CN114647869A - Safety protection system based on database - Google Patents
Safety protection system based on database Download PDFInfo
- Publication number
- CN114647869A CN114647869A CN202210283455.3A CN202210283455A CN114647869A CN 114647869 A CN114647869 A CN 114647869A CN 202210283455 A CN202210283455 A CN 202210283455A CN 114647869 A CN114647869 A CN 114647869A
- Authority
- CN
- China
- Prior art keywords
- module
- data
- user
- database
- behavior
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000004458 analytical method Methods 0.000 claims abstract description 20
- 238000007781 pre-processing Methods 0.000 claims abstract description 13
- 238000000605 extraction Methods 0.000 claims abstract description 11
- 230000005540 biological transmission Effects 0.000 claims abstract description 4
- 238000004140 cleaning Methods 0.000 claims abstract description 4
- 230000003993 interaction Effects 0.000 claims abstract description 4
- 238000010606 normalization Methods 0.000 claims abstract description 4
- 230000006399 behavior Effects 0.000 claims description 48
- 238000001514 detection method Methods 0.000 claims description 27
- 238000000034 method Methods 0.000 claims description 9
- 238000009826 distribution Methods 0.000 claims description 6
- 238000003062 neural network model Methods 0.000 claims description 6
- 230000004044 response Effects 0.000 claims description 5
- 230000008859 change Effects 0.000 claims description 4
- 238000005065 mining Methods 0.000 claims description 3
- 210000001525 retina Anatomy 0.000 claims description 3
- 238000000926 separation method Methods 0.000 claims description 3
- 230000009471 action Effects 0.000 claims description 2
- 238000003860 storage Methods 0.000 claims description 2
- 238000012800 visualization Methods 0.000 claims description 2
- 238000007726 management method Methods 0.000 description 11
- 230000002159 abnormal effect Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000013480 data collection Methods 0.000 description 1
- 238000007418 data mining Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000001681 protective effect Effects 0.000 description 1
- 238000004445 quantitative analysis Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Databases & Information Systems (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Alarm Systems (AREA)
Abstract
The invention discloses a database-based safety protection system, and relates to the technical field of safety protection systems. The system comprises a user behavior acquisition module, a data acquisition and preprocessing module, a data warehouse module, a user behavior analysis module and a feature extraction and modeling module; the user behavior acquisition module is used for counting data traffic in a database network or data reported by the same safety management equipment under the control of a deployed host to obtain the service participation degree and the data and data interaction level of a fixed area or direction in the network and acquiring the behavior data of a user in real time; the data acquisition and preprocessing module is used for preprocessing the acquired data, identifying and cleaning the data in a mode of normalization and time scale pair, and classifying all legal service flows in the database transmission network. The system for realizing safety early warning is automatically upgraded, and the overall safety of the database is further improved.
Description
Technical Field
The invention belongs to the technical field of safety protection systems, and particularly relates to a database-based safety protection system.
Background
Currently, the global big data industry is in active development period, technology evolution and application innovation are advanced in parallel and rapidly, novel data storage, calculation and analysis key technologies such as a non-relational database, distributed parallel calculation, machine learning and deep mining are developed and rapidly developed, big data mining and analysis begin to conduct and penetrate to the traditional first industry and the traditional second industry while creating business values and application values in the industries such as telecommunication, internet, finance, traffic and medical treatment, and big data gradually become national basic strategic resources and social basic production elements.
At present, the database security protection technology mainly comprises that a database system administrator needs to authorize database users in advance through an authority control means at a user level, and the database users access the database according to an authorized range after being authorized.
Therefore, in the prior art, the database is protected by an authority control method, but a database administrator has the highest authority, can randomly configure the access authority of the database, can randomly access the data in the database, and is in danger if the account of the database administrator has a problem, so that the security of the database is low.
Disclosure of Invention
The invention aims to provide a database-based security protection system, which solves the problems in the technical background.
