CN105426780A - Classification auditing method and system applied to operation behavior auditing system - Google Patents
Classification auditing method and system applied to operation behavior auditing system Download PDFInfo
- Publication number
- CN105426780A CN105426780A CN201510821821.6A CN201510821821A CN105426780A CN 105426780 A CN105426780 A CN 105426780A CN 201510821821 A CN201510821821 A CN 201510821821A CN 105426780 A CN105426780 A CN 105426780A
- Authority
- CN
- China
- Prior art keywords
- audit
- scene
- auditing
- class
- operation behavior
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/24—Classification techniques
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Data Mining & Analysis (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Bioinformatics & Computational Biology (AREA)
- Databases & Information Systems (AREA)
- Evolutionary Computation (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Artificial Intelligence (AREA)
- Life Sciences & Earth Sciences (AREA)
- Evolutionary Biology (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a classification auditing method and system applied to an operation behavior auditing system. The system comprises an auditing scene type division module, a definition module, an operation behavior obtaining module, an auditing scene type judgment module, auditing scene function modules, a calling module and an auditing data partitioning storage module. The classification auditing method and system have the advantages that auditing scenes are divided into multiple types of auditing scenes according to functional types; for the multiple types of auditing scenes, the independent auditing scene function modules are defined; and auditing data obtained by the auditing scene function modules are subjected to partitioning storage. As auditing data storage partitions are physically and logically isolated, it is ensured that auditing management staffs in different auditing scenes do not see auditing data of an opposite party, and the date security of the auditing system is improved. Moreover, as the auditing data in various auditing scenes are subjected to partitioning storage, the retrieval and backup are facilitated.
Description
Technical field
The invention belongs to operation behavior audit technique field, be specifically related to a kind of the classification auditing method and the system that are applied to operation behavior auditing system.
Background technology
Operation behavior auditing system is a kind of protection enterprises information security, prevents the system of enterprises information leakage, for safe class, bank, stock funds company, telecommunications company, concerning security matters unit etc. require that higher industry brings safety guarantee.
In traditional operation behavior auditing system, the Write strategy taked is: all operations behavioral data captured under all audit scenes is all saved in same storage space.
The subject matter that above-mentioned auditing method exists is:
(1), in practical application, need the data retrieval between the audit management personnel of different audit scene to be maintain secrecy mutually, such as, O&M operation behavior audit management personnel should not see the Audit data under business scenario.Then, because the data of each audit scene are all stored into same storage space, therefore, the audit management personnel under same audit rank, different audit scene can see mutually the data under each audit scene, thus bring larger potential safety hazard;
(2) because the data of each audit scene are all stored into same storage space, storage space is caused to store a large amount of Audit datas, system manager undertaken by auditing system targetedly data retrieval time, need to use a large amount of search operaqtions, occupy the time that system manager is a large amount of, there is the problem that search efficiency is low.
Summary of the invention
For the defect that prior art exists, the invention provides a kind of the classification auditing method and the system that are applied to operation behavior auditing system, can effectively solve the problem.
The technical solution used in the present invention is as follows:
The invention provides a kind of classification auditing method being applied to operation behavior auditing system, comprise the following steps:
Step 1, divides into n class audit scene by the audit scene in operation behavior auditing system by functional category, is respectively the 1st class audit scene, the 2nd class audit scene ... n-th class audit scene; Wherein, n is natural number;
Step 2, definition and every class are audited the uniquely corresponding independently audit scenes function module of scene, therefore, will to audit scene with audit scene, the 2nd class of the 1st class ... the unique corresponding audit scenes function module of n-th class audit scene is designated as: the 1st class audit scenes function module, the 2nd class audit scenes function module ... n-th class audit scenes function module;
Step 3, in real time the operation behavior that designated account ID carries out is monitored, whenever there is operation behavior, obtain the application program ID run when there is this operation behavior, then, audit scene type when there is this operation behavior is judged according to application program ID;
Step 4, according to the audit scene type judging to obtain, the audit scenes function module corresponding with this audit scene type that invocation step 2 defines, and run the audit scenes function module called, the Audit data under record current audit scene.
