Front-background related auditing method and system for Web server

A front-end, back-end and server technology, applied in the field of information security, can solve problems such as the inability to detect the time series relationship of database access events, the inability to identify the relationship, etc., to achieve the effect of accurate and real relationship and improve accuracy

Inactive Publication Date: 2009-03-18
BEIJING VENUS INFORMATION TECH
View PDF1 Cites 21 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This method can discover the relationship between URLs and SQL templates when the number of concurrency is low. When the number of concurrency is high, all URLs will have access records when database access events are ...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Front-background related auditing method and system for Web server
  • Front-background related auditing method and system for Web server
  • Front-background related auditing method and system for Web server

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0043] This embodiment is the deployment mode of the Web server front and back related audit system, such as figure 1 shown. In the figure, the foreground audit device observes the http access events from the client to the Web server, and the background audit device observes the database access events from the Web server to the database server, and both of them send the observed access events to the front-end and back-end associated audit systems of the Web server .

[0044] figure 2It is a schematic diagram of the structure of the front-end and back-end associated audit system of the Web server, and the connection relationship between the modules of the system is as follows:

[0045] The sequence division module 101 collects the output of the http template extraction module 104 and the SQL template extraction module 105, and according to the time window constraint and the matching constraint, a database access event triggered by an http access event is divided into the sam...

Embodiment 2

[0049] In this embodiment, the sequence is divided into stages, such as figure 2 shown, including the following steps:

[0050] Step 201: observe the http access event at the foreground;

[0051] Step 202: judge whether this visit has submitted cookies value or parameter value, if submitted, go to step 203, otherwise go to step 201;

[0052] Step 203: extract the http template from the http access event;

[0053] Step 204: Determine whether the template is a new template. If it is a new template, go to step 205, otherwise go to step 206;

[0054] Step 205: assign an ID number mark for the new template, and represent the http access event with the mark;

[0055] Step 206: represent the http access event with the ID number of the template;

[0056] Step 207: generate a new event sequence, use the http access event as the initial event of the event sequence;

[0057] Step 208: according to the time window of setting, observe from the time of foreground http access event, a...

Embodiment 3

[0062] This embodiment is an association process between a database access event and an http access event, such as image 3 shown, including the following steps:

[0063] Step 301: extract SQL template and parameter value from database access event;

[0064] Step 302: Determine whether the SQL template is a new template. If yes, go to step 303, otherwise go to step 304.

[0065] Step 303: assign an ID number mark for the new template, and use the mark to represent the database access event;

[0066] Step 304: then the ID number of this template represents this database access event;

[0067] Step 305: compare the parameter value in the database access event with the parameter value in the http access event. If the degree of matching between the two exceeds the preset threshold, the association is successful; otherwise, go to step 306 . The calculation method of the matching degree is as follows: assuming that the database access event contains n parameter values, m of whi...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a Web server foreground background association audition method and system thereof which realize the association of the background with the concrete http access happening on the foreground. The method comprises: acquiring the foreground and background access happening respectively though a safety audition equipment; implementing sequence division to the foreground and background access happenings; mining the sequential pattern of the divided happening sequences to find the time sequence relation between them; confirming the http access which triggers the background access according to the acquired relations. The system comprises: a sequence dividing module, a self-learning module and a real time monitoring module. The invention is adapted to the service audition for Web server.

Description

technical field [0001] The invention relates to the field of information security, in particular to a method and system for auditing the front-end and back-end associations of a Web server. Background technique [0002] With the development of network technology, more and more attention has been paid to the issue of information security. In order to better protect important servers, network security audit products have been widely used. It can monitor and record the user's access information to the server in real time, and perform operations such as alarming and blocking the user's access behavior according to the set rules. [0003] In the application of security audit products, an important application scenario is to audit the access behavior of Web servers and back-end databases. More and more application systems have adopted the B / S (Browser / Server, browser / server) architecture at present, and this application system is generally divided into three-tier structure: brow...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/08H04L12/26G06F17/30
Inventor 周涛牟宪波张辉李新鹏赵振东
Owner BEIJING VENUS INFORMATION TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap