【作者】 张超；

【导师】 霍红卫；

【作者基本信息】 西安电子科技大学 ， 计算机软件与理论， 2004， 硕士

【摘要】 近年来，网络攻击越来越普遍，也难以防范。传统的防火墙技术已难以满足目前网络安全的需要。于是，一项新的安全技术入侵检测系统被提出。由于越来越多的政府、商业、金融等机构和部门将自己的数据库连接到Internet上，网上数据库受到的攻击越来越多，造成的损害越来越大，所以网络数据库安全成为安全的焦点，我们迫切需要研究针对数据库的入侵检测技术来提高安全性。 本文首先介绍了入侵检测系统的发展过程，阐述了入侵检测系统的功能、模型、分类，并详细研究了入侵检测系统的检测技术，同时指出了目前入侵检测系统中存在的问题，指出了入侵检测系统的发展前景。然后介绍了数据库安全方面的问题，重点讨论了SQL SERVER数据库的安全机制。接下来分析基于误用的和基于异常的数据库入侵检测技术，重点讨论了基于异常的数据挖掘检测技术在入侵检测中的应用。本文的核心即基于数据挖掘技术的数据库入侵检测系统的设计，在设计过程中我们利用关联规则Apriori算法来对用户行为进行数据挖掘，根据用户历史行为模式和当前行为模式比较相似度来检测用户当前行为模式的异常，在本文最后给出了实验结果分析。更多还原

【Abstract】 In the last decade, attacks to network are becoming more common and sophisticated .However,it is a difficult task to detect intrusion.The traditional technology such as firewall is not enough to solve all kind of attacks.For this reason,intrusion detection as a new technology is put forward.With more and more governments .business and finance having their own databases connected to the intemet,we much more attack break into these network databases.Then current security is focused on network database security. So we need to study intrusion detection technology on databases to intensify the security.At first this paper introduces the development process of intrusion detection system. Then we describe the function, model and taxonomy of intrusion detection systems, particularly discuss the model of intrusion detection system. And the framework and standardization of intrusion detection system are thoroughly discussed in this paper. The problems and future of intrusion detection system are put forward in this paper. The international standard of database security is also given here and then the security mechanism of SQL Server is detailedly discussed. The application of Misuse detection technology and anomaly detection technology in SQL Server are talked about thoroughly in this paper. We show more emphasis on the anomaly detection technology based on data mining. Finally, the constructing process of database intrusion detection is detailedly discussed here. By use of Aprior association rule algorithm, the user’s historical data are mined. We alse give the test data in this paper.By comparing the similarties between the history profiles and present ones we can detect the anomaly in present profiles. Result of experiments shows the differences between them.更多还原