Preferably, in step 1, the classification of described audit scene comprises: O&M audit scene, database audit scene, internet behavior audit scene and common application behavior auditing scene.
Preferably, functional module corresponding to scene of auditing with O&M is that O&M is audited scenes function module; The functional module corresponding with database audit scene is database audit scenes function module; Be that internet behavior is audited scenes function module with internet behavior functional module corresponding to scene of auditing; The functional module corresponding with common application behavior auditing scene is common application behavior auditing scenes function module.
Preferably, described O&M audit scenes function module to the workflow of auditing under current audit scene is:
(1) IP address and the linux accounts information of O&M destination host is obtained;
(2) the illegal rule of binding in advance with the IP address of O&M destination host and linux accounts information and audit strategy is obtained; Wherein, described audit strategy comprises illegal activities audit strategy and non-illegal activities audit strategy;
(3) judge according to the illegal of illegal rule to operation behavior content, if be illegal operation behavior, then adopt the corresponding Audit data of illegal activities audit strategy record; If be non-illegal operation behavior, then adopt the corresponding Audit data of non-illegal activities audit strategy record;
Described database audit scenes function module to the workflow of auditing under current audit scene is:
(1) the execution content for script of data base tool is obtained;
(2) account name of current operation database is obtained;
(3) the illegal rule of binding in advance with account name and audit strategy is obtained; Wherein, described audit strategy comprises illegal activities audit strategy and non-illegal activities audit strategy;
(4) judge according to the illegal of illegal rule to accessed execution content for script, if be illegal execution script, then adopt the corresponding Audit data of illegal activities audit strategy record; If be that non-illegal performs script, then adopt the corresponding Audit data of non-illegal activities audit strategy record;
Described internet behavior audit scenes function module to the workflow of auditing under current audit scene is:
The http request that record browser sends, records frame of video when operation behavior occurs simultaneously;
Described common application behavior auditing scenes function module to the workflow of auditing under current audit scene is:
(1) accounts information is obtained;
(2) the illegal rule of binding in advance with accounts information and audit strategy is obtained; Wherein, described audit strategy comprises illegal activities audit strategy and non-illegal activities audit strategy;
(3) judge according to the illegal of illegal rule to operation behavior content, if be illegal operation behavior, then adopt the corresponding Audit data of illegal activities audit strategy record; If be non-illegal operation behavior, then adopt the corresponding Audit data of non-illegal activities audit strategy record.
Preferably, in step 4, the Audit data under record current audit scene, is specially:
Configure scene of auditing with the 1st class respectively, the 2nd class audits scene ... n-th unique the 1st corresponding class Audit data memory block of class audit scene, the 2nd class Audit data memory block ... n-th class Audit data memory block; Further, physical isolation and logic isolation are carried out each other in all kinds of Audit data memory block;
Therefore, the relevant Audit data got is stored into the 1st class Audit data memory block by the 1st class audit scenes function module;
The relevant Audit data got is stored into the 2nd class Audit data memory block by the 2nd class audit scenes function module;
…
The relevant Audit data got is stored into the n-th class Audit data memory block by the n-th class audit scenes function module.
Preferably, also comprise:
The rights of using of configuration to all kinds of audit scenes function module, in addition, configure the access rights to all kinds of Audit data memory block;
Based on configured access rights, data retrieval is carried out to the Audit data memory block with authority.
