本文已被:浏览 2927次 下载 5123次
Received:March 15, 2018 Revised:April 23, 2018
Received:March 15, 2018 Revised:April 23, 2018
中文摘要: 由于Oracle数据库的内部细节不公开,对其进行安全审计时,需要解析服务器与客户端通信的TNS协议.但已有的TNS协议解析层次不够深入,适用的数据库服务器、客户端以及操作系统、TNS协议版本范围有限,常用的协议逆向方法对于协议的负载部分解析能力有限.本文针对常用的数据库服务器、客户端以及TNS协议版本,在windows和linux操作系统下,提出一个通用的Oracle通信TNS协议请求报文解析方案.针对字节数多、意义不明的报文段,使用数据挖掘的方式获取字段值与结构的关系,以确定具体的报文格式.在实际系统中的应用表明,提出的方案可以有效解析现场采集的大量数据,从请求报文中提取出SQL语句.在对解析结果进行后期校正后,可以达到所有数据包无异常解析.
Abstract:Due to the internal details of the Oracle database is not open, it is necessary to resolve the Oracle network communication protocol TNS when performing security audits. The existing TNS protocol analysis level is not deep enough to cover the servers, clients, operating systems, and protocols versions. And common protocol reversing tools are not good at payload analysis. This study proposes a universal TNS protocol analytical solution according to common servers, clients, and protocol versions under windows and linux operating systems. Method of data mining is used for message segments with much bytes meaning unknown, and can gives fields that affect the message structure automatically. The application in the actual system shows that the proposed scheme can effectively analyze the large amount of data collected in the field, and extract the SQL statement from the request message.After the post-correction, all packets can be parsed without any exception.
keywords: protocol analysis database safety Oracle database Transparent Network Substrate (TNS) protocol association mining
文章编号: 中图分类号: 文献标志码:
基金项目:中国科学院战略性先导科技专项(XDA06011203);“新一代宽带无线移动通信网”重大专项子课题(2017ZX03001019-004)
引用文本:
侯方杰,王雷,王嵩,盛捷.Oracle通信TNS协议中请求报文的解析.计算机系统应用,2018,27(10):273-278
HOU Fang-Jie,WANG Lei,WANG Song,SHENG Jie.Analysis of Request Message in Oracle TNS Protocol.COMPUTER SYSTEMS APPLICATIONS,2018,27(10):273-278
侯方杰,王雷,王嵩,盛捷.Oracle通信TNS协议中请求报文的解析.计算机系统应用,2018,27(10):273-278
HOU Fang-Jie,WANG Lei,WANG Song,SHENG Jie.Analysis of Request Message in Oracle TNS Protocol.COMPUTER SYSTEMS APPLICATIONS,2018,27(10):273-278