In order to solve the technical problems, the invention is realized by the following technical scheme:
the invention relates to a database-based safety protection system, which comprises a user behavior acquisition module, a data acquisition and preprocessing module, a data warehouse module, a user behavior analysis module and a feature extraction and modeling module, wherein the user behavior acquisition module is used for acquiring data;
the user behavior acquisition module is used for counting data traffic in a database network or data reported by the same safety management equipment under the control of a deployed host to obtain the service participation degree and the data and data interaction level of a fixed area or direction in the network and acquiring the behavior data of a user in real time;
the data acquisition and preprocessing module is used for preprocessing acquired data, identifying and cleaning the data in a mode of normalization and time scale pair, and classifying all legal service flows in a database transmission network;
the data bin module is used for installing identified normal service data, unqualified gray information and black flow of attack attribute characteristics configured in advance by network security personnel for reclassification and storage;
the user behavior analysis module is used for analyzing behavior habits, user sources, user distribution, user dynamics and user association of users, and classifying and counting network traffic attributes and distribution information through unsupervised learning of network historical traffic;
the characteristic extraction module is used for modeling the behavior characteristics of the user by utilizing a neural network model learning method and constructing a behavior characteristic library for the user behavior data obtained by the user behavior separation module.
Further, the neural network model in the feature extraction module is a two-side mixed anomaly detection model combining misuse detection and anomaly detection, wherein real-time behavior data of a user is compared and detected with patterns in a behavior pattern library through an anomaly detection method of cluster center position change and an anomaly detection algorithm based on K proximity.
Further, the system comprises a system configuration and management module and a system interface display module.
Further, the system configuration and management module is used for setting various parameters in the system, and managing and maintaining the database.
Further, the system interface display module is used for visualization display of results, display of results you are mining, display of exception analysis reports, and input of user commands.
Furthermore, the user behavior acquisition module comprises an identity authentication module;
the identity authentication module is used for verifying the password known by the user, the identity card, the digital card and the key held by the user and the characteristics contained by the user.
Further, the features that the user has include a fingerprint, a retina, and a sound.
Further, the data bin module comprises an intrusion detection module;
the intrusion detection module comprises a time event generating unit, an event analyzing unit and an event responding unit;
the event generating unit is used for acquiring events from the database;
the event analysis unit is used for receiving the events acquired by the time generation unit and analyzing and judging the events;
the time response unit is used for making an alarm action when the event analysis unit judges that the street is the warning information.
The invention has the following beneficial effects:
according to the invention, the user behavior acquisition module, the data acquisition and preprocessing module, the data warehouse module, the user behavior analysis module and the feature extraction and modeling module are arranged to interact with each other, so that the automatic upgrade of a safety early warning system is realized, and the overall safety of the database is further improved.
Of course, it is not necessary for any product in which the invention is practiced to achieve all of the above-described advantages at the same time.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a schematic diagram of a database-based security system;
FIG. 2 is a schematic diagram illustrating an authentication process of the identity authentication module according to the present invention;
fig. 3 is a schematic view of an intrusion detection process of the intrusion detection module according to the present invention.
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, the present invention is a database-based security protection system, which includes a user behavior collection module, a data collection and preprocessing module, a data warehouse module, a user behavior analysis module, and a feature extraction and modeling module.
The user behavior acquisition module is used for counting data flow in a database network or data reported by the same safety management equipment under the control of a deployed host, obtaining the service participation degree and the data and data interaction level of a fixed area or direction in the network, and acquiring the behavior data of a user in real time, so that a reliable data source is provided for establishing a data bin.
The data acquisition and preprocessing module is used for preprocessing acquired data, identifying and cleaning the data in a normalization and time scale mode, classifying all legal service flows in a database transmission network, and analyzing and judging the residual unidentifiable data according to user behavior characteristics.
The data bin module is used for installing identified normal service data, unqualified gray information and black flow of attack attribute characteristics configured in advance by network security personnel to reclassify and store, so that other modules of the system can analyze and judge.
The user behavior analysis module is used for analyzing behavior habits, user sources, user distribution, user dynamics and user association of users, and classifying and counting network traffic attributes and distribution information through unsupervised learning of network historical traffic.
The characteristic extraction module is used for modeling the behavior characteristics of the user by utilizing a neural network model learning method and constructing a behavior characteristic library for the user behavior data obtained by the user behavior separation module, so that the behavior characteristic library is used as a matching object of the new behavior data legality of the user.
The neural network model in the feature extraction module is a two-side mixed anomaly detection model combining misuse detection and anomaly detection, real-time behavior data of a user and patterns in a behavior pattern library are compared and detected through an anomaly detection method of cluster center position change and an anomaly detection algorithm based on K proximity, and a result is sent to a report system interface display module after the comparison and detection are completed.
The system comprises a system configuration and management module and a system interface display module.
The system configuration and management module is used for setting various parameters in the system and managing and maintaining the database.
The system interface display module is used for displaying results visually, displaying mined results, displaying abnormal analysis reports and inputting user commands.
As shown in fig. 2, the user behavior collection module includes an identity authentication module; the identity authentication module is used for verifying the password known by the user, the identity card, the digital card and the key held by the user and the characteristics contained by the user; in the design of security roles, besides the management of common user roles, the method also needs to perform authority management and maintenance on the first-level management personnel which directly affect the system, and the method comprises three types of security management personnel: a system administrator, a security administrator and a security auditor. By the design of the module, the definition of security roles and management functions, such as assigning, querying, modifying and deleting roles, can be completed.
Wherein the user has characteristics including a fingerprint, a retina, and a voice.
Wherein, the data bin module comprises an intrusion detection module; the intrusion detection module comprises a time event generation unit, an event analysis unit and an event response unit; the event generating unit is used for acquiring events from the database; the event analysis unit is used for receiving the events acquired by the time generation unit and analyzing and judging the events; and the time response unit is used for giving an alarm behavior when the event analysis unit judges that the street is the warning information. The detection rules and attributes are expressed in a numerical form, a certain behavior of a user is described by using an abnormal detection quantitative analysis method, the value can only change within a predefined threshold, if the abnormal value exceeds the limit, the abnormal value is considered as an intrusion attack behavior, the packet information is stored in an event database, and an intrusion detection system gives an alarm or implements other effective protective measures.
In the description herein, references to the description of "one embodiment," "an example," "a specific example" or the like are intended to mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
The preferred embodiments of the invention disclosed above are intended to be illustrative only. The preferred embodiments are not intended to be exhaustive or to limit the invention to the precise embodiments disclosed. Obviously, many modifications and variations are possible in light of the above teaching. The embodiments were chosen and described in order to best explain the principles of the invention and the practical application, to thereby enable others skilled in the art to best understand the invention for and utilize the invention. The invention is limited only by the claims and their full scope and equivalents.
Claims (8)
1. A database-based security protection system, comprising: the system comprises a user behavior acquisition module, a data acquisition and preprocessing module, a data warehouse module, a user behavior analysis module and a feature extraction and modeling module;
the user behavior acquisition module is used for counting data traffic in a database network or data reported by the same safety management equipment under the control of a deployed host to obtain the service participation degree and the data and data interaction level of a fixed area or direction in the network and acquiring the behavior data of a user in real time;
the data acquisition and preprocessing module is used for preprocessing acquired data, identifying and cleaning the data in a mode of normalization and time scale pair, and classifying all legal service flows in a database transmission network;
the data bin module is used for installing identified normal service data, unqualified gray information and black flow of attack attribute characteristics configured in advance by network security personnel for reclassification and storage;
the user behavior analysis module is used for analyzing behavior habits, user sources, user distribution, user dynamics and user association of users, and classifying and counting network traffic attributes and distribution information through unsupervised learning of network historical traffic;
the characteristic extraction module is used for modeling the behavior characteristics of the user by utilizing a neural network model learning method and constructing a behavior characteristic library for the user behavior data obtained by the user behavior separation module.
2. The database-based security protection system according to claim 1, wherein the neural network model in the feature extraction module is a two-side mixed anomaly detection model combining misuse detection and anomaly detection, and wherein the real-time behavior data of the user is compared and detected with patterns in the behavior pattern library by an anomaly detection method based on cluster center position change and an anomaly detection algorithm based on K proximity.
3. The database-based security protection system of claim 1, further comprising a system configuration and management module and a system interface display module.
4. The database-based security protection system of claim 3, wherein the system configuration and management module is used for setting parameters in the system, managing and maintaining the database.
5. The database-based security protection system of claim 3, wherein the system interface display module is configured to display a visualization of results, a display of results you are mining, a display of exception analysis reports, and input of user commands.
6. The database-based security protection system of claim 1, wherein the user behavior collection module comprises an identity authentication module;
the identity authentication module is used for verifying the password known by the user, the identity card, the digital card and the key held by the user and the characteristics contained by the user.
7. The database-based security system of claim 6, wherein the user includes features including a fingerprint, a retina, and a voice.