The present invention also provides a kind of classification auditing system being applied to operation behavior auditing system, comprising:
Audit scene type divides module, for the audit scene in operation behavior auditing system is divided into n class audit scene by functional category, is respectively the 1st class audit scene, the 2nd class audit scene ... n-th class audit scene; Wherein, n is natural number;
Definition module, for defining the unique corresponding independently audit scenes function module of scene of auditing with every class;
Operation behavior acquisition module, monitors the operation behavior that designated account ID carries out for real-time, obtains the operation behavior occurred;
Audit scene type judge module, the application program ID run during for obtaining and this operation behavior occurring, then, judges audit scene type when there is this operation behavior according to application program ID;
Audit scenes function module calling module, for according to the audit scene type judging to obtain, calls the defined audit scenes function module corresponding with this audit scene type, and runs the audit scenes function module called;
Audit data partitioned storage module, for by call the Audit data obtained in audit scenes function module and be stored into corresponding Audit data memory block.
Preferably, also comprise:
Permission configuration module, for configuring the rights of using to all kinds of audit scenes function module, in addition, configures the access rights to all kinds of Audit data memory block;
Retrieval module, for based on configured access rights, carries out data retrieval to the Audit data memory block with authority.
Provided by the invention be applied to operation behavior auditing system classification auditing method and system have the following advantages:
Audit scene is divided into multiclass audit scene by functional category, and for every class audit scene, definition is audit scenes function module independently, and, the Audit data partitioned storage that every class audit scenes function module obtains.Because each Audit data partition holding has carried out the isolation of physics and logic aspect, the audit management personnel under guarantee different audit scene can not see the Audit data of the other side mutually, thus improve the data security of auditing system.And, due to the Audit data partitioned storage under all kinds of audit scene, therefore, conveniently carry out retrieving and backing up.
Accompanying drawing explanation
Fig. 1 is the schematic flow sheet being applied to the classification auditing method of operation behavior auditing system provided by the invention;
Fig. 2 is the structural representation being applied to the classification auditing system of operation behavior auditing system provided by the invention.
Embodiment
In order to make technical matters solved by the invention, technical scheme and beneficial effect clearly understand, below in conjunction with drawings and Examples, the present invention is further elaborated.Should be appreciated that specific embodiment described herein only in order to explain the present invention, be not intended to limit the present invention.
The invention provides a kind of classification auditing method for operation behavior auditing system and system, main thought is: audit scene is divided into multiclass audit scene by functional category, for every class audit scene, definition is audit scenes function module independently, further, the Audit data partitioned storage that obtains of every class audit scenes function module.Because each Audit data partition holding has carried out the isolation of physics and logic aspect, the audit management personnel under guarantee different audit scene can not see the Audit data of the other side mutually, thus improve the data security of auditing system.And, due to the Audit data partitioned storage under all kinds of audit scene, therefore, conveniently carry out retrieving and backing up.
Concrete, composition graphs 1, the invention provides a kind of classification auditing method being applied to operation behavior auditing system, comprises the following steps:
Step 1, divides into n class audit scene by the audit scene in operation behavior auditing system by functional category, is respectively the 1st class audit scene, the 2nd class audit scene ... n-th class audit scene; Wherein, n is natural number;
Such as, the classification of scene of auditing can be divided into: O&M audit scene, database audit scene, internet behavior audit scene and common application behavior auditing scene.
Step 2, definition and every class are audited the uniquely corresponding independently audit scenes function module of scene, therefore, will to audit scene with audit scene, the 2nd class of the 1st class ... the unique corresponding audit scenes function module of n-th class audit scene is designated as: the 1st class audit scenes function module, the 2nd class audit scenes function module ... n-th class audit scenes function module;
Such as, to audit below definable scenes function module: be that O&M is audited scenes function module with O&M functional module corresponding to scene of auditing; The functional module corresponding with database audit scene is database audit scenes function module; Be that internet behavior is audited scenes function module with internet behavior functional module corresponding to scene of auditing; The functional module corresponding with common application behavior auditing scene is common application behavior auditing scenes function module.
Step 3, in real time the operation behavior that designated account ID carries out is monitored, whenever there is operation behavior, obtain the application program ID run when there is this operation behavior, then, audit scene type when there is this operation behavior is judged according to application program ID;
Step 4, according to the audit scene type judging to obtain, the audit scenes function module corresponding with this audit scene type that invocation step 2 defines, and run the audit scenes function module called, the Audit data under record current audit scene.
