摘要
针对数据库系统内部攻击的问题,将基于用户行为的异常检测方法引入到数据库系统内部攻击检测中.将离散时间马尔科夫链(DTMC)应用到数据库系统异常检测中,构建了一种基于DTM C的用户行为异常检测系统.将用户提交的SQL语句作为用户行为特征进行分析,并利用DTM C分别提取了正常用户和待检测行为的行为特征,并将两者进行比较,如果两者的偏离程度超过了阈值,则判定行为异常.通过实验对所提出系统的可行性和有效性进行测试,结果表明,该系统可以较好地描述用户行为,并有效地检测出数据库系统内部攻击.
Aiming at the problem of internal attack in the database system,an anomaly detection method based on the user behaviour was introduced into the internal attack detection in the database system. The discrete-time Markov chain( DTMC) was applied to the anomaly detection of database system,and an anomaly detection system for user behaviour based on DTMC was established. The SQL statements submitted by the users were taken as the user behavior features and were analyzed. In addition,the behavior features of normal users and behavior to be detected were extracted with DTMC,and the corresponding comparison between them was performed. If the deviation degree of two behavior features was beyond the threshold,the detected behavior would be judged as an anomaly behavior. The feasibility and effectiveness of the proposed system were actually tested. The results showthat the proposed system can better describe the user behavior,and can effectively detect the internal attack of database system.
出处
《沈阳工业大学学报》
EI
CAS
北大核心
2018年第1期70-76,共7页
Journal of Shenyang University of Technology
基金
国家自然科学基金资助项目(61602102
61402095)
辽宁省科技攻关计划项目(2013217004)
中央高校基本科研业务费专项基金资助项目(N151704002)
沈阳市科技计划资助项目(F14-231-1-08)
关键词
网络安全
数据库安全
用户行为
内部攻击
异常检测
入侵检测
SQL语句
离散马尔科夫链
network security
database security
user behavior
internal attack
anomaly detection
intrusion detection
SQL statement
discrete-time M a k o v chain ( D T M C )
