摘要
针对现有数据库入侵检测系统高误报率的问题,提出了一种基于密度聚类数据库入侵检测系统,其检测系统过程分为2个部分,①数据训练阶段:执行事务属性的数据预处理,然后将数据集划分为训练集和测试集,使用点排序识别聚类结构(Ordering of Points To Identify Clustering Structure,OPTICS)来构建用户的正常配置文件;②入侵检测阶段:每个传入行为有2种状态,位于群集内或是集群外,根据其局部异常因子(Local Outlier Factor,LOF)值来确定事务的异常程度,对于LOF<1的行为允许访问数据库,其他行为通过采用不同的监督机器学习技术进一步验证是正常值或异常值,实现入侵检测.实验结果表明,与其他现有数据库入侵检测系统相比,本文系统性能优于其他2种系统.
Aiming at the problem of high false positive rate of existing database intrusion detection systems, a database intrusion detection system based on density clustering was proposed in this paper. The intrusion detection system is divided into two parts.①Data training stage: in this stage, data preprocessing of transaction attributes is executed, and then the data set is divided into training set and testing set. And ordering of points to identify clustering structure(OPTICS) is used to construct the user’s normal configuration file;②Intrusion detection stage: each incoming behavior has two states, located within or outside the cluster, and the degree of abnormality of the transaction is determined by its local outlier factor(LOF) value. For LOF<1 behavior allows access to the database, for other behaviors, through the use of different supervised machine learning technology to further verify that the normal/abnormal value, to achieve intrusion detection. The experimental results show that compared with other existing database intrusion detection systems, the performance of this system is better than the other two systems.
作者
曹德胜
CAO De-sheng(School of Computer Science, North China Institute of Science and Technology, Beijing 065201, China)
出处
《西南师范大学学报(自然科学版)》
CAS
北大核心
2019年第5期103-108,共6页
Journal of Southwest China Normal University(Natural Science Edition)
基金
中央国家机关支持项目(2011B026)
关键词
入侵检测
密度聚类
点排序识别聚类结构
局部异常因子
监督学习
intrusion detection
density clustering
ordering points to identify clustering structure
local outlier factor
supervised learning
