| The database is the core of system for storing and processing information. Especially in a society of explosive information, the database is widely used in all aspects of work and life, and in which it has played an increasingly important role. Following, the security problems of database security is emphasized more and more. At present, the mainstream database provides appropriate security mechanisms to ensure of the security of the database. However, confronted with an increasingly complicated network environment, the forms of the access by users has becoming various. Traditional security mechanisms are unable to satisfy the demands of database security, so it has been the problem which is generally concerned by the maintenance personnel about how to find malicious attacks as soon as possible, and take appropriate measures to ensure of the security of the database immediately before causing damage,and ensure of the database’s security. Database security audit is brought up in the situation of such a demand.With the continuous development of information technology and network, database attacks is increasingly common, and the concept of database auditing is gradually developed from the traditional information recording to today’s data recording, review and analysis. The following aspects are studied in this paper:Via analyzing the existing database security mechanism and auditing mode, a database audit model based on network has been designed as a backup and supplementary of security mechanism and audit technology of present databases. Then the process based on network database auditing model, and the function of each functional module has been summarized.The collection of audit data is achieved through bypass listening, and the operations of the database within the network is analyzed through protocol analysis, SQL statements parsing. The details of the audit data acquisition and analysis of the entire process and the key technologies and realization of the principle which were used in various parts are introduced in the paper. The crawl process of the database of network packets and how to use lex and yacc to generate the morphology and syntax analysis program to parse the SQL statement to targeted extraction and security audit data is expounded in detail.A database operations behavior detection audit approach combined with the detection of SQL statements is adopted based on database audit and risk control, regarding to database auditing methods and the characteristics of the data to be audited. Through anomaly detection based on clustering analysis and association rules mining database technology, analysis of the behavior of database operations and SQL data operations are audited, and the normal user behavior patterns is established, and the abnormal behavior of the user is detected through the preparation of the anomaly detection algorithm; Through pattern matching techniques based on abusing, the SQL statement structure were detected and analyzed to establish the rule library of the structure of SQL statements, and via pattern matching algorithm to determine whether the structure of SQL statements is normal. Both audit approaches have different focus, and advantages and disadvantages as well. The two audit methods are combined in this article, making them complementing each other, and complementing advantages, obviously improved the accuracy of auditing. |
PDF Full Text Request