Concrete, the four kinds of audit scenes function modules related to for illustrating above, can perform by following workflow respectively:
O&M audit scenes function module to the workflow of auditing under current audit scene is:
(1) IP address and the linux accounts information of O&M destination host is obtained;
(2) the illegal rule of binding in advance with the IP address of O&M destination host and linux accounts information and audit strategy is obtained; Wherein, audit strategy comprises illegal activities audit strategy and non-illegal activities audit strategy;
(3) O&M command context is captured, and judge according to the illegal of illegal rule to O&M command context, if be illegal operation behavior, then adopt the corresponding Audit data of illegal activities audit strategy record, such as, frame of video when O&M command context occurs and O&M text data is recorded; If be non-illegal operation behavior, then adopt the corresponding Audit data of non-illegal activities audit strategy record, such as, only record O&M text data, not recording of video frame;
Database audit scenes function module to the workflow of auditing under current audit scene is:
(1) the execution content for script of data base tool is obtained;
(2) account name of current operation database is obtained;
(3) the illegal rule of binding in advance with account name and audit strategy is obtained; Wherein, audit strategy comprises illegal activities audit strategy and non-illegal activities audit strategy;
(4) judge according to the illegal of illegal rule to accessed execution content for script, if for illegal performs script, then adopt the corresponding Audit data of illegal activities audit strategy record, such as, record performs frame of video when script runs and performs content for script simultaneously; If be that non-illegal performs script, then adopt the corresponding Audit data of non-illegal activities audit strategy record, such as, only record performs content for script, not recording of video frame;
Internet behavior audit scenes function module to the workflow of auditing under current audit scene is:
The http request that record browser sends, records frame of video when operation behavior occurs simultaneously;
Common application behavior auditing scenes function module to the workflow of auditing under current audit scene is:
(1) accounts information is obtained;
(2) the illegal rule of binding in advance with accounts information and audit strategy is obtained; Wherein, audit strategy comprises illegal activities audit strategy and non-illegal activities audit strategy;
(3) judge according to the illegal of illegal rule to operation behavior content, if be illegal operation behavior, then adopt the corresponding Audit data of illegal activities audit strategy record; If be non-illegal operation behavior, then adopt the corresponding Audit data of non-illegal activities audit strategy record.
Certainly, in practical application, can according to the classification of audit scene, the corresponding illegal rule of definition and audit strategy flexibly, the present invention does not limit this.
In addition, for the Audit data obtained under current audit scene, in the following manner partitioned storage:
Configure scene of auditing with the 1st class respectively, the 2nd class audits scene ... n-th unique the 1st corresponding class Audit data memory block of class audit scene, the 2nd class Audit data memory block ... n-th class Audit data memory block; Further, physical isolation and logic isolation are carried out each other in all kinds of Audit data memory block;
Therefore, the relevant Audit data got is stored into the 1st class Audit data memory block by the 1st class audit scenes function module;
The relevant Audit data got is stored into the 2nd class Audit data memory block by the 2nd class audit scenes function module;
…
The relevant Audit data got is stored into the n-th class Audit data memory block by the n-th class audit scenes function module.
Such as, for large-scale auditing system, audit scene is more, following five data storage partition can be divided into, carry out record to the Audit data of each audit scene respectively, system can select SQLServer, and the HDFS of HADOOP etc. carry out stored record, when data volume is larger, suggestion selects the distributed file system HDFS of hadoop to store.
Wherein, 1: 2:DBA administrator data district, O&M scenarios data field 3: common application data field 4: online service data district.5: configuration data district
Configuration data district is used for recording illegal rule and audit strategy, and each Audit data district carries out physics or logic isolation.The audit administrator of different scene can only see the Audit data under oneself managing scene.
In addition, also comprise:
The rights of using of configuration to all kinds of audit scenes function module, in addition, configure the access rights to all kinds of Audit data memory block; Based on configured access rights, data retrieval is carried out to the Audit data memory block with authority.
