Oracle database audit method and system

A database and environment technology, applied in the network field, can solve the problem that the TNS protocol cannot provide a unified and accurate analysis method, and achieve the effect of ensuring efficiency, convenient expansion, and simple expansion.

Inactive Publication Date: 2009-03-18
BEIJING VENUS INFORMATION TECH
View PDF0 Cites 15 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] In order to overcome the deficiency that the existing Oracle database TNS protocol cannot provide a unified and accurate analysis method, the present invention provides an Oracle database audit method and system

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Oracle database audit method and system
  • Oracle database audit method and system
  • Oracle database audit method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0025] This embodiment is the basic mode of the cross-version parsing method of the Oracle database TNS protocol. systems used such as figure 1 shown. Including TNS protocol client driver type locator, jdbc driver environment protocol parser, behavior feature keyword library, odbc driver environment behavior feature matching and audit information locator, audit device, the operation process is as follows figure 2 shown.

[0026] ① TNS protocol client driver type positioning steps: In the process of connecting and interacting between the client and the server under different versions of the client environment, some system information will be exchanged first, such as the operating system of the server and the client, the version currently in use, and so on. This information does not change with version changes. Therefore, during the initial connection and interaction process between the client and the server, the corresponding system information can be captured in the data p...

Embodiment 2

[0032] This embodiment is an optimal solution for the step of locating the driver type of the TNS protocol client in Embodiment 1.

[0033] The basic idea of ​​this embodiment is: firstly, in the process of connecting the Oracle database client and the server, search for as much information as possible that can identify the driver type and host state, including the host operating system, operating system version, and Oracle database used. version etc. Because this information does not change with version changes, it is feasible. In this embodiment, data packets No. 01 and No. 02 in the interaction process are selected, where 01 and 02 are identified in the message type field in the data packet. It mainly depends on the plaintext features in the corresponding message of 02. For example, in the jdbc driver type environment, the data message contains the plaintext feature of "Java_TTC", and in the odbc driver type environment, it may contain "IBMPC / WIN_NT" and so on. In this w...

Embodiment 3

[0035] This embodiment is an optimal solution for the jdbc driver environment protocol parsing step in Embodiment 1.

[0036] This embodiment is carried out on the premise that the jdbc driver type used in the current client environment is determined in the TNS protocol client driver type positioning stage. Because all versions of the oracle database use the same protocol encapsulation format to encapsulate data under the jdbc driver environment, a unified protocol analysis method can be used to extract data. For example, you can skip the fixed offset position in the data packet whose packet type field is identified as 033b, and extract the specific version number of the current client in the ReqrVN field; similarly skip the fixed offset position in the data packet whose packet type field is identified as 0351 The offset position in the fixed field userN can extract the user name currently operating on the database. In this way, through the detailed analysis of the jdbc type ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

Disclosed are an Oracle database audit method and a system thereof. The system comprises a user terminal driver type locator, a jdbc driven environment protocol resolver, a behavior feature keyword library, an odbc driven environment behavior feature matching and auditing information locator and an audit device. The method comprises steps of locating user terminal driver types, creating a behavior feature keyword library, locating the odbc driven environment behavior feature matching and auditing information, analyzing jdbc driven environment protocol, and auditing. The invention solves the problem of inaccuracy caused by singly depending on protocol analysis when auditing operation behaviors of the Oracle database or the system property problem caused by singly depending on feature matching in the conventional audit products, and the invention has flexible expandability upon the Oracle database edition, expands audit scope, has high audit efficiency and accuracy for various editions, and is applied to audit products of the network service.

Description

technical field [0001] The invention relates to an Oracle database audit method and system that can be used in network business audit products. It analyzes the TNS protocol used by various versions of oracle database clients according to the characteristics of messages in network data streams, and belongs to the field of network technology . Background technique [0002] The network business audit system is an important means of network security protection that is increasingly widely used at present. It analyzes, records, and analyzes the network activities of trusted personnel in the business system to help managers plan and prevent in advance, monitor in real time, and violate regulations. Behavior prevention and post-event investigation of network operation accidents can help users strengthen internal and external network behavior supervision, avoid loss of core assets (databases, servers, network equipment), and ensure the normal operation of customer business systems. I...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F17/30H04L12/26H04L29/08
Inventor 孙海波骆拥政李新鹏刘晖张辉
Owner BEIJING VENUS INFORMATION TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap