摘要
针对现存数据库入侵检测研究需要纯训练集,该文提出一个基于聚类分析的数据库入侵检测框架,定义了数据库查询的表示方法及其相似度计算方法,研究了框架实现的3个核心算法。算法根据距离函数对原始审计数据进行聚类,并对每个聚类进行标记,利用异常检测引擎对实时查询进行检测。通过实验给出了对合法用户攻击的检测率和误报率,并分析了影响因素。
A new architecture of database intrusion detection based on clustered analysis was proposed. Unlike other manners, it did not ask for clean audit data. The paper defined the expression of database queries and similarity computation between queries. Then three critical algorithm of the architecture were studied. First the audit data was clustered according to the distance function, and each cluster was labeled. After the paper introduced how the detect engineer define the anomaly. Finally an experiment result including the detection rate and false alarm rate on the penetration was reported.
出处
《杭州电子科技大学学报(自然科学版)》
2008年第6期83-86,共4页
Journal of Hangzhou Dianzi University:Natural Sciences
关键词
数据库安全
数据挖掘
入侵检测
database security
data ming
intrusion detection