Concrete, the authority of each audit scenes function module can configure separately, if under repertoire is deployed in the prerequisite of same web data retrieval server, according to the independent configuration of functional module authority, the keeper under a scene can be allowed only to see contextual data under oneself management, and the Audit data of other scenes cannot be seen, thus improve security of system.In addition, the present invention supports that multiple stage web data retrieval server is concurrent, and user can select physically-isolated mode to dispose.
Visible, the present invention has following innovation:
(1) to crossing, functional category differentiation being carried out to the audit scene under large-scale auditing system, significantly can promote facility and the security of data retrieval;
(2) owing to having carried out the classification of audit scene, for the keeper under each scene, owing to only seeing this scene Audit data, fast searching navigates to the data field of care, there is no the interference of other scene Audit datas, thus recall precision is improved more than 1 times;
(3) because Audit data takes partitioned storage, and each Audit data district isolates, the keeper of all kinds of scene, and only see the Audit data under to one's name classifying, data security is guaranteed.
(4) by configuration independently audit scenes function module, each audit scenes function module can be implemented separately, therefore, in reality, user as required, can only buy the partial audit scenes function module required for oneself, convenient for users, save user's buying expenses.
Composition graphs 2, the present invention also provides a kind of classification auditing system being applied to operation behavior auditing system, comprising:
Audit scene type divides module, for the audit scene in operation behavior auditing system is divided into n class audit scene by functional category, is respectively the 1st class audit scene, the 2nd class audit scene ... n-th class audit scene; Wherein, n is natural number;
Definition module, for defining the unique corresponding independently audit scenes function module of scene of auditing with every class;
Operation behavior acquisition module, monitors the operation behavior that designated account ID carries out for real-time, obtains the operation behavior occurred;
Audit scene type judge module, the application program ID run during for obtaining and this operation behavior occurring, then, judges audit scene type when there is this operation behavior according to application program ID;
Audit scenes function module calling module, for according to the audit scene type judging to obtain, calls the defined audit scenes function module corresponding with this audit scene type, and runs the audit scenes function module called;
Audit data partitioned storage module, for by call the Audit data obtained in audit scenes function module and be stored into corresponding Audit data memory block.
Also comprise:
Permission configuration module, for configuring the rights of using to all kinds of audit scenes function module, in addition, configures the access rights to all kinds of Audit data memory block;
Retrieval module, for based on configured access rights, carries out data retrieval to the Audit data memory block with authority.
As can be seen here, provided by the invention be applied to operation behavior auditing system classification auditing method and system have the following advantages:
(1) it is more that the audit scene faced is applied in large-scale audit, comprising O&M scenarios, business scenario, outsourcing service provider's scene etc., if the higher differentiation of fine granularity can not be carried out from functional perspective, after practical application, all different audit management roles are from same data retrieval area reseach, very not convenient.And the present invention effectively solves the problems referred to above, from functional perspective, the higher differentiation of fine granularity is carried out to audit scene, thus improve recall precision.
(2) in conventional art, due to audit strategy, the illegal rule difference of different audit scenes, need to formulate illegal rule and audit strategy respectively, if and not to audit scene carry out Function Classification, by causing the formulation process of illegal rule and audit strategy very loaded down with trivial details, even do not possess operational feasibility.And the present invention, by carrying out Function Classification to audit scene, simplify the formulation process of illegal rule and audit strategy.
(3) in general, data retrieval between the audit management personnel of different application scene is maintained secrecy mutually, such as O&M operation behavior audit management personnel should not see the Audit data under business scenario, but, in conventional art, owing to not carrying out audit scene classification, therefore, data between the managerial personnel of same audit rank can be seen mutually, thus bring larger potential safety hazard.And in the present invention, by carrying out Function Classification to audit scene, avoiding the problems referred to above, improve security of system.
