计算机工程与应用 ›› 2015, Vol. 51 ›› Issue (8): 138-142.

• 数据库、数据挖掘、机器学习 • 上一篇    下一篇

基于旁路监听的数据库安全审计系统

杨  磊,毕红军   

  1. 北京交通大学 电子信息工程学院 通信与信息系统北京市重点实验室,北京 100044
  • 出版日期:2015-04-15 发布日期:2015-04-29

Database security audit system based on bypass monitoring

YANG Lei, BI Hongjun   

  1. Key Laboratory of Communication and Information Systems, Beijing Municipal Commission of Education, School of Electronic and Information Engineering, Beijing Jiaotong University, Beijing 100044, China
  • Online:2015-04-15 Published:2015-04-29

摘要: 通过分析数据库安全审计机制,提出一种基于旁路监听的数据库安全审计系统框架,并实现了针对Oracle数据库的安全审计系统。涉及Java网络抓包、TNS协议解析、SQL语法解析和数据库安全检测等技术实现,提出一种发现用户正常行为规则的异常检测算法。系统实验结果表明该系统能有效对Oracle数据库进行实时安全审计,并实现了数据库操作行为的安全检测。

关键词: 数据库安全审计, 旁路监听, 透明网络底层(TNS)协议, 结构化查询语言(SQL)语法解析, 安全检测

Abstract: By analyzing the database security audit mechanism, a type of database security audit system framework based on bypass monitoring is proposed and a system aiming at Oracle database is completed under the framework. This paper refers to the technology realization of network packet capture based on Java, TNS protocol analysis, SQL parsing and database security detection. An anomaly detection algorithm which can discover user’s normal behavior is also proposed. The experimental result shows that this system can audit Oracle database effectively in real time and can analyze the security of database operation.

Key words: database security audit, bypass monitoring, Transparent Network Substrate(TNS) protocol, Structured Query Language(SQL) parse, security detection