Database user behavior security auditing method for internal and external network boundaries of electric power information

Abstract

The invention provides a database user behavior security auditing method for internal and external network boundaries of electric power information. The method comprises the steps that logs are preprocessed, and effective data preparation is provided for user behavior auditing; an OCSVM trains and learns historical normal user behavior data, and a user behavior mode base is constructed and completed; and the OCSVM detects whether a database user access behavior is abnormal. Through the technical scheme, security auditing on a user abnormal behavior and security monitoring on the database user access behavior are realized, and deeper monitoring and protection are provided for data transmission between the internal and external network boundaries of the electric power information.

Description

technical field [0001] The invention belongs to the fields of electric power information security and database auditing, and in particular relates to a database user behavior security auditing method facing the boundary of the internal and external networks of electric power information. Background technique [0002] In the power information network security protection system that has been built with dual-network isolation as the main feature, the information security network isolation device deployed between the power information internal and external network has achieved logical isolation, which effectively guarantees the security and reliability of the power information intranet business. run. However, with the development of smart grids, the interaction between information and internal and external network borders is becoming more and more frequent, and the possibility of being attacked is also increasing. As the second line of defense of the information network, the bo...

AI Technical Summary

Problems solved by technology

However, since the isolation device deployed on the boundary of the company's information internal and external networks adopts a private security communication protocol and an independent log system, it is difficult for the general security audit products on the market to be compatible with the current isolation device. Security Audit System

[0004] SVM is a machine learning model based on statistical learning theory. It has the advantages of good small sample learning and generalization ability, and controllable confidence range and convergence speed. It has been widely used in the field of intrusion detection in information security. However, there are some deficiencies in the application of security auditing, which is a highly relevant detection technology.

[0005] Therefore, in view of the deficiencies in the existing security monitoring and comprehensive auditing of the borders of information and internal networks, and considering that the isolation devices of existing companies use private security communication protocols and independent log systems, there are very few general security audit products on the market. It is difficult to be compatible with the isolation device, and a security audit technology based on OCSVM database user access behavior is proposed to realize the security audit of the information intranet database

Images