Operation behavior recording method and system applied to operation behavior auditing system

A technology for recording methods and behaviors, applied in computing, computer security devices, instruments, etc., can solve the problems of low search efficiency, occupying system administrator time, and occupying storage space, so as to achieve efficient retrieval, reduce the number of records, and reduce the occupied space Effect

Inactive Publication Date: 2016-04-13
北京华夏威科软件技术有限公司
View PDF3 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] (1) When it is necessary to perform data search on the recorded operational behavior data, for example, when the system administrator searches the data for the purpose of locating the problem through the audit system, it needs to use a large number of retrieval operations, which occupies a large amount of time for the system administrator. time, has the problem of low search efficiency;
[0006] (2) Since the audit policy can only go to the application level for targeted storage settings, after specifying the audit policy of the application, a large amount of invalid data that the user does not want will also be recorded, occupying a large amount of storage space

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Operation behavior recording method and system applied to operation behavior auditing system
  • Operation behavior recording method and system applied to operation behavior auditing system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0076] The violation rule definition module adopts the rule definition of the content level, that is: for the rule definition of the content, for SecureCRT, Putty, etc., linux, unix system maintenance tools, carry out the rule definition of the executed command level, and then bind the defined rules to On the linux account, and the audit policy defined for the linux account is: when a violation occurs, record the title metadata, the content of the application window, and the video frame when the operation occurs; and when a non-violation occurs, only record the title metadata Data, application window content. The results show that the system automatically records the title metadata, the content of the application window, and the video frame when the operation behavior occurs only when the command that violates the rules appears; content.

Embodiment 2

[0078] For applications that do not need to record operation content, such as browsers, when defining rules, only the rule definition of title metadata is performed. For example, certain web browsing behaviors are violations of an account. When defining the audit policy, it is still adopted: when a violation occurs, record the title metadata, the content of the application window, and the video frame when the operation behavior occurs; and when a non-violation occurs, only record the title metadata and the content of the application window . The results show that the invention can significantly reduce storage space and recorded audit data entries.

[0079] It can be seen that the operation behavior recording method and system applied to the operation behavior audit system provided by the present invention, since the operation behavior is fine-grained to judge whether a certain behavior content violates the regulations, and defines the occurrence of violations and non-violation...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides an operation behavior recording method and system applied to an operation behavior auditing system. The system comprises a violation rule definition module, a violation rule account binding module, an account auditing policy definition module, an operation behavior content data acquisition module, an account violation rule acquisition module, a violation judgment module and an auditing data recording module. The operation behavior recording method and system have the advantages that (1) an operation behavior is judged from the fine grit to whether the content of a behavior is violated or not, and it is defined that different auditing policies are adopted when a violation behavior and a non violation behavior occur, so that compared with a conventional auditing operation system, on the premise of meeting auditing requirements, the recording quantity of auditing data can be remarkably reduced and the occupation of storage space is reduced; and (2) violation data and non violation data are stored by partitioning, so that the retrieval can be carried out more efficiently and the data retrieval efficiency can be improved.

Description

technical field [0001] The invention belongs to the technical field of operational behavior auditing, and in particular relates to an operational behavior recording method and system applied to an operational behavior auditing system. Background technique [0002] The operational behavior audit system is a system that protects the internal information security of the enterprise and prevents the leakage of the internal information of the enterprise. It brings security guarantees for banks, securities fund companies, telecommunications companies, secret-related units and other industries that require high security levels. [0003] In the traditional operational behavior auditing system, the recording strategy adopted is: record all captured operational behavior data, including application name, title metadata, application window content, and video frames when the operational behavior occurs. [0004] There are following deficiencies in the above-mentioned operation behavior da...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/62G06F21/55
CPCG06F21/554G06F21/6218G06F2221/034
Inventor 李小龙郭晓东
Owner 北京华夏威科软件技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap