本文選題：數(shù)據(jù)庫(kù)安全審計(jì)　切入點(diǎn)：數(shù)據(jù)庫(kù)安全檢測(cè)　出處：《北京交通大學(xué)》2014年碩士論文

【摘要】：數(shù)據(jù)庫(kù)作為信息系統(tǒng)的核心資產(chǎn)已成為入侵者主要的攻擊目標(biāo)。目前廣泛應(yīng)用的數(shù)據(jù)庫(kù)安全機(jī)制主要是從預(yù)防的角度應(yīng)對(duì)非安全事件,它們?nèi)狈Ψ前踩录l(fā)生后的應(yīng)對(duì)能力。一旦發(fā)生安全問題,快速識(shí)別發(fā)現(xiàn)非法行為、事后取證和分析安全事故就十分重要。因此關(guān)注數(shù)據(jù)庫(kù)安全審計(jì)與安全檢測(cè)有著重要的現(xiàn)實(shí)意義。 論文剖析了數(shù)據(jù)庫(kù)安全審計(jì)機(jī)制和安全檢測(cè)技術(shù),認(rèn)為數(shù)據(jù)庫(kù)安全審計(jì)與安全檢測(cè)在功能和目標(biāo)上相互支撐、相互利用。在此基礎(chǔ)上,本文從審計(jì)獨(dú)立的角度,針對(duì)Oracle數(shù)據(jù)庫(kù)設(shè)計(jì)和實(shí)現(xiàn)了一種數(shù)據(jù)庫(kù)安全審計(jì)檢測(cè)系統(tǒng)。 數(shù)據(jù)庫(kù)安全審計(jì)采用旁路監(jiān)聽的數(shù)據(jù)采集方式,實(shí)現(xiàn)了審計(jì)的獨(dú)立性。其中的核心技術(shù)包括Java網(wǎng)絡(luò)數(shù)據(jù)包捕獲與過濾、網(wǎng)絡(luò)協(xié)議解析、數(shù)據(jù)庫(kù)通信協(xié)議解析、SQL語(yǔ)句解析。數(shù)據(jù)庫(kù)安全檢測(cè)采用基于用戶行為規(guī)則的安全檢測(cè)和基于SQL語(yǔ)句結(jié)構(gòu)的安全檢測(cè)相結(jié)合的方式�；谟脩粜袨橐�(guī)則的安全檢測(cè)是在建立數(shù)據(jù)庫(kù)用戶行為模型的基礎(chǔ)上生成用戶行為規(guī)則,通過用戶操作行為與規(guī)則的匹配來(lái)實(shí)現(xiàn)異常檢測(cè)。生成用戶行為規(guī)則采用關(guān)聯(lián)分析的方法,并考慮了規(guī)則訓(xùn)練集內(nèi)容安全性的不同�；赟QL語(yǔ)句結(jié)構(gòu)的安全檢測(cè)是在分析SQL語(yǔ)法結(jié)構(gòu)的基礎(chǔ)上實(shí)現(xiàn)的,它彌補(bǔ)了基于用戶行為規(guī)則的安全檢測(cè)檢測(cè)顆粒度低的缺點(diǎn)。 論文的主要工作如下： (1)解析了Oracle11g數(shù)據(jù)庫(kù)的非公開TNS協(xié)議(314版本),實(shí)現(xiàn)了準(zhǔn)確高效的從TNS數(shù)據(jù)包中提取數(shù)據(jù)庫(kù)用戶操作信息。 (2)提出了一種數(shù)據(jù)庫(kù)用戶行為模型。不僅能識(shí)別SQL語(yǔ)句的操作類型與操作目標(biāo),同時(shí)也能提取操作條件或嵌套語(yǔ)句中的操作類型與操作目標(biāo),能較全面的描述數(shù)據(jù)庫(kù)用戶的操作行為,且具有描述精度的擴(kuò)展能力。 (3)在關(guān)聯(lián)分析的基礎(chǔ)上設(shè)計(jì)了一種用戶正常行為規(guī)則生成算法,并考慮了訓(xùn)練集內(nèi)容的安全性。分析對(duì)比了幾種典型的相關(guān)性度量標(biāo)準(zhǔn),選用了一種適用于數(shù)據(jù)庫(kù)用戶行為數(shù)據(jù)特性的相關(guān)性度量標(biāo)準(zhǔn)生成用戶行為規(guī)則。 (4)設(shè)計(jì)了基于用戶行為規(guī)則和基于SQL語(yǔ)句結(jié)構(gòu)相結(jié)合的安全檢測(cè)方法,提高了用戶行為檢測(cè)的廣度和精度。
[Abstract]:As the core asset of information system, database has become the main target of intruders.At present, the widely used database security mechanism is mainly to deal with non-security events from the perspective of prevention, and they lack the ability of coping after the occurrence of non-security events.Once safety problems occur, it is very important to identify illegal behaviors quickly and analyze safety accidents afterwards.Therefore, it has important practical significance to pay attention to database security audit and security detection.This paper analyzes the mechanism of database security audit and security detection technology, and considers that database security audit and security detection support each other and make use of each other in function and target.On this basis, this paper designs and implements a database security audit inspection system for Oracle database from the point of view of audit independence.The independence of audit is realized by using the data collection method of bypass monitoring in database security audit.The core technologies include Java packet capture and filtering, network protocol parsing and database communication protocol parsing.Database security detection adopts the combination of user behavior rule based security detection and SQL statement structure based security detection.The security detection based on user behavior rules is to generate user behavior rules on the basis of establishing user behavior model in database, and to realize anomaly detection by matching user behavior with rules.The method of association analysis is used to generate user behavior rules, and the difference of content security of rule training set is considered.Security detection based on SQL sentence structure is implemented on the basis of analyzing SQL syntax structure, which makes up for the low granularity of security detection based on user behavior rules.The main work of the thesis is as follows:In this paper, the closed TNS protocol of Oracle11g database is analyzed, and the user operation information is extracted from TNS data packet accurately and efficiently.A database user behavior model is proposed.It can not only identify the operation types and targets of SQL statements, but also extract the operation conditions and operation targets in nested statements. It can comprehensively describe the operation behavior of database users and has the ability to extend the description accuracy.3) based on the association analysis, a normal behavior rule generation algorithm is designed, and the security of the training set is considered.In this paper, several typical correlation metrics are analyzed and compared, and a correlation metric suitable for the characteristics of database user behavior data is selected to generate user behavior rules.The security detection method based on user behavior rule and SQL sentence structure is designed, which improves the breadth and precision of user behavior detection.
【學(xué)位授予單位】：北京交通大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TP311.13;TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前7條

1 段立娟;劉燕;沈昌祥;;一種多安全域策略支持的管理機(jī)制[J];北京工業(yè)大學(xué)學(xué)報(bào);2011年04期

2 阮幼林;李慶華;楊世達(dá);;一種基于事務(wù)樹的快速頻繁項(xiàng)集挖掘與更新算法[J];計(jì)算機(jī)科學(xué);2005年02期

3 阮耀平,易江波,趙戰(zhàn)生;計(jì)算機(jī)系統(tǒng)入侵檢測(cè)模型與方法[J];計(jì)算機(jī)工程;1999年09期

4 馬占欣;黃維通;陸玉昌;;相關(guān)度計(jì)算方法存在的問題及修正[J];計(jì)算機(jī)工程;2007年11期

5 韓銳生;徐開勇;趙彬;;P2DR模型中策略部署模型的研究與設(shè)計(jì)[J];計(jì)算機(jī)工程;2008年20期

6 王淵;馬駿;;一種基于入侵檢測(cè)的數(shù)據(jù)庫(kù)安全審計(jì)[J];計(jì)算機(jī)仿真;2007年02期

7 卿斯?jié)h ,蔣建春 ,馬恒太 ,文偉平 ,劉雪飛;入侵檢測(cè)技術(shù)研究綜述[J];通信學(xué)報(bào);2004年07期

相關(guān)博士學(xué)位論文 前1條

1 戴華;可生存性數(shù)據(jù)庫(kù)關(guān)鍵技術(shù)研究[D];南京航空航天大學(xué);2011年

，

本文編號(hào)：1706063