期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

多角度数据库活动监控技术研究 被引量:2

Research on Multi-Dimensional Database Activity Monitor
下载PDF
导出
摘要 基于网络协议抓取的数据库活动监控是数据库安全深度防御的一种手段。针对用户数据库请求的内容与方式,设计了包括用户行为获取与潜在安全威胁检测的数据库活动监控器。根据异常攻击检测策略,提出了基于SQL语法结构和语义特点的单语句用户行为模型和基于SQL操作序列的多语句用户行为模型。在训练阶段,对SQL训练集进行学习以构建用户行为模式库。入侵检测引擎通过计算SQL间结构距离和多语句序列距离的模式匹配方法发现潜在的数据库攻击行为。对实际SQL请求的实验验证了该文提出的监控器体系结构、相关模型、行为模式挖掘和攻击匹配算法的可用性。 According to known and unknown database attacking, we propose an architecture of multi-dimensional attack-aware database activity monitor based on captured SQLs, in which the user database behavior schema set can be constructed in the beginning by monitoring their requests and detect potential attacks by analyzing SQL queries/statements during database running. Based on the SQL’s syntactic structure and semantic feature, we present different user behavior models on SQL schematic and semantic level, session level, and structure for libraries of user behavior patterns. Malicious transactions are detected by means of calculating the structure distance of user database requests with SQLs or SQL sequences in schema matching set of the detection engine.
作者 陈旦 杨非 叶晓俊
机构地区 清华大学软件学院 清华信息科学与技术国家实验室
出处 《电子科技大学学报》 EI CAS CSCD 北大核心 2015年第2期266-271,共6页 Journal of University of Electronic Science and Technology of China
基金 核高基项目-通用基础软件测试评估(2009ZX01045-004-001)
关键词 数据库活动监控 入侵检测 匹配 用户行为模型模式 database activity monitor intrusion detection pattern matching user behavior model
分类号 TP311 [自动化与计算机技术—计算机软件与理论]
  • 相关文献

参考文献11

  • 1VIEIRA M,MADEIRA H. Detection of malicioustransactions in DBMS[C]//11th Pacific Rim InternationalSymposium on Dependable Computing. [S.l.]. IEEE, 2005.
  • 2NEWMAN A, BERENBAUM E. System for protectingdatabase applications from unauthorized activity: U.S.,Patent Application 10/798,079[P]. 2004-03-11.
  • 3KUMAR S, SPAFFORD E H. A software architecture tosupport misuse intrusion detection[C]//Proceedings of the18th National Information Security Conference. [S.l.]. [s.n.],1995: 194-204.
  • 4NOEL S,WIJESEKERA D,YOUMAN C. Modem intrusiondetection, data mining, and degrees of attack guilt[M]//BARBARA D, JAJODIA S. Applications of Data Mining inComputer Security. New York: Springer-Verlag, 2002: 1-31.
  • 5LEE S Y,LOW W L, WONG P Y. Learning fingerprints fora database intrusion detection system[C]//Computer Security:ESORICS 2002. Berlin Heidelberg: Springer, 2002: 264-279.
  • 6LOW W L, LEE J, TEOH P. DIDAFIT: Detecting intrusionsin databases through fingerprinting transactions[C]//ICEIS.Spain: [s.n.], 2002: 121-128.
  • 7HU Y,PANDA B. Identification of malicious transactions indatabase systems[C]//Seventh International DatabaseEngineering and Applications Symposium. [S.l.]. IEEE,2003: 329-335.
  • 8HAN J, KAMBER M. Data mining, southeast asia edition:concepts and techniques[M]. San Francisco: Morgankaufmann,2006.
  • 9International Organization for Standardization. ISO/IEC-9075-l:1999[EB/OL].[2003-01-01].http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=26196.
  • 10WANG J, HAN J. BIDE: efficient mining of frequentclosed sequences[C]//20th International Conference onData Engineering. [S.l.]. IEEE, 2004: 79-90.

同被引文献7

引证文献2

二级引证文献5

电子科技大学学报
2015年 第2期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部