Database user behavior security auditing method for internal and external network boundaries of electric power information

A technology of security auditing and power information, applied in the direction of electrical digital data processing, digital data authentication, computer security devices, etc., can solve problems such as compatibility of difficult-to-isolate devices, achieve effective data preparation, improve anomaly detection efficiency, and improve overall security protection effect of ability

A technology of security auditing and power information, applied in the direction of electrical digital data processing, digital data authentication, computer security devices, etc., can solve problems such as compatibility of difficult-to-isolate devices, achieve effective data preparation, improve anomaly detection efficiency, and improve overall security protection effect of ability

CN107229849AInactive Publication Date: 2017-10-03GLOBAL ENERGY INTERCONNECTION RES INST CO LTD +2
3 Cites 17 Cited by

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Database user behavior security auditing method for internal and external network boundaries of electric power information
  • Database user behavior security auditing method for internal and external network boundaries of electric power information
  • Database user behavior security auditing method for internal and external network boundaries of electric power information

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0075] (1) Experimental simulation environment. On the Eclipse development platform, the libsvm.jar toolkit is used to complete the toolkit, which can provide basic SVM implementation functions.

[0076] (2) Sample collection. The normal sample data collection of the experiment comes from the log records of the isolation device at the boundary of the internal and external network of electric power information. The log includes records such as operation code, execution time, SQL operation statement, source IP address, and port number. By analyzing the characteristics of normal behavior log data, simulate and construct the log data of three common abnormal behaviors of user unauthorized operation, illegal user operation and sensitive table resource reading, and use it as test data to verify the feasibility of this audit scheme. Select 200 training samples, 60 test samples of normal behavior, 36 samples of user unauthorized operation, 32 samples of illegal user operation, and 25...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a database user behavior security auditing method for internal and external network boundaries of electric power information. The method comprises the steps that logs are preprocessed, and effective data preparation is provided for user behavior auditing; an OCSVM trains and learns historical normal user behavior data, and a user behavior mode base is constructed and completed; and the OCSVM detects whether a database user access behavior is abnormal. Through the technical scheme, security auditing on a user abnormal behavior and security monitoring on the database user access behavior are realized, and deeper monitoring and protection are provided for data transmission between the internal and external network boundaries of the electric power information.

Description

technical field [0001] The invention belongs to the fields of electric power information security and database auditing, and in particular relates to a database user behavior security auditing method facing the boundary of the internal and external networks of electric power information. Background technique [0002] In the power information network security protection system that has been built with dual-network isolation as the main feature, the information security network isolation device deployed between the power information internal and external network has achieved logical isolation, which effectively guarantees the security and reliability of the power information intranet business. run. However, with the development of smart grids, the interaction between information and internal and external network borders is becoming more and more frequent, and the possibility of being attacked is also increasing. As the second line of defense of the information network, the bo...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
03 Oct 2017
Publication
CN107229849A
IPC
G06F21/31; G06K9/62
CPC
G06F21/316; G06F18/2411
Inventors
李勇; 张涛