| 基于自适应模型的数据库入侵检测方法 |
| |
| 引用本文: | 李银钊,闫怀志,张佳,何海涛.基于自适应模型的数据库入侵检测方法[J].北京理工大学学报,2012,32(3):258-262. |
| |
| 作者姓名: | 李银钊 闫怀志 张佳 何海涛 |
| |
| 作者单位: | 北京理工大学软件安全工程技术北京市重点实验室,北京,100081;燕山大学信息科学与工程学院,河北,秦皇岛066004 |
| |
| 基金项目: | 国家"八六三"计划项目(2009AA01Z433);国家部委基金资助项目(A2120110006);北京理工大学基础研究基金资助项目(20090842003) |
| |
| 摘 要: | 提出了一种基于自适应模型数据库入侵检测方法(ASIDS).该方法基于矩阵和最小支持度函数的AprioriZ关联算法,依据在训练和自适应入侵检测阶段产生数据库的操作特征,用户根据实际需求动态调整最小支持度函数的值,更高效挖掘操作特征.结合层次聚类算法产生动态规则库,通过计算待检测数据操作特征与规则库中聚类的距离是否超过聚类间最大距离来判断异常,以避免已有检测系统中判断"边界尖锐"问题,并实时把正常操作特征归入动态规则库,通过对报警信息的关联分析降低误警率.实验结果表明,ASIDS能够实时地进行入侵检测,具有很高的检测率和较低的误警率.
|
| 关 键 词: | 数据库安全 入侵检测 关联分析 聚类 |
| 收稿时间: | 2010/1/27 0:00:00 |
A Method of Database Intrusion Detection Based on Adaptive Model |
| |
| LI Yin-zhao,YAN Huai-zhi,ZHANG Jia and HE Hai-tao.A Method of Database Intrusion Detection Based on Adaptive Model[J].Journal of Beijing Institute of Technology(Natural Science Edition),2012,32(3):258-262. |
| |
| Authors: | LI Yin-zhao YAN Huai-zhi ZHANG Jia and HE Hai-tao |
| |
| Institution: | Beijing Key Laboratory of Software Security Engineering Technology, Beijing Institute of Technology, Beijing 100081, China;Beijing Key Laboratory of Software Security Engineering Technology, Beijing Institute of Technology, Beijing 100081, China;The College of Information Science and Engineering, Yanshan University, Qinhuangdao, Hebei 066004, China;The College of Information Science and Engineering, Yanshan University, Qinhuangdao, Hebei 066004, China |
| |
| Abstract: | A method of database intrusion detection based on adaptive model is proposed.First,the conception of mini-support function and attribute distance are defined.Then,a new association algorithm based on defined conception is proposed to extract operating characteristics in time window.The value of mini-support function can be dynamically adjusted,so operating characteristics could be extracted more efficiently.Furthermore,hierarchical clustering algorithm is applied to produce dynamic clustering rule base.The intrusion could be judged by computing the distance between operating characteristics and cluster in rule base.In this way,the problem of judging ’sharp boundary’ in current database intrusion detection system could be avoided.In the progress of intrusion detection,characteristics of normal operation are absorbed by rule base,and rule base is updated in time.The experimental results show that the intrusion be detected has a high correct rate and a low false rate. |
| |
| Keywords: | database security intrusion detection association analysis cluster |
| 本文献已被 CNKI 万方数据 等数据库收录! |
| 点击此处可从《北京理工大学学报》浏览原始摘要信息 |
| 点击此处可从《北京理工大学学报》下载免费的PDF全文 |
|
