摘要
提出了一种可以检测数据库管理系统中异常事务入侵检测模型。该模型运用粗糙集理论从用户历史会话中提取用户正常行为轮廓,并利用散列算法来加速SQL模板的匹配,既可以有效检测异常事务,又可以避免因为一两次误用而把无辜的用户误认为是恶意攻击者。对模型的性能做了测试和分析。
An intrusion detection model is proposed to detect anomalous transactions in DBMS. The model is based on rough set and capable of extracting uses' normal behavior profile from user' normal historical audit data. It can not only detect intrusions efficiently, but also can avoid mistaking an innocent user for a malicious attacker. Hash algorithm is applied to accelerate the match process of SQL templates. Finally, a performance analysis to the model is reported.
基金
安徽省高校省级自然科学基金(KJ2008838ZC)
关键词
数据库入侵检测
行为模式
SQL模板
粗糙集
database intrusion detection
behavior profile
SQL template
rough set