(4) in the backup procedure of Audit data in the past, the Audit data of different stage can only be selected to back up, cannot back up from classification.And in reality, the backup request of different classes of Audit data is different, such as the Audit data that O&M operates under Audit data and business scenario is completely different to backup request, and conventional art cannot solve the problem.And the present invention, by carrying out Function Classification to audit scene, and partitioned storage being carried out to Audit data, being conducive to backing up Audit data.
(5) the audit scene of generally large-scale auditing system is more, and need different subsystems to implement, system is very complicated.And the present invention, configuration independently multiple audit scenes function module, can according to the actual requirements, one or several audit scenes function module of flexible arrangement, has the advantage of flexible configuration.
The above is only the preferred embodiment of the present invention; it should be pointed out that for those skilled in the art, under the premise without departing from the principles of the invention; can also make some improvements and modifications, these improvements and modifications also should look protection scope of the present invention.
Claims (8)
1. be applied to a classification auditing method for operation behavior auditing system, it is characterized in that, comprise the following steps:
Step 1, divides into n class audit scene by the audit scene in operation behavior auditing system by functional category, is respectively the 1st class audit scene, the 2nd class audit scene ... n-th class audit scene; Wherein, n is natural number;
Step 2, definition and every class are audited the uniquely corresponding independently audit scenes function module of scene, therefore, will to audit scene with audit scene, the 2nd class of the 1st class ... the unique corresponding audit scenes function module of n-th class audit scene is designated as: the 1st class audit scenes function module, the 2nd class audit scenes function module ... n-th class audit scenes function module;
Step 3, in real time the operation behavior that designated account ID carries out is monitored, whenever there is operation behavior, obtain the application program ID run when there is this operation behavior, then, audit scene type when there is this operation behavior is judged according to application program ID;
Step 4, according to the audit scene type judging to obtain, the audit scenes function module corresponding with this audit scene type that invocation step 2 defines, and run the audit scenes function module called, Audit data under record current audit scene, further, the Audit data obtained is recorded to different data storage areas by each audit scenes function module.
2. the classification auditing method being applied to operation behavior auditing system according to claim 1, it is characterized in that, in step 1, the classification of described audit scene comprises: O&M audit scene, database audit scene, internet behavior audit scene and common application behavior auditing scene.
3. the classification auditing method being applied to operation behavior auditing system according to claim 2, is characterized in that, is that O&M is audited scenes function module with O&M functional module corresponding to scene of auditing; The functional module corresponding with database audit scene is database audit scenes function module; Be that internet behavior is audited scenes function module with internet behavior functional module corresponding to scene of auditing; The functional module corresponding with common application behavior auditing scene is common application behavior auditing scenes function module.
4. the classification auditing method being applied to operation behavior auditing system according to claim 3, is characterized in that, described O&M audit scenes function module to the workflow of auditing under current audit scene is:
(1) IP address and the linux accounts information of O&M destination host is obtained;
(2) the illegal rule of binding in advance with the IP address of O&M destination host and linux accounts information and audit strategy is obtained; Wherein, described audit strategy comprises illegal activities audit strategy and non-illegal activities audit strategy;
(3) judge according to the illegal of illegal rule to operation behavior content, if be illegal operation behavior, then adopt the corresponding Audit data of illegal activities audit strategy record; If be non-illegal operation behavior, then adopt the corresponding Audit data of non-illegal activities audit strategy record;
Described database audit scenes function module to the workflow of auditing under current audit scene is:
(1) the execution content for script of data base tool is obtained;
(2) account name of current operation database is obtained;
(3) the illegal rule of binding in advance with account name and audit strategy is obtained; Wherein, described audit strategy comprises illegal activities audit strategy and non-illegal activities audit strategy;
(4) judge according to the illegal of illegal rule to accessed execution content for script, if be illegal execution script, then adopt the corresponding Audit data of illegal activities audit strategy record; If be that non-illegal performs script, then adopt the corresponding Audit data of non-illegal activities audit strategy record;
Described internet behavior audit scenes function module to the workflow of auditing under current audit scene is:
The http request that record browser sends, records frame of video when operation behavior occurs simultaneously;
Described common application behavior auditing scenes function module to the workflow of auditing under current audit scene is:
(1) accounts information is obtained;
(2) the illegal rule of binding in advance with accounts information and audit strategy is obtained; Wherein, described audit strategy comprises illegal activities audit strategy and non-illegal activities audit strategy;
(3) judge according to the illegal of illegal rule to operation behavior content, if be illegal operation behavior, then adopt the corresponding Audit data of illegal activities audit strategy record; If be non-illegal operation behavior, then adopt the corresponding Audit data of non-illegal activities audit strategy record.
