摘 要: Elastic数据库是一款主流的非关系型数据库,默认安装时存在潜在的信息泄露风险。本文基于网络主动探测技术,设计实现了一个Elastic数据库风险感知系统。系统首先通过协议构造实现Elastic服务器上各类信息的获取,然后设计了一种基于手机号码、邮箱地址、身份证号、地名地址等多维数据协同分析的敏感信息检测方法,从而评估数据库风险等级并进行预警。本文最后进行了敏感数据检测测试及总体功能测试,实验结果表明了本文敏感信息检测方法及系统设计实现的有效性。 |
关键词: 非关系型数据库;Elastic;信息泄露;主动探测;风险感知 |
中图分类号: TP309
文献标识码: A
|
基金项目: 浙江省基础公益研究计划项目(LGG20F020016). |
|
Design and Implementation of Non-relational Database Risk Perception System based on Active Detection |
SUN Weiming, ZHANG Huaxiong
|
(Zhejiang Sci -Tech University, Hangzhou 310018, China)
swmzstu@qq.com; zhxhz@zstu.edu.cn
|
Abstract: Elastic database is a mainstream non-relational database with a potential risk of information leakage when installed by default. This paper proposes to design and implement an Elastic database risk perception system based on network active detection technology. The system first realizes acquisition of various types of information on Elastic server through protocol construction, and then designs a sensitive information detection method based on collaborative analysis of multi-dimensional data such as mobile phone numbers, email addresses, ID numbers, and place-name addresses, so to evaluate risk level of the database and issue early warning. At the end of this paper, sensitive data detection test and overall function test are carried out. Experimental results show the effectiveness of the sensitive information detection method and system design and implementation proposed in this paper. |
Keywords: non-relational database; Elastic; information leakage; active detection; risk perception |