CN105488428A - Operation behavior recording method and system applied to operation behavior auditing system - Google Patents
Operation behavior recording method and system applied to operation behavior auditing system Download PDFInfo
- Publication number
- CN105488428A CN105488428A CN201510821962.8A CN201510821962A CN105488428A CN 105488428 A CN105488428 A CN 105488428A CN 201510821962 A CN201510821962 A CN 201510821962A CN 105488428 A CN105488428 A CN 105488428A
- Authority
- CN
- China
- Prior art keywords
- operation behavior
- violation
- account
- unlawful practice
- audit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/034—Test or assess a computer or a system
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides an operation behavior recording method and system applied to an operation behavior auditing system. The system comprises a violation rule definition module, a violation rule account binding module, an account auditing policy definition module, an operation behavior content data acquisition module, an account violation rule acquisition module, a violation judgment module and an auditing data recording module. The operation behavior recording method and system have the advantages that (1) an operation behavior is judged from the fine grit to whether the content of a behavior is violated or not, and it is defined that different auditing policies are adopted when a violation behavior and a non violation behavior occur, so that compared with a conventional auditing operation system, on the premise of meeting auditing requirements, the recording quantity of auditing data can be remarkably reduced and the occupation of storage space is reduced; and (2) violation data and non violation data are stored by partitioning, so that the retrieval can be carried out more efficiently and the data retrieval efficiency can be improved.
Description
Technical field
The invention belongs to operation behavior audit technique field, be specifically related to a kind of the operation behavior recording method and the system that are applied to operation behavior auditing system.
Background technology
Operation behavior auditing system is a kind of protection enterprises information security, prevents the system of enterprises information leakage, for safe class, bank, stock funds company, telecommunications company, concerning security matters unit etc. require that higher industry brings safety guarantee.
In traditional operation behavior auditing system, the Write strategy taked is: all recorded by all operations behavioral data captured, and comprises the frame of video etc. when Apply Names, title metadata, application window content and operation behavior occur.
The recording method of aforesaid operations behavioral data has the following disadvantages:
(1) when needing to carry out data search to recorded operation behavior data, such as, during the data retrieval of system manager for the purpose of by auditing system problem being positioned, need to use a large amount of search operaqtions, occupy the time that system manager is a large amount of, there is the problem that search efficiency is low;
(2) store setting targetedly because audit strategy can only arrive application layer, after causing the audit strategy of appointment application, also can record the undesired invalid data of a large amount of users, occupy a large amount of storage spaces.
Summary of the invention
For the defect that prior art exists, the invention provides a kind of the operation behavior recording method and the system that are applied to operation behavior auditing system, can effectively solve the problem.
The technical solution used in the present invention is as follows:
The invention provides a kind of operation behavior recording method being applied to operation behavior auditing system, comprise the following steps:
Step 1, defines at least one corresponding respectively with often kind of operation behavior rule in violation of rules and regulations; And formulated violation rule is bound with each account ID;
Step 2, defines the behavior auditing strategy corresponding respectively with each account ID; Wherein, described behavior auditing strategy comprises unlawful practice audit strategy and to non-unlawful practice audit strategy;
Step 3, monitors the operation behavior that designated account ID carries out in real time, whenever there is operation behavior, obtains operation behavior content-data;
Then, violation rule corresponding to this destiny account is obtained according to designated account ID; Then, judge whether described operation behavior content-data belongs to the regular unlawful practice defined of described violation, if judged result is yes, then performs step 4; Otherwise, perform step 5;
Step 4, obtains the unlawful practice audit strategy corresponding with designated account ID, and based on the corresponding Audit data of described unlawful practice audit strategy record;
Step 5, obtains the non-unlawful practice audit strategy corresponding with designated account ID, and based on the corresponding Audit data of described non-unlawful practice audit strategy record.
Preferably, in step 1, the violation rule defined is unlawful practice, adopts following two kinds of modes to define: the first kind, for obtaining the operation behavior operating concrete word content, adopt metadata, i.e. title definition mode, defines the unlawful practice corresponding to this operation behavior: Equations of The Second Kind, for obtaining the operation behavior operating concrete word content, adopt the descriptive language of content-level, define the unlawful practice corresponding to this operation behavior.
