摘要
数据库作为数据存储与交互的平台,其中包含了机密与重要信息,是恶意人员攻击的对象。外部人员的攻击可通过基于角色的权限控制系统对未经授权的用户访问进行限制,而来自内部人员的伪装攻击往往不易被察觉。针对数据库的访问行为,提出一种基于主成分分析(Principal Component Analysis,PCA)和随机树(Random Tree,RT)的异常访问检测算法PCA-RT。首先,根据用户提交的查询语句特征构造用户数据库访问行为轮廓向量;然后,利用PCA算法对用户行为轮廓进行降维,使用随机树算法训练异常检测器。基于事务处理性能委员会(Transaction Processing Performance Council,TPC)组织发布的新一代数据库性能评测标准TPC-E构造实验数据集,提取较为全面的用户数据库访问行为轮廓特征向量。仿真实验结果表明,使用PCA算法对数据的约简达到35%以上,PCA-RT算法的精确率和召回率分别提高了1.78%和9.76%,从而证明了用户行为轮廓向量构造方法和PCA-RT算法对TPC-E数据库用户访问行为的异常检测是有效的。
As a platform for data storage and interaction,database contains confidential and important information,making it a target of malicious personnel attacks.To prevent attacks from outsiders,database administrators can limit unauthorized user access through role-based access control system,while masquerade attacks from insiders are often less noticeable.Therefore,the research on database anomaly detection based on user behavior have important practical application value.A user anomaly detection algorithm PCA-RT based on Principal Component Analysis(PCA)and Random Tree(RT)is proposed for the anomaly detection of database user access behavior.Firstly,users’profile is constructed according to the characteristics of the query submitted by the users,then the principal component analysis is applied to reducing the dimension of the users’profile and feature selection.Finally,random tree has trained anomaly detector.The experiments,based on dataset constructed according to TPC-E,which is a new generation of database performance evaluation standard issued by TPC(Transaction Processing Performance Council),show that the user profile and PCA-RT are fast and effective for anomaly detecting of database user access behavior.PCA algorithm reduces data during data preprocessing up to more than 35%.The accuracy and recall of PCA-RT algorithm are improved by 1.78%and 9.76%respectively.It is proved that the construction method of user profile vector and the PCA-RT algorithm are effective for anomaly detection of user access behavior in TPC-E database.
作者
冯安然
王旭仁
汪秋云
熊梦博
FENG An-ran;WANG Xu-ren;WANG Qiu-yun;XIONG Meng-bo(College of Information Engineering,Capital Normal University,Beijing 100048,China;Key Laboratory of Network Assessment Technology,Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093,China)
出处
《计算机科学》
CSCD
北大核心
2020年第9期94-98,共5页
Computer Science
基金
国家电网有限公司总部科技项目(5700-201972227A-0-0-00)。
关键词
异常检测
数据库安全
TPC-E
用户行为轮廓
主成分分析
随机树算法
Anomaly detection
Database security
TPC-E
User behavior profile
Principal component analysis
Random tree algorithm
