摘要
现有入侵检测研究多集中在网络和操作系统,而数据库系统具有自己的结构和语义,针对数据库特点的入侵检测是现有数据库安全机制的重要补充。提出一种数据库异常检测算法,该算法对数据库查询进行密度聚类,并通过聚类的核心对象来建立正常轮廓。说明了该算法的训练、检测、增量更新方法和查询执行前检测算法,并通过实验和实例对算法的性能和应用做了分析。
The existing researches of intrusion detection mainly focus on network or operating system. However, the database system has its own structure and semantic, the intrusion detection that aims at database is an important method to supplement current database security mechanisms. The paper presents an anomaly detection algorithm, which builds its normal profiles by core objects of density-based clusters from queries. The methods of training, detection, incremental updating and the modified algorithm for detecting anomalies before queries being executed are discussed. And lastly, experiments to show the performance of the algorithm and an example of application are reported.
出处
《系统工程与电子技术》
EI
CSCD
北大核心
2007年第4期640-646,654,共8页
Systems Engineering and Electronics
基金
国家自然科学基金(60673127)
航空科学基金(02F52033)
江苏省高技术项目资助课题(BG2004-005)
关键词
聚类
异常检测
数据库安全
算法
clustering
anomaly detection
database security
algorithm