Preferably, described unlawful practice audit strategy refers to: when analyzing the unlawful practice that destiny account is specified, and needs the Audit data of record; Described non-unlawful practice audit strategy refers to: when analyzing the non-unlawful practice that destiny account is specified, and needs the Audit data of record.
Preferably, after step 3, also comprise:
The warning strategies that predefine is corresponding respectively with each account ID; When monitoring designated account ID and corresponding unlawful practice occurring, the warning strategies corresponding with account ID is adopted to carry out alarm.
Preferably, after step 5, also comprise:
The Audit data partitioned storage that the Audit data record generation unlawful practice and the non-violation row of generation record.
The present invention also provides a kind of operation behavior register system being applied to operation behavior auditing system, comprising:
Rule-definition module in violation of rules and regulations, for defining at least one corresponding respectively with often kind of operation behavior rule in violation of rules and regulations;
Regular account binding module in violation of rules and regulations, is tied to corresponding account ID for the violation rule defined by described violation rule-definition module;
Account audit strategy definition module, for defining the behavior auditing strategy corresponding respectively with each account ID; Wherein, described behavior auditing strategy comprises unlawful practice audit strategy and to non-unlawful practice audit strategy;
Operation behavior content-data acquisition module, monitors the operation behavior that designated account ID carries out for real-time, whenever there is operation behavior, obtains operation behavior content-data;
Account is rule acquisition module in violation of rules and regulations, for obtaining violation rule corresponding to this destiny account according to designated account ID;
Property judge module in violation of rules and regulations, for judging whether described operation behavior content-data belongs to the regular unlawful practice defined of described violation;
Audit data logging modle, when there is unlawful practice for determining when described violation judge module, obtains the unlawful practice audit strategy corresponding with designated account ID, and based on the corresponding Audit data of described unlawful practice audit strategy record;
Also for: when described violation judge module determine there is non-unlawful practice time, obtain the non-unlawful practice audit strategy corresponding with designated account ID, and based on the corresponding Audit data of described non-unlawful practice audit strategy record.
Preferably, also comprise:
Warning strategies definition module, for the warning strategies that predefine is corresponding respectively with each account ID;
Alarm module, for when monitoring designated account ID and corresponding unlawful practice occurring, adopts the warning strategies corresponding with account ID to carry out alarm.
Provided by the invention be applied to operation behavior auditing system operation behavior recording method and system have the following advantages:
(1) owing to having carried out fine granularity to operation behavior to the whether in violation of rules and regulations judgement of certain content of the act, and define when there is unlawful practice and non-unlawful practice, take different audit strategies.Therefore, compared with traditional audit operating system, under the prerequisite meeting audit requirement, obviously can reduce the record quantity of Audit data, reduce taking of storage space;
(2) because violation data and non-violation data partition store, be conducive to retrieving more efficiently, improve data search efficiency.
Accompanying drawing explanation
Fig. 1 is the schematic flow sheet being applied to the operation behavior recording method of operation behavior auditing system provided by the invention;
Fig. 2 is the structural representation being applied to the operation behavior register system of operation behavior auditing system provided by the invention.
Embodiment
In order to make technical matters solved by the invention, technical scheme and beneficial effect clearly understand, below in conjunction with drawings and Examples, the present invention is further elaborated.Should be appreciated that specific embodiment described herein only in order to explain the present invention, be not intended to limit the present invention.
The invention provides a kind of operation behavior recording method being applied to operation behavior auditing system, main thought is: predefine often plants the unlawful practice of operation behavior; Then, for each operation behavior monitored, first carry out violation and judge, if be violation operation behavior, then take the Audit data that the audit strategy record corresponding to violation operation behavior is relevant; And if be non-violation operation behavior, then take the Audit data that the another kind of audit strategy record corresponding to non-violation operation behavior is relevant.Due to for operation behavior whether in violation of rules and regulations, take different audit strategies, thus the relevant issues that can solve all operations behavior all being recorded of conventional art existence and bring.
