The Research On Audit Trail Of Network Database System

With the popularization of network and the extensive application of database, almost every organization, including bank and other enterprises, builds their database management systems in the network environment. The networked management of database provides office automation and information sharing for every organization, while bringing about the security problem of database in the network environment. Database, as a data storage system storing large amounts of data, in which important and sensitive data of enterprises and institutions is stored, is very important. Data corruption and data interception will seriously harm the interests of enterprises. Most of the damages in the network database come from internal attacks. As a result, protecting the security of network database, preventing attacking from internal users in the database, is necessary.At the moment, some traditional security mechanisms of database emphasis on prevention, such as identity authentication, access control, firewall and so on. They not only can not prevent all of the database attack, let alone prevent attacking from legitimate users in the database. By means of tracking user activity on the database server in internal network, the audit trail of network database system can monitor the state of network database system and record the behavior of users comprehensively. It is significant for controlling the behavior of users, detecting potential safety hazard, tracing and analyzing afterwards.The mainstream DBMS only provides logging to achieve audit. Against this deficiency of audit, the proposal, which is combining the logging and audit analysis to achieve audit in the database, is prevented in this paper. And we give out the realization process of a database security audit system DBAudit, which is based on SQL Server. Compared to traditional audit, the following functions are provided in DBAudit:auditing data query, audit analysis and the management of audit trails. By selecting related audit data they are interested, the auditor can find the problem of the database, in order to call illegal invaders to account. By using the method of intrusion detection to implement the audit analysis, the attack comes from client in the network database can be detected, at the same time, DBAudit system can respond to the attack and raise the alarm. By importing and exporting the audit data, detaching the audit database from database system, audit data overflow can be avoided, ensuring DBAudit system working normally. The design and realization of the DBAudit system, which includes logging module, audit analysis module and security informing module, are discussed in detail in this paper. The method and related algorithm for achieving audit analysis are mainly introduced in the paper, including the method of feature analysis in misuse-detection and the method of data mining in anomaly-detection.DBAudit System is runned in the database server of SQL Server. It has been tested that DBAudit system can not only track and record all of the database operations in the form of logs, but also can detect masquerade attack,attack from legitimate users and attack attempt. Thus, security monitoring, intrusion prevention and responsibility are effectively implemented in network database.