5. the classification auditing method being applied to operation behavior auditing system according to claim 1, is characterized in that, in step 4, the Audit data under record current audit scene, is specially:
Configure scene of auditing with the 1st class respectively, the 2nd class audits scene ... n-th unique the 1st corresponding class Audit data memory block of class audit scene, the 2nd class Audit data memory block ... n-th class Audit data memory block; Further, physical isolation and logic isolation are carried out each other in all kinds of Audit data memory block;
Therefore, the relevant Audit data got is stored into the 1st class Audit data memory block by the 1st class audit scenes function module;
The relevant Audit data got is stored into the 2nd class Audit data memory block by the 2nd class audit scenes function module;
…
The relevant Audit data got is stored into the n-th class Audit data memory block by the n-th class audit scenes function module.
6. the classification auditing method being applied to operation behavior auditing system according to claim 5, is characterized in that, also comprise:
The rights of using of configuration to all kinds of audit scenes function module, in addition, configure the access rights to all kinds of Audit data memory block;
Based on configured access rights, data retrieval is carried out to the Audit data memory block with authority.
7. be applied to a classification auditing system for operation behavior auditing system, it is characterized in that, comprising:
Audit scene type divides module, for the audit scene in operation behavior auditing system is divided into n class audit scene by functional category, is respectively the 1st class audit scene, the 2nd class audit scene ... n-th class audit scene; Wherein, n is natural number;
Definition module, for defining the unique corresponding independently audit scenes function module of scene of auditing with every class;
Operation behavior acquisition module, monitors the operation behavior that designated account ID carries out for real-time, obtains the operation behavior occurred;
Audit scene type judge module, the application program ID run during for obtaining and this operation behavior occurring, then, judges audit scene type when there is this operation behavior according to application program ID;
Audit scenes function module calling module, for according to the audit scene type judging to obtain, calls the defined audit scenes function module corresponding with this audit scene type, and runs the audit scenes function module called;
Audit data partitioned storage module, for by call the Audit data obtained in audit scenes function module and be stored into corresponding Audit data memory block.
8. the classification auditing system being applied to operation behavior auditing system according to claim 7, is characterized in that, also comprise:
Permission configuration module, for configuring the rights of using to all kinds of audit scenes function module, in addition, configures the access rights to all kinds of Audit data memory block;
Retrieval module, for based on configured access rights, carries out data retrieval to the Audit data memory block with authority.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510821821.6A CN105426780A (en) | 2015-11-24 | 2015-11-24 | Classification auditing method and system applied to operation behavior auditing system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510821821.6A CN105426780A (en) | 2015-11-24 | 2015-11-24 | Classification auditing method and system applied to operation behavior auditing system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105426780A true CN105426780A (en) | 2016-03-23 |
Family
ID=55504983
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510821821.6A Pending CN105426780A (en) | 2015-11-24 | 2015-11-24 | Classification auditing method and system applied to operation behavior auditing system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105426780A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107437025A (en) * | 2017-08-07 | 2017-12-05 | 郑州云海信息技术有限公司 | A kind of Data Audit method and device |