Concrete, composition graphs 1, the invention provides a kind of operation behavior recording method being applied to operation behavior auditing system, comprises the following steps:
Step 1, defines at least one corresponding respectively with often kind of operation behavior rule in violation of rules and regulations; And formulated violation rule is bound with each account ID;
In this step, the violation rule defined is unlawful practice, and, in the present invention, only need to define unlawful practice, do not need to define non-unlawful practice.In addition, following two kinds of modes are adopted to define unlawful practice: the first kind, for obtaining the operation behavior operating concrete word content, adopt metadata, i.e. title definition mode, defines the unlawful practice corresponding to this operation behavior: Equations of The Second Kind, for obtaining the operation behavior operating concrete word content, adopt the descriptive language of content-level, define the unlawful practice corresponding to this operation behavior.
In the present invention, by the reason that rule and account ID are bound in violation of rules and regulations be: because account corresponds to worker, so, the process means taked after each account violation can be not identical, so, need rule and account ID to bind in violation of rules and regulations, more realistic regulatory requirement.
Step 2, defines the behavior auditing strategy corresponding respectively with each account ID; Wherein, behavior auditing strategy comprises unlawful practice audit strategy and to non-unlawful practice audit strategy;
Concrete, unlawful practice audit strategy refers to: when analyzing the unlawful practice that destiny account is specified, and needs the Audit data of record; Non-unlawful practice audit strategy refers to: when analyzing the non-unlawful practice that destiny account is specified, and needs the Audit data of record.
Wherein, Audit data comprises: frame of video when title metadata, application window content and operation behavior occur.
Such as, unlawful practice audit strategy may be defined as: when analyzing the unlawful practice that destiny account is specified, frame of video when needing the Audit data of record to be the generation of title metadata, application window content and operation behavior; Non-unlawful practice audit strategy refers to: when analyzing the non-unlawful practice that destiny account is specified, and the Audit data needing record is title metadata, application window content, does not need to record frame of video when operation behavior occurs.
That is, according to operation behavior whether in violation of rules and regulations the present invention, and distinguishes different audit strategies.And under normal circumstances, user is general only more interested in the operation behavior under breaking the rules, so when there is the operation behavior broken the rules, whole Audit datas is all recorded by the present invention; And when there is the non-operation behavior broken the rules, only simple record header metadata and application window content, and do not record frame of video when operation behavior occurs, thus reduce taking of storage space.
In addition, the present invention is configured with custom block, and user can carry out self-defined to the data record behavior after its violation for account.
Step 3, monitors the operation behavior that designated account ID carries out in real time, whenever there is operation behavior, obtains operation behavior content-data;
Then, violation rule corresponding to this destiny account is obtained according to designated account ID; Then, judge whether operation behavior content-data belongs to the regular unlawful practice defined in violation of rules and regulations, if judged result is yes, then performs step 4; Otherwise, perform step 5;
Step 4, obtains the unlawful practice audit strategy corresponding with designated account ID, and based on the corresponding Audit data of unlawful practice audit strategy record;
Step 5, obtains the non-unlawful practice audit strategy corresponding with designated account ID, and based on the corresponding Audit data of non-unlawful practice audit strategy record.
In addition, after step 3, also comprise:
The warning strategies that predefine is corresponding respectively with each account ID; When monitoring designated account ID and corresponding unlawful practice occurring, the warning strategies corresponding with account ID is adopted to carry out alarm.Such as, specify and alarm data is produced for some unlawful practice, and appointment recipient can be sent to, so that operation maintenance personnel is for the operation Real-time Obtaining of some danger with the form of form in real time.
After step 5, also comprise:
The Audit data partitioned storage that the Audit data record generation unlawful practice and the non-violation row of generation record.
Traditional operation behavior auditing system, operation behavior is not carried out in violation of rules and regulations and the logic distinguishing of non-violation, cause all data mixed in together, in the reservation of violation data, due to can only archives data in select time section, data in violation of rules and regulations cannot be picked out and carry out long term archival.Therefore, stale data for a long time generally can only all be deleted by user.
And in the present invention, will store in data and non-violation data partition in violation of rules and regulations, when storage resources is certain, more long-term preservation can be realized to violation data, and for non-violation data, can regularly delete.This audit measure more meets the requirement of audit specification.
In addition, because violation data and non-violation data partition store, be more conducive to, to Audit data retrieval, Audit data effectiveness of retrieval can being improved.Further, in practical application, can realize with rule being that dimension is retrieved, all accounts violating same rule can be retrieved, convenient audit.Also can strengthen the station-keeping ability to required Audit data.
