018-10-02 | 中国移动通信集团江苏有限公司 | A kind of method and device of determining sensitive data dispersal behavior |
| CN104767640B (en) * | 2015-03-25 | 2019-03-12 | 亚信科技(南京)有限公司 | Method for early warning and early warning system |
| CN104767640A (en) * | 2015-03-25 | 2015-07-08 | 亚信科技(南京)有限公司 | Early-warning method and system |
| CN105678188B (en) * | 2016-01-07 | 2019-01-29 | 杨龙频 | The leakage-preventing protocol recognition method of database and device |
| CN107465651B (en) * | 2016-06-06 | 2020-10-02 | 腾讯科技(深圳)有限公司 | Network attack detection method and device |
| CN107465651A (en) * | 2016-06-06 | 2017-12-12 | 腾讯科技(深圳)有限公司 | Network attack detecting method and device |
| CN106484803A (en) * | 2016-09-22 | 2017-03-08 | 北京润科通用技术有限公司 | A kind of data analysing method and system |
| CN106484803B (en) * | 2016-09-22 | 2019-07-09 | 北京润科通用技术有限公司 | A kind of data analysing method and system |
| CN106776704B (en) * | 2016-11-14 | 2020-03-06 | 平安科技(深圳)有限公司 | Statistical information collection method and device |
| CN106776704A (en) * | 2016-11-14 | 2017-05-31 | 平安科技(深圳)有限公司 | Statistical information collection method and device |
| CN110365698A (en) * | 2019-07-29 | 2019-10-22 | 杭州数梦工场科技有限公司 | Methods of risk assessment and device |
| CN112988765A (en) * | 2019-12-02 | 2021-06-18 | 青岛海尔电冰箱有限公司 | Refrigerator fresh-keeping model data updating method, equipment and storage medium |
| CN112988765B (en) * | 2019-12-02 | 2023-11-03 | 青岛海尔电冰箱有限公司 | Refrigerator fresh-keeping model data updating method, equipment and storage medium |
| CN111177779A (en) * | 2019-12-24 | 2020-05-19 | 深圳昂楷科技有限公司 | Database auditing method, device thereof, electronic equipment and computer storage medium |
| CN111177779B (en) * | 2019-12-24 | 2023-04-25 | 深圳昂楷科技有限公司 | Database auditing method, device, electronic equipment and computer storage medium |
| CN111159706A (en) * | 2019-12-26 | 2020-05-15 | 深信服科技股份有限公司 | Database security detection method, device, equipment and storage medium |
| CN111444534A (en) * | 2020-03-12 | 2020-07-24 | 中国建设银行股份有限公司 | Method, device, equipment and computer readable medium for monitoring user operation |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102480385B (en) | 2014-10-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102480385B (en) | database security protection method and device | |
| Pierson et al. | A large-scale analysis of racial disparities in police stops across the United States | |
| US9483554B2 (en) | System and method for evaluating text to support multiple insurance applications | |
| US20200192894A1 (en) | System and method for using data incident based modeling and prediction | |
| CN101902366B (en) | Method and system for detecting abnormal service behaviors | |
| Karr et al. | Data quality: A statistical perspective | |
| NL2012435C2 (en) | Data processing techniques. | |
| CN104239197A (en) | Administrative user abnormal behavior detection method based on big data log analysis | |
| US20200242615A1 (en) | First party fraud detection | |
| Dankar et al. | A method for evaluating marketer re-identification risk | |
| Costante et al. | A white-box anomaly-based framework for database leakage detection | |
| CN103581155A (en) | Information security situation analysis method and system | |
| CN102456032B (en) | Database security protection method and device | |
| GB2514239A (en) | Data processing techniques | |
| Collier | Towards cross-lingual alerting for bursty epidemic events | |
| CN106156026A (en) | A kind of method based on the data online anomaly of stream fictitious assets | |
| CN115274122A (en) | Health medical data management method, system, electronic device and storage medium | |
| CN102648467A (en) | Database and method for evaluating data therefrom | |
| CN112598513A (en) | Method and device for identifying shareholder risk transaction behavior | |
| CN105205048A (en) | Hot word analysis and statistic system and method | |
| CN112631889B (en) | Portrayal method, device, equipment and readable storage medium for application system | |
| Amorós et al. | Statistical methods for detecting the onset of influenza outbreaks: a review | |
| CN113434575A (en) | Data attribution processing method and device based on data warehouse and storage medium | |
| Vavilis et al. | Data leakage quantification | |
| CN115766096A (en) | Network security protection system based on big data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20141022 Termination date: 20201126 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |