摘要
提出了一种基于自适应模型数据库入侵检测方法(ASIDS).该方法基于矩阵和最小支持度函数的AprioriZ关联算法,依据在训练和自适应入侵检测阶段产生数据库的操作特征,用户根据实际需求动态调整最小支持度函数的值,更高效挖掘操作特征.结合层次聚类算法产生动态规则库,通过计算待检测数据操作特征与规则库中聚类的距离是否超过聚类间最大距离来判断异常,以避免已有检测系统中判断"边界尖锐"问题,并实时把正常操作特征归入动态规则库,通过对报警信息的关联分析降低误警率.实验结果表明,ASIDS能够实时地进行入侵检测,具有很高的检测率和较低的误警率.
A method of database intrusion detection based on adaptive model is proposed.First,the conception of mini-support function and attribute distance are defined.Then,a new association algorithm based on defined conception is proposed to extract operating characteristics in time window.The value of mini-support function can be dynamically adjusted,so operating characteristics could be extracted more efficiently.Furthermore,hierarchical clustering algorithm is applied to produce dynamic clustering rule base.The intrusion could be judged by computing the distance between operating characteristics and cluster in rule base.In this way,the problem of judging 'sharp boundary' in current database intrusion detection system could be avoided.In the progress of intrusion detection,characteristics of normal operation are absorbed by rule base,and rule base is updated in time.The experimental results show that the intrusion be detected has a high correct rate and a low false rate.
出处
《北京理工大学学报》
EI
CAS
CSCD
北大核心
2012年第3期258-262,共5页
Transactions of Beijing Institute of Technology
基金
国家"八六三"计划项目(2009AA01Z433)
国家部委基金资助项目(A2120110006)
北京理工大学基础研究基金资助项目(20090842003)
关键词
数据库安全
入侵检测
关联分析
聚类
database security
intrusion detection
association analysis
cluster