8. The database-based security system of claim 1, wherein the data warehouse module comprises an intrusion detection module;
the intrusion detection module comprises a time event generation unit, an event analysis unit and an event response unit;
the event generating unit is used for acquiring events from the database;
the event analysis unit is used for receiving the events acquired by the time generation unit and analyzing and judging the events;
the time response unit is used for making an alarm action when the event analysis unit judges that the street is the warning information.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210283455.3A CN114647869B (en) | 2022-03-22 | 2022-03-22 | Safety protection system based on database |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210283455.3A CN114647869B (en) | 2022-03-22 | 2022-03-22 | Safety protection system based on database |
Publications (2)
Publication Number | Publication Date |
---|---|
CN114647869A true CN114647869A (en) | 2022-06-21 |
CN114647869B CN114647869B (en) | 2024-04-05 |
Family
ID=81994760
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210283455.3A Active CN114647869B (en) | 2022-03-22 | 2022-03-22 | Safety protection system based on database |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114647869B (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101814368B1 (en) * | 2017-07-27 | 2018-01-04 | 김재춘 | Information security network integrated management system using big data and artificial intelligence, and a method thereof |
CN109474607A (en) * | 2018-12-06 | 2019-03-15 | 连云港杰瑞深软科技有限公司 | A kind of industrial control network safeguard protection monitoring system |
CN109672671A (en) * | 2018-12-12 | 2019-04-23 | 北京华清信安科技有限公司 | Security gateway and security protection system based on intelligent behavior analysis |
CN109885562A (en) * | 2019-01-17 | 2019-06-14 | 安徽谛听信息科技有限公司 | A kind of big data intelligent analysis system based on cyberspace safety |
WO2021008560A1 (en) * | 2019-07-17 | 2021-01-21 | 江苏南工科技集团有限公司 | Mobile application security analysis method based on blockchain technology |
-
2022
- 2022-03-22 CN CN202210283455.3A patent/CN114647869B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101814368B1 (en) * | 2017-07-27 | 2018-01-04 | 김재춘 | Information security network integrated management system using big data and artificial intelligence, and a method thereof |
CN109474607A (en) * | 2018-12-06 | 2019-03-15 | 连云港杰瑞深软科技有限公司 | A kind of industrial control network safeguard protection monitoring system |
CN109672671A (en) * | 2018-12-12 | 2019-04-23 | 北京华清信安科技有限公司 | Security gateway and security protection system based on intelligent behavior analysis |
CN109885562A (en) * | 2019-01-17 | 2019-06-14 | 安徽谛听信息科技有限公司 | A kind of big data intelligent analysis system based on cyberspace safety |
WO2021008560A1 (en) * | 2019-07-17 | 2021-01-21 | 江苏南工科技集团有限公司 | Mobile application security analysis method based on blockchain technology |
Also Published As
Publication number | Publication date |
---|---|
CN114647869B (en) | 2024-04-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11157629B2 (en) | Identity risk and cyber access risk engine | |
CN107239707B (en) | Threat data processing method for information system | |
CN105681298A (en) | Data security abnormity monitoring method and system in public information platform | |
CN109977689A (en) | A kind of Method of Database Secure Audit method, apparatus and electronic equipment | |
CN106254317A (en) | A kind of data security exception monitoring system | |
CN112804196A (en) | Log data processing method and device | |
CN110020687B (en) | Abnormal behavior analysis method and device based on operator situation perception portrait | |
CN104378228B (en) | Network data security manages system and method | |
CN101459537A (en) | Network security situation sensing system and method based on multi-layer multi-angle analysis | |
CN112491779B (en) | Abnormal behavior detection method and device and electronic equipment | |
CN110111202A (en) | The method and system of risk monitoring and control after a kind of loan | |
CN102881125A (en) | Alarm monitoring system based on multi-information fusion centralized processing platform | |
CN102045358A (en) | Intrusion detection method based on integral correlation analysis and hierarchical clustering | |
CN111274227B (en) | Database auditing system and method based on cluster analysis and association rule | |
CN114598551A (en) | Information network security early warning system for dealing with continuous threat attack | |
CN115550063B (en) | Network information security supervision method and system | |
CN106657065A (en) | Network abnormality detection method based on data mining | |
CN116366374A (en) | Security assessment method, system and medium for power grid network management based on big data | |
CN109871711B (en) | Ocean big data sharing and distributing risk control model and method | |
CN117421735A (en) | Mining evaluation method based on big data vulnerability mining | |
CN114647869A (en) | Safety protection system based on database | |
US11429714B2 (en) | Centralized privacy management system for automatic monitoring and handling of personal data across data system platforms | |
KR20060058186A (en) | Information technology risk management system and method the same | |
CN116955441A (en) | Broken card early warning platform | |
CN114285596A (en) | Transformer substation terminal account abnormity detection method based on machine learning |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |