Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Database security risk assessment system

A technology of risk assessment and security risk, which is applied in the field of database security risk assessment system, can solve the problems of one-sidedness of assessment results, lack of self-learning, self-adaptive ability, difficult database system unknown security risk assessment, etc., and achieve the effect of maintaining accuracy

Active Publication Date: 2021-10-15
SICHUAN UNIV
View PDF7 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] 1) Traditional database security risk assessment systems rely on prior knowledge such as known security vulnerabilities, SQL injection features, and misconfiguration options to assess the security risks of the target database system. In the absence of prior knowledge, it is difficult to assess the database Evaluate potential unknown security risks of the system;
[0007] 2) The traditional risk assessment process only focuses on the current vulnerability of the target system to be assessed. Indicators such as log alarm analysis and password test results are scored according to predetermined scoring standards and the final score is fused, ignoring the information from the network. The impact of the security threat of the internal network of the database system on the current database security risk leads to the one-sidedness of the assessment results;
[0008] 3) The traditional database security risk assessment model lacks self-learning and self-adaptive capabilities. It adopts a unified and fixed detection model for risk assessment of all target systems, and it is difficult to dynamically adjust according to the changes in the application environment of the database system itself.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Database security risk assessment system
  • Database security risk assessment system
  • Database security risk assessment system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0053] Such as figure 1 As shown, a database security risk assessment system includes:

[0054] The risk assessment engine dispatches the server-side SQL exception risk assessment module, the intranet node SQL exception risk assessment module, and the basic risk assessment module to perform the first round of "server-side SQL exception risk assessment ", the second round of "intranet node SQL exception risk assessment ", the last round of "basic risk assessment ";

[0055] The server-side SQL abnormality risk assessment module detects the abnormality of the SQL commands executed by the database server stored in the log records during the current round of detection cycle, and completes the server-side SQL abnormality risk assessment ;

[0056] Intranet node SQL abnormality risk assessment module, which detects abnormalities in the SQL operation behavior of the client database collected during the current round of detection cycle, and completes the intranet node SQL abno...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a database security risk assessment system. The system comprises a risk assessment engine, a server-side SQL (Structured Query Language) abnormal risk assessment module, an intranet node SQL abnormal risk assessment module, a basic risk assessment module, a vulnerability library and a historical assessment recording module, the risk assessment engine is used for scheduling the server-side SQL exception risk assessment module, the intranet node SQL exception risk assessment module and the basic risk assessment module and respectively executing server-side SQL exception risk assessment of the first round, intranet node SQL exception risk assessment of the second round and basic risk assessment of the last round, the vulnerability library is used for storing known database vulnerabilities and web server vulnerability, and the historical assessment recording module is used for storing evaluation history record data. According to the system, database security risk assessment is more comprehensive and objective.

Description

technical field [0001] The invention relates to the technical field of network space security, in particular to a database security risk assessment system. Background technique [0002] Database is the core component of various current network application systems, recording key business data in the system. However, various known and unknown attacks against databases emerge in an endless stream, seriously threatening the security of network database information systems. At present, the common vulnerabilities of the database include: unknown vulnerabilities of the database system, or known vulnerabilities that have not been fixed, weak passwords of users and system administrators, SQL injection attacks, server host security vulnerabilities, intranet security threats, inappropriate database configuration Wait. These security vulnerabilities often pose serious security risks. [0003] At present, widely used database security inspection tools, such as OScanner, Scuba, BSQL Ha...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56G06F21/57G06K9/62G06N20/00
CPCG06F21/56G06F21/577G06N20/00G06F18/241
Inventor 陈文张怡霖李麟锐
Owner SICHUAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products