Low-frequency data leakage detection method and system based on database traffic log

• Main Authors: YIN QIAN'AN, LIU SHENG, TAO JINGLONG, WANG QIFAN, YU XIANZHE, LIANG SHUYUN, ZHOU XIAOYONG, MA YING
• Format: Patent
• Language: Chinese; English
• Published: 25.06.2021
• Subjects: CALCULATING; COMPUTING; COUNTING; ELECTRIC DIGITAL DATA PROCESSING; HANDLING RECORD CARRIERS; PHYSICS; PRESENTATION OF DATA; RECOGNITION OF DATA; RECORD CARRIERS

The invention provides a low-frequency data leakage detection method and system based on a database flow log. Operation behaviors generated when the same source IP address corresponds to the same source port and the same time are defined as the same user operation behavior. the behavior data is clustered, the characteristics of the query table of the users are learned according to the users of each class, the characteristics are non-frequency characteristics, and the condition that the query behavior of a certain user is inconsistent with the query behaviors of other users is found in each class, so that the low-frequency data leakage condition is detected. 本发明提供一种基于数据库流量日志的低频数据泄漏检测方法及系统，将同一源IP地址对应相同的源端口及相同时间所产生的操作行为定义为同一用户操作行为。本发明先通过行为数据进行聚类，并根据每个类的用户，学习他们的查询的表的特征，并且特征为非频率性特征，在每个类中找到某个用户查询行为和其他用户查询行为不一致的情况，从而实现检测低频率的数据泄漏情况。