| CN107659539A (en) * | 2016-07-26 | 2018-02-02 | 中国电信股份有限公司 | Method for auditing safely and device |
| CN110930113A (en) * | 2019-11-18 | 2020-03-27 | 安徽天勤盛创信息科技股份有限公司 | Audit project management service system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101895628A (en) * | 2010-05-21 | 2010-11-24 | 中山大学 | System and method for recording multiple operation behaviors of mobile phone |
| US20140362404A1 (en) * | 2013-06-11 | 2014-12-11 | Ricoh Company, Ltd. | Data management system, data management method, and data management apparatus |
| CN105049228A (en) * | 2015-06-12 | 2015-11-11 | 北京奇虎科技有限公司 | Method and apparatus for auditing operation and maintenance operation |
-
2015
- 2015-11-24 CN CN201510821821.6A patent/CN105426780A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101895628A (en) * | 2010-05-21 | 2010-11-24 | 中山大学 | System and method for recording multiple operation behaviors of mobile phone |
| US20140362404A1 (en) * | 2013-06-11 | 2014-12-11 | Ricoh Company, Ltd. | Data management system, data management method, and data management apparatus |
| CN105049228A (en) * | 2015-06-12 | 2015-11-11 | 北京奇虎科技有限公司 | Method and apparatus for auditing operation and maintenance operation |
Non-Patent Citations (2)
| Title |
|---|
| ADAM JORGENSEN ET AL.: "《微软大数据解决方案》", 31 May 2015 * |
| 中关村的大山: "AuditSys-3.0配置手册", 《HTTPS://WENKU.BAIDU.COM/VIEW/CBE800ABB4DAA58DA1114A4A.HTML?FROM=SEARCH》 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107659539A (en) * | 2016-07-26 | 2018-02-02 | 中国电信股份有限公司 | Method for auditing safely and device |
| CN107437025A (en) * | 2017-08-07 | 2017-12-05 | 郑州云海信息技术有限公司 | A kind of Data Audit method and device |
| CN110930113A (en) * | 2019-11-18 | 2020-03-27 | 安徽天勤盛创信息科技股份有限公司 | Audit project management service system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10560460B2 (en) | Management of data of user groups and maintenance of communication thereof | |
| Wu et al. | Cloud storage as the infrastructure of cloud computing | |
| EP3646226B1 (en) | Access control manager configuration based on log files mining | |
| Al-Ghofaili et al. | ERP system adoption traditional ERP systems vs. cloud-based ERP systems | |
| US20170286465A1 (en) | Data management for tenants | |
| CN102170457A (en) | Method and device for providing service for tenants of application | |
| Neves et al. | Big Data in Cloud Computing: features and issues | |
| CN105005528A (en) | Log information extraction method and apparatus | |
| US11868310B2 (en) | Composite storage of objects in multi-tenant devices | |
| CN102521114A (en) | File system log storage system under virtualization environment | |
| CN109033365B (en) | Data processing method and related equipment | |
| CN105426780A (en) | Classification auditing method and system applied to operation behavior auditing system | |
| CN106126427A (en) | A kind of method and system of fast quick-recovery test | |
| CN102053855B (en) | Software generation system and method | |
| CN112785248B (en) | Human resource data cross-organization interaction method, device, equipment and storage medium | |
| CN104156669A (en) | Computer information evidence obtaining system | |
| US20170091785A1 (en) | Reliance measurement technique in master data management (mdm) repositories and mdm repositories on clouded federated databases with linkages | |
| CN111291354B (en) | Device binding management method, system, readable storage medium and device terminal | |
| US10439897B1 (en) | Method and apparatus for enabling customized control to applications and users using smart tags | |
| US20090282083A1 (en) | configuration of multiple database audits | |
| CN115080309A (en) | Data backup system, method, storage medium, and electronic device | |
| Pise | Cloud Computing-Recent Trends in Information Technology. | |
| US11334600B1 (en) | Partial reloading in data synchronization | |
| CN106156904A (en) | A kind of cross-platform fictitious assets source tracing method based on eID | |
| CN107766216A (en) | It is a kind of to be used to obtain the method and apparatus using execution information |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160323 |