As shown in Figure 2, the present invention also provides a kind of operation behavior register system being applied to operation behavior auditing system, comprising:
Rule-definition module in violation of rules and regulations, for defining at least one corresponding respectively with often kind of operation behavior rule in violation of rules and regulations;
Regular account binding module in violation of rules and regulations, is tied to corresponding account ID for the violation rule defined by violation rule-definition module;
Account audit strategy definition module, for defining the behavior auditing strategy corresponding respectively with each account ID; Wherein, behavior auditing strategy comprises unlawful practice audit strategy and to non-unlawful practice audit strategy;
Operation behavior content-data acquisition module, monitors the operation behavior that designated account ID carries out for real-time, whenever there is operation behavior, obtains operation behavior content-data;
Account is rule acquisition module in violation of rules and regulations, for obtaining violation rule corresponding to this destiny account according to designated account ID;
Property judge module in violation of rules and regulations, for judging whether operation behavior content-data belongs to the regular unlawful practice defined in violation of rules and regulations;
Audit data logging modle, for when property judge module determines generation unlawful practice in violation of rules and regulations, obtains the unlawful practice audit strategy corresponding with designated account ID, and based on the corresponding Audit data of unlawful practice audit strategy record;
Also for: when violation judge module determine there is non-unlawful practice time, obtain the non-unlawful practice audit strategy corresponding with designated account ID, and based on the corresponding Audit data of non-unlawful practice audit strategy record.
Also comprise:
Warning strategies definition module, for the warning strategies that predefine is corresponding respectively with each account ID;
Alarm module, for when monitoring designated account ID and corresponding unlawful practice occurring, adopts the warning strategies corresponding with account ID to carry out alarm.
Enumerate two specific embodiment of the invention below:
Embodiment one:
Rule-definition module takes the rule of content-level to define in violation of rules and regulations, that is: the rule for content defines, for SecureCRT, Putty etc., linux, unix system maintenance instrument, carry out the rule definition of performed command level, then defined rule is tied in linux account, further, to the audit strategy of linux account definition be: when there is unlawful practice, frame of video when record header metadata, application window content and operation behavior occur simultaneously; And when there is non-unlawful practice, a record header metadata, application window content.Result shows, only has after the order that breaks the rules occurs, system just automatically the generation of record header metadata, application window content and operation behavior time frame of video; And during the order broken the rules, only have recorded title metadata, application window content.
Embodiment two:
To the application without the need to recording content of operation, such as browser etc., when carrying out rule definition, only carrying out the rule definition of title metadata, such as, to some particular webpage navigation patterns, belonging to the unlawful practice of certain account.When carrying out audit strategy definition, still take: when there is unlawful practice, frame of video when record header metadata, application window content and operation behavior occur simultaneously; And when there is non-unlawful practice, a record header metadata, application window content.Result shows, the Audit data entry that the present invention significantly can reduce storage space and record.
As can be seen here, operation behavior recording method and the system being applied to operation behavior auditing system provided by the invention, owing to having carried out fine granularity to operation behavior to the whether in violation of rules and regulations judgement of certain content of the act, and define when there is unlawful practice and non-unlawful practice, take different audit strategies.Such as, for unlawful practice, just carry out the record of frame of video or metadata.Therefore, compared with traditional audit operating system, the present invention, under the prerequisite meeting audit requirement, obviously can reduce the record quantity of Audit data, reduce taking of storage space; During frame of video when only recording unlawful practice, storage space on average only has original less than 1/10th, and the storage space used under unlawful practice almost absent variable scene only has below one of original percentage.
In addition, because violation data and non-violation data partition store, be conducive to retrieving more efficiently, improve data search efficiency.Concrete, the present invention is when retrieving, and when retrieving unlawful practice, operation steps decreases over half, and need not filter out unlawful practice data for a long time, and shorten retrieval time, the retrieval time spent is less than original 1/20th; And in duration longer session, that then saves retrieval time is more, be below one of original percentage, the effect of saving time of expection reaches completely.
The above is only the preferred embodiment of the present invention; it should be pointed out that for those skilled in the art, under the premise without departing from the principles of the invention; can also make some improvements and modifications, these improvements and modifications also should look protection scope of the present invention.
