【作者】 洪伟；

【导师】 杨路明；

【作者基本信息】 中南大学 ， 计算机应用技术， 2010， 硕士

【摘要】 本文首先对数据库安全进行了研究,然后综述了数据库入侵检测的相关技术,最后针对目前数据库安全系统的特点,分析了传统数据库安全机制的弱点与不足,结合数据挖掘技术、入侵检测技术进行了数据库入侵检测的相关研究,设计并实现了一个基于关联规则挖掘的数据库入侵检测原型系统。为提高关联规则的挖掘效率,本文提出了一个基于频繁项集矩阵FM与互斥项目约束的Apriori改进算法。该算法对Apriori算法的两个性能瓶颈都作了改进,采用频繁项集矩阵可以避免生成候选k-项集,利用逻辑与运算直接产生频繁k-项集,从而大大减少了计算量和对事务数据库的扫描次数；采用互斥项目约束可以在连接中阻止互斥项目的连接,从而大大减少了无用频繁项集的产生,提高了关联规则挖掘的效率。该算法主要用于异常检测中用户正常行为规则和当前行为规则的挖掘。本文设计的数据库入侵检测原型系统整体上可分为数据采集、规则生成、入侵检测和响应四个模块：数据采集模块利用Oracle的审计功能获取审计数据,实现数据采集；规则生成模块利用本文提出的基于频繁项集矩阵FM与互斥项目约束的Apriori改进算法进行用户正常行为规则和用户当前行为规则的提取；入侵检测模块结合误用检测与异常检测的特点,先进行误用检测后进行异常检测,降低了漏检率和误检率,同时异常检测引入了滑动窗口的概念,采用关联规则挖掘方式,能够实时检测入侵,提高了入侵检测的效率与实时性；响应模块记录检测结果中的异常和入侵信息,向管理员报警。最后对该原型系统进行了测试,并给出了实验结果分析。更多还原

【Abstract】 The article first studies the Database Security,then introduces the related technology of the Database Intrusion Detection. At last, it analyses the shortages of the traditional Database Security mechanisms according to the features of the present Database Security System. And it studies the related Database Intrusion Detection System by combining Data Mining with Intrusion Detection technology. It has designed and realized an prototype system of the Database Intrusion Detection based on Association Rules mining.In order to improve the mining efficiency of Association Rules, the article brings up an advanced algorithm of Apriori based on the Frequent Itemsets Matrix FM and constraint of incompatible-item.This algorithm has improved the performance bottleneck. Using Frequent Itemsets Matrix can avoid producing candidate k-itemsets. And using "logical AND" operation can directly produce frequent k-itemsets and mostly reduce the calculating works and scanning times to the transactional databases.Using the constraint of incompatible-item can stop the connection in the linking step and largely reduces the production of unwanted frequent itemsets.This has improved the efficiency of the association rules mining.This algorithm is mainly used in mining the user’s normal behavior rules and the user’s current behavior rules.The prototype system of Database Intrusion Detection designed by the article can be wholly divided into the four models of Data acquisition, rule generation, Intrusion detection and Responsing.The model of Data acquisition uses Oracle’s auditing function to get data and realize the Data acquisition. The model of rules generation generates the user’s normal behavior rules and the current behavior rules. The model of Intrusion Detection combines the features of Misuse Detection and Anomaly Detection. First it takes Misuse Detection and then Anomaly Detection, this reduces the rate of lost detection and the rate of error detection. At the same time the Anomaly Detection introduces the concept of Sliding Window and uses the Association Rule mining measures. This can detect the instrusion in time and improved the efficiency and real-time. The response model records the abnormal and intrusion information in the detection results and warned it to the administrator.At last it tests the prototype system and offers the analyses of the results of the experiment.更多还原