| 摘要: |
| 针对传统入侵检测系统对数据库入侵检测时只能检测出非法用户,而不能检测出该用户进行的具体恶意事务操作的问题,设计了事务级数据库入侵检测系统。在现有入侵检测技术和角色访问控制理论的基础上,训练阶段采用数据挖掘技术对数据库访问角色的日志进行数据事务间的关联规则挖掘,形成知识规则库;在数据库系统正常运行阶段,利用入侵检测算法检测数据库用户异常行为和进行的恶意事务操作。实验测试结果表明,与传统数据库入侵检测系统相比,本设计根据数据依赖关系进行检测,检测粒度更细,维护相对容易;系统适用于对数据库入侵检测要求比较细化的环境。 |
| 关键词: 数据库安全,入侵检测,数据挖掘,数据依赖 |
| DOI:10.11841/j.issn.1007-4333.2006.04.103 |
| 投稿时间:2006-04-26 |
| 基金项目:国家自然科学基金资助项目(60573048),北京市科技计划基金资助项目(H020120090530) |
|
| Design of an intrusion detection system with transaction-level database |
|
|
|
| Abstract: |
| The purpose of the paper is to design a new type of intrusion detection system with a transaction-level database,which can be used to detect illegal users and their malicious transactional operations on the basis of the intrusion detection theory,the role-based access control mechanism and the data mining technology.In the training period,the rule database is formed by the sequential pattern discovery method to mine the role log files.When the database works,the system can find malicious transactions by using the algorithm of database intrusion detection.Based on the test,we draw the conclusion that the detection granularity is finer and its maintenance is easier. |
| Key words: database security,intrusion detection,data mining,data dependency |
