| With the development of enterprise information technology, the business processes of enterprises is becoming more and more depending on information systems, security issues of enterprise data are becoming increasingly obvious. Sharing account allow people which are authorized editing the data directly and can not be recorded effectively. Malicious attacks to the database on the network also occur in sometimes. This paper is based on the information security of power industry, we study a database auditing system based on security operation controls.Traditional database audit function has some shortcomings, because it can’t audit other database product, in addition, it is hard to take different methods to every type of different systems. We proposed a bypass monitoring of database audit model. In order to implement database auditing system, we should mainly solve two problems: data acquisition and data processing. First we study the classical network model for understanding the data transmission on the network, then we use Libpcap libraries to get and filter the data of accessing the database. Through layers of the network protocol we extracted the data and delivery it to the data processing module. Due to the impact of network environment, presence of disorder, retransmission and other phenomena is existed in the process of data transmission. TCP is a connection-oriented process, so we need to reconstruct the packets. According to the characteristics of this system, simplifies the process of TCP protocol, designs efficient TCP stream state machine, achieves efficient data forwarding. The main purpose of the audit system is the content auditing, in order to match multiple keywords with the policy quickly, we need to adopt a multi-pattern matching technique, in the system we use AC algorithm to design a strategy matching engine. In this case we can quickly and accurately identify sensitive information and record it into the audit database, reaching the target of database security auditing. |
PDF Full Text Request