Claims (7)
1. be applied to an operation behavior recording method for operation behavior auditing system, it is characterized in that, comprise the following steps:
Step 1, defines at least one corresponding respectively with often kind of operation behavior rule in violation of rules and regulations; And formulated violation rule is bound with each account ID;
Step 2, defines the behavior auditing strategy corresponding respectively with each account ID; Wherein, described behavior auditing strategy comprises unlawful practice audit strategy and to non-unlawful practice audit strategy;
Step 3, monitors the operation behavior that designated account ID carries out in real time, whenever there is operation behavior, obtains operation behavior content-data;
Then, violation rule corresponding to this destiny account is obtained according to designated account ID; Then, judge whether described operation behavior content-data belongs to the regular unlawful practice defined of described violation, if judged result is yes, then performs step 4; Otherwise, perform step 5;
Step 4, obtains the unlawful practice audit strategy corresponding with designated account ID, and based on the corresponding Audit data of described unlawful practice audit strategy record;
Step 5, obtains the non-unlawful practice audit strategy corresponding with designated account ID, and based on the corresponding Audit data of described non-unlawful practice audit strategy record.
2. the operation behavior recording method being applied to operation behavior auditing system according to claim 1, it is characterized in that, in step 1, the violation rule defined is unlawful practice, following two kinds of modes are adopted to define: the first kind, for obtaining the operation behavior operating concrete word content, adopt metadata, i.e. title definition mode, define the unlawful practice corresponding to this operation behavior: Equations of The Second Kind, for obtaining the operation behavior operating concrete word content, adopt the descriptive language of content-level, define the unlawful practice corresponding to this operation behavior.
3. the operation behavior recording method being applied to operation behavior auditing system according to claim 1, is characterized in that, described unlawful practice audit strategy refers to: when analyzing the unlawful practice that destiny account is specified, and needs the Audit data of record; Described non-unlawful practice audit strategy refers to: when analyzing the non-unlawful practice that destiny account is specified, and needs the Audit data of record.
4. the operation behavior recording method being applied to operation behavior auditing system according to claim 1, is characterized in that, after step 3, also comprise:
The warning strategies that predefine is corresponding respectively with each account ID; When monitoring designated account ID and corresponding unlawful practice occurring, the warning strategies corresponding with account ID is adopted to carry out alarm.
5. the operation behavior recording method being applied to operation behavior auditing system according to claim 1, is characterized in that, after step 5, also comprise:
The Audit data partitioned storage that the Audit data record generation unlawful practice and the non-violation row of generation record.
6. be applied to an operation behavior register system for operation behavior auditing system, it is characterized in that, comprising:
Rule-definition module in violation of rules and regulations, for defining at least one corresponding respectively with often kind of operation behavior rule in violation of rules and regulations;
Regular account binding module in violation of rules and regulations, is tied to corresponding account ID for the violation rule defined by described violation rule-definition module;
Account audit strategy definition module, for defining the behavior auditing strategy corresponding respectively with each account ID; Wherein, described behavior auditing strategy comprises unlawful practice audit strategy and to non-unlawful practice audit strategy;
Operation behavior content-data acquisition module, monitors the operation behavior that designated account ID carries out for real-time, whenever there is operation behavior, obtains operation behavior content-data;
Account is rule acquisition module in violation of rules and regulations, for obtaining violation rule corresponding to this destiny account according to designated account ID;
Property judge module in violation of rules and regulations, for judging whether described operation behavior content-data belongs to the regular unlawful practice defined of described violation;
Audit data logging modle, when there is unlawful practice for determining when described violation judge module, obtains the unlawful practice audit strategy corresponding with designated account ID, and based on the corresponding Audit data of described unlawful practice audit strategy record;
Also for: when described violation judge module determine there is non-unlawful practice time, obtain the non-unlawful practice audit strategy corresponding with designated account ID, and based on the corresponding Audit data of described non-unlawful practice audit strategy record.
