Database audition method

A database and data packet technology, applied in the field of network security, can solve problems such as low audit efficiency, and achieve the effects of improving audit efficiency, reducing processing capacity, and eliminating load

Inactive Publication Date: 2018-11-23
5 Cites 5 Cited by

AI-Extracted Technical Summary

Problems solved by technology

[0004] The purpose of the invention is to provide a databas...
View more


The invention relates to a database audition method. The method comprises the following steps of: 1) intercepting interaction data packets between a database client and a database server by audition equipment, and analyzing interaction contents between the database client and the database server from the interaction data packets; 2) generating session logs comprising interaction data packet processing results by the audition equipment, adding session identifiers of corresponding database access sessions in the session logs; and 3) grouping the session logs according to the session identifiersso that a preset audition user can carry out database audition. By utilizing independent audition equipment to carry out database audition, the load generated by carrying out database audition by thedatabase server can be eliminated, so that the data packet processing amounts, at the database server, of databases are reduced. Through the audition equipment, session identifiers can be added, so that for the condition of high database access traffic, the method is capable of remarkably improving the audition efficiency.

Application Domain

TransmissionSpecial data processing applications

Technology Topic

Traffic volumeTraffic capacity +5


  • Database audition method
  • Database audition method


  • Experimental program(1)

Example Embodiment

[0014] The technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention.
[0015] The embodiment of the database audit method of the present invention: Figure 1-Figure 2 As shown, the database audit method includes the following steps: 1) The audit device intercepts the interactive data packet between the database client and the database server, and parses the interactive content between the data client and the database server from the interactive data packet; 2 ) The audit device generates a session log containing the processing result of the interactive data packet, and adds a session identifier corresponding to the database access session in the session log; 3) Groups the session log according to the session identifier for the preset audit user to perform database audit.
[0016] The audit device intercepts the interactive data packet between the database client and the database server.
[0017] Audit equipment includes interception unit, analysis unit, processing unit, and audit unit. The interactive data packet may include a data packet sent by the database client to the database server, or a data packet sent by the database server to the database client. First intercept it, wait for further processing, and then in this embodiment, intercept the interactive data packet using a function hijacking method.
[0018] In the process of processing the interactive data packet, it is determined whether the interactive content complies with the predetermined security rule, if it complies, the interactive data packet is released; if it does not comply, the interactive data packet is discarded. When the audit device is integrated on the database client, the audit device can first generate the interception program. When the database client is running, the audit device injects the interception program into the software system of the database client. When the database client interacts with the database server, the interception program hijacks the interactive data packet between the two.
[0019] Parse and process data packets.
[0020] Because the database clients of different types of databases use different protocols when interacting with the database server, the data formats of the interactive data packets are also different. The audit device must first determine the database type of the database, and then use the protocol analysis method corresponding to its data format to parse out the interactive content. The interactive content can include data operable instructions and database operation results.
[0021] The audit device can extract the necessary information of the production log from the interactive content to form a session log. The session log includes the session login log and the session detail log. The session login log is used to record the user's login or logout information to the database, and the session detail log is used to record the user's data operation information on the database. The session log also includes the content of the operation instruction, the user who sent the instruction, and the sending time.
[0022] Add the session ID corresponding to the database access session in the session log.
[0023] When generating the corresponding session log, the auditing device can add the session identifier of the corresponding database access session to each log. The audit device can perform operations such as identifying and distinguishing the session log through the session identifier, avoiding the problem of disorder in the prior art and improving the audit efficiency. For example, when receiving a detailed view request for a group corresponding to a certain session identifier, the session detail log corresponding to the session identifier is displayed. Further, logs of different session identifiers can be stored in different paths, which is convenient for searching and improves response speed.
[0024] The present invention is not limited to the above-mentioned best embodiments. Anyone can derive other products in various forms under the enlightenment of the present invention, but regardless of any changes in its shape or structure, any product that is the same or similar to the present application Approximate technical solutions fall within the protection scope of the present invention.


no PUM

Description & Claims & Application Information

We can also present the details of the Description, Claims and Application information to help users get a comprehensive understanding of the technical details of the patent, such as background art, summary of invention, brief description of drawings, description of embodiments, and other original content. On the other hand, users can also determine the specific scope of protection of the technology through the list of claims; as well as understand the changes in the life cycle of the technology with the presentation of the patent timeline. Login to view more.

Similar technology patents

Banknote authenticity identification equipment based on number extraction and method thereof

InactiveCN107767539AAvoid processing redundant informationreduce processing

Receiving apparatus and packet processing method thereof

ActiveUS20170180329A1reduce processingdecrease utility rate

Classification and recommendation of technical efficacy words

  • reduce processing

System and method for optimizing handover in mobile communication system

ActiveUS20050282548A1reduce processingoptimize handover process

Credential caching for clustered storage systems

ActiveUS8099766B1reduce processingefficiently transmit

Transistor With Embedded Si/Ge Material Having Reduced Offset and Superior Uniformity

ActiveUS20120001254A1reduced lateral offsetreduce processing

Beer-like alcoholic beverage and process for producing the same

InactiveUS20050220935A1reduce processingconstant quality

Screenshot method and device, and computer readable storage medium

PendingCN107357505Areduce processingGuaranteed no distortion
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products