Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Database Security Risk Assessment System

A technology of risk assessment and security risk, applied in the field of database security risk assessment system, can solve the problems of one-sidedness of assessment results, lack of self-learning, self-adaptive ability, difficult database system unknown security risk assessment, etc., and achieve the effect of maintaining accuracy

Active Publication Date: 2022-03-15
SICHUAN UNIV
View PDF7 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] 1) Traditional database security risk assessment systems rely on prior knowledge such as known security vulnerabilities, SQL injection features, and misconfiguration options to assess the security risks of the target database system. In the absence of prior knowledge, it is difficult to assess the database Evaluate potential unknown security risks of the system;
[0007] 2) The traditional risk assessment process only focuses on the current vulnerability of the target system to be assessed. Indicators such as log alarm analysis and password test results are scored according to predetermined scoring standards and the final score is fused, ignoring the information from the network. The impact of the security threat of the internal network of the database system on the current database security risk leads to the one-sidedness of the assessment results;
[0008] 3) The traditional database security risk assessment model lacks self-learning and self-adaptive capabilities. It adopts a unified and fixed detection model for risk assessment of all target systems, and it is difficult to dynamically adjust according to the changes in the application environment of the database system itself.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Database Security Risk Assessment System
  • Database Security Risk Assessment System
  • Database Security Risk Assessment System

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0053] Such as figure 1 As shown, a database security risk assessment system includes:

[0054] The risk assessment engine dispatches the server-side SQL exception risk assessment module, the intranet node SQL exception risk assessment module, and the basic risk assessment module to perform the first round of "server-side SQL exception risk assessment ", the second round of "intranet node SQL exception risk assessment ", the last round of "basic risk assessment ";

[0055] The server-side SQL abnormality risk assessment module detects the abnormality of the SQL commands executed by the database server stored in the log records during the current round of detection cycle, and completes the server-side SQL abnormality risk assessment ;

[0056] Intranet node SQL abnormality risk assessment module, which detects abnormalities in the SQL operation behavior of the client database collected during the current round of detection cycle, and completes the intranet node SQL abno...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a database security risk assessment system, comprising: a risk assessment engine, a server-side SQL abnormal risk assessment module, an intranet node SQL abnormal risk assessment module, a basic risk assessment module, a vulnerability database and a historical assessment record module, and the risk assessment The engine is used to schedule the server-side SQL exception risk assessment module, intranet node SQL exception risk assessment module, and basic risk assessment module to perform the first round of server-side SQL exception risk assessment, the second round of intranet node SQL A round of basic risk assessment, a vulnerability library, used to store known database vulnerabilities, and web server vulnerabilities, and a historical assessment record module, used to store assessment history record data; the present invention is more comprehensive and objective in assessing database security risks.

Description

technical field [0001] The invention relates to the technical field of network space security, in particular to a database security risk assessment system. Background technique [0002] Database is the core component of various network application systems, recording key business data in the system. However, various known and unknown attacks against databases emerge in an endless stream, seriously threatening the security of network database information systems. At present, the common vulnerabilities of the database include: unknown vulnerabilities of the database system, or known vulnerabilities that have not been fixed, weak passwords of users and system administrators, SQL injection attacks, server host security vulnerabilities, intranet security threats, inappropriate database configuration Wait. These security vulnerabilities often pose serious security risks. [0003] At present, widely used database security inspection tools, such as OScanner, Scuba, BSQL Hacker, DA...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56G06F21/57G06K9/62G06N20/00
CPCG06F21/56G06F21/577G06N20/00G06F18/241
Inventor 陈文张怡霖李麟锐
Owner SICHUAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com