7. the operation behavior register system being applied to operation behavior auditing system according to claim 6, is characterized in that, also comprise:
Warning strategies definition module, for the warning strategies that predefine is corresponding respectively with each account ID;
Alarm module, for when monitoring designated account ID and corresponding unlawful practice occurring, adopts the warning strategies corresponding with account ID to carry out alarm.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510821962.8A CN105488428A (en) | 2015-11-24 | 2015-11-24 | Operation behavior recording method and system applied to operation behavior auditing system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510821962.8A CN105488428A (en) | 2015-11-24 | 2015-11-24 | Operation behavior recording method and system applied to operation behavior auditing system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105488428A true CN105488428A (en) | 2016-04-13 |
Family
ID=55675400
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510821962.8A Pending CN105488428A (en) | 2015-11-24 | 2015-11-24 | Operation behavior recording method and system applied to operation behavior auditing system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105488428A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108768719A (en) * | 2018-05-23 | 2018-11-06 | 郑州信大天瑞信息技术有限公司 | A kind of application operating Log Audit System |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101533365A (en) * | 2009-04-16 | 2009-09-16 | 唐郡 | Computer system, maintenance method and device thereof |
| US20130042306A1 (en) * | 2011-03-31 | 2013-02-14 | Alibaba Group Holding Limited | Determining machine behavior |
| CN104506545A (en) * | 2014-12-30 | 2015-04-08 | 北京奇虎科技有限公司 | Data leakage prevention method and data leakage prevention device |
-
2015
- 2015-11-24 CN CN201510821962.8A patent/CN105488428A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101533365A (en) * | 2009-04-16 | 2009-09-16 | 唐郡 | Computer system, maintenance method and device thereof |
| US20130042306A1 (en) * | 2011-03-31 | 2013-02-14 | Alibaba Group Holding Limited | Determining machine behavior |
| CN104506545A (en) * | 2014-12-30 | 2015-04-08 | 北京奇虎科技有限公司 | Data leakage prevention method and data leakage prevention device |
Non-Patent Citations (2)
| Title |
|---|
| ADAM JORGENSEN: "《微软大数据解决方案》", 31 May 2015, 北京:清华大学出版社 * |
| 中关村的大山: "AuditSys-3.0配置手册", 《HTTPS://WENKU.BAIDU.COM/VIEW/CBE800ABB4DAA58DA1114A4A.HTML?FROM=SEARCH》 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108768719A (en) * | 2018-05-23 | 2018-11-06 | 郑州信大天瑞信息技术有限公司 | A kind of application operating Log Audit System |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107506642A (en) | The method and system for preventing file from being damaged by malicious operation behavior | |
| CN103024437B (en) | Video data integrity detection method | |
| GB2441458A (en) | Automatic management of storage access control | |
| CN106484709A (en) | A kind of auditing method of daily record data and audit device | |
| CN104657435B (en) | A kind of memory management method and Network Management System using data | |
| CN104375954B (en) | The method and computer system for based on workload implementing that the dynamic of cache is enabled and disabled | |
| CN112712702B (en) | Illegal event duplicate removal method and device, electronic equipment and machine-readable storage medium | |
| CN101067835A (en) | Trusted platform module data harmonization method and data processing system | |
| CN106993153A (en) | A kind of video amended record method and apparatus | |
| CN102915376A (en) | Method and equipment for detecting deviant behavior of database | |
| CN105488428A (en) | Operation behavior recording method and system applied to operation behavior auditing system | |
| CN107357686A (en) | A kind of daily record delet method and device | |
| CN104462403B (en) | File truncation method and apparatus | |
| CN110379162A (en) | Vehicle violation monitoring method, device, equipment and computer readable storage medium | |
| CN104516953B (en) | A kind of black box subsystem for power dispatching automation magnanimity message | |
| CN105740098A (en) | Determination method and system for stale data among backup data | |
| CN105577810A (en) | Flexible service method, device and system for open interface | |
| US9773005B2 (en) | Polymorphic application of policy | |
| CN107885489A (en) | A kind of method and system of quick detection real name registration data index | |
| CN106502588A (en) | A kind of memory space management and storage device | |
| CN107395429A (en) | The method and apparatus that virtual machine is managed in cloud data center | |
| CN111563256A (en) | Safe big data collection and storage method | |
| CN106406771A (en) | Log recording method and log recorder | |
| CN103209212A (en) | Data caching method and system in Web network management client based on rich internet application (RIA) | |
| CN109656945A (en) | A kind of information processing method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160413 |