Detecting system for suspect DBMS intrusion and detecting method thereof

Abstract

The invention relates to a detecting system for suspect DBMS intrusion and a detecting method thereof. The detecting method introduces a database intrusion detecting system between DBMS and database application, so as to intercept information communication between the DBMS and the application to detect malicious actions and protect critical data. The database intrusion detecting system comprises two units, including a client and a server; the client is used for intercepting and forwarding database information; the server manages suspect DBMS and credible DBMS synchronously; the credible DBMS stores important metadata information of the system to be taken as mirror image database of the suspect DBMS; the server manages client identity authentication, analyzes communication protocol, realizes transparent data encryption and decryption, and malicious database intrusion detection. The detecting system of the invention has the advantages that data insertion, revision and deletion operations initiated by malice codes in a data managing system is automatically found; a database damaged by malice codes is resumed; and critical data is encrypted, thereby preventing malice codes from stealing the critical data.

Description

technical field [0001] The invention relates to an untrustworthy DBMS malicious intrusion detection system and method, and belongs to the technical field of database security intrusion detection. Background technique [0002] In modern computing systems, databases hold the core information resources of the system. Therefore, the database is often the key attack target of hackers and commercial espionage. Due to the late start of database technology in our country, the current database product DBMS (database management system) is basically monopolized by foreign manufacturers, resulting in a serious situation of "core technology hollowing out" and "key technology and products being controlled by others". There may be "backdoors" or even "malicious codes" injected into foreign products to steal or destroy precious data resources. Of course, the most ideal way to solve this problem is to use all domestic database products in the key application systems. This is indeed the dir...

AI Technical Summary

Problems solved by technology

[0005] 3. What is more dangerous is that in some special cases, the enemy may even intentionally modify the original standard DBMS according to the purpose of purchase, and inject various malicious codes, such as malicious addition, deletion, and modification. delete etc.

[0007] After years of development, many achievements have been made in identity authentication technology, access control technology, information flow control technology, encryption control technology, reasoning control technology, auditing technology, etc. in the traditional database security field, but the existing technologies focus on improving DBMS The ability to resist external attacks, how to improve the ability of the application system to resist malicious DBMS has not been studied in depth

Obviously, the anti-malicious DBMS technology will be more complicated, because the DBMS is responsible for managing the target data resources, it understands the structure and semantics of the target data resources, can perform any operation on the target data, and can also return arbitrary results to the user's request

Images