Database event association method and auditing system

An event correlation and database technology, which is applied to other database retrieval, transmission systems, network data query, etc., can solve problems that need to be further improved, and achieve the effect of improving the effectiveness of protection

Pending Publication Date: 2021-02-09
西安交大捷普网络科技有限公司
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The three-layer protocol has relatively strong encapsulation, which not only brings convenience to users, but also causes many difficulties in audit analysis
The efficiency and accuracy of traditional time series-based matching and association need to be further improved

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Database event association method and auditing system
  • Database event association method and auditing system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0037] This embodiment uses the DCOM-based three-tier architecture as an example to describe a specific event correlation process.

[0038] Step 1: Client -> application server (DCOM) (ie the first event) data self-learning and content audit

[0039] The audit engine analyzes the network data packets from the client->application server, and parses the tubdata (valid data) according to the DCOM protocol format. The tub data data format is generally XAa1Aa2, XBb1Bb2Bb3, (X, A, B are characteristic keywords, a1, a2 , b1, b2, b3 are valid data). Through the regular extraction of tub data and continuous data analysis, learning and verification, the analysis rule base is continuously improved, so that the effective data of tub data can be directly analyzed from network data packets.

[0040] Record client -> application server event information, including occurrence time (in microseconds), session ID (the value obtained from source IP, destination IP, source port, destination port,...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a database event association method and a database auditing system using the same, and the method comprises the following steps: firstly carrying out the primary association ofa first event from a client to a Web server and a second event from the Web server to the database server according to an occurrence time window; judging whether the second event contains the effective value in the first event, performing secondary association, screening according to the occurrence time sequence, obtaining the final associated event, performing content auditing on the finally confirmed associated event, so that a real user of database operation can be accurately positioned, and database protection effectiveness is improved.

Description

technical field [0001] The invention belongs to the technical field of network and database security, and in particular relates to a method for associating database events and a database auditing system using the method. Background technique [0002] The three-tier architecture is to add an "intermediate layer" between the client and the database, also called the component layer. Usually, the client does not directly interact with the database, but establishes a connection with the middle layer through a three-layer protocol such as COM / DCOM / COM+, and then interacts with the database through the middle layer. The three-layer protocol has relatively strong encapsulation, which not only brings convenience to users, but also causes many difficulties in audit analysis. [0003] The three-tier audit is to combine the audit data of the application layer area and the audit data of the database layer area to perform "association analysis", so as to accurately correspond the operati...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F16/953G06F16/9537H04L29/06
CPCG06F16/9537G06F16/953H04L67/01
Inventor 武博何建锋龚建国
Owner 西安交大捷普网络科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap