摘要
传统的基于身份认证和存取控制的数据库安全机制存在一定的局限性,如无法防止SQL注入、合法用户权限滥用等非法行为,而现存的入侵检测研究多集中在网络和操作系统,由此提出一个基于DBMS的无监督异常检测算法。首先定义了数据库查询的表示方法及其相似度计算方法,其次给出了包括查询聚类、标记和检测三阶段的异常检测算法,最后给出了算法在合成数据中的聚类结果及其在真实数据中检测SQL注入的应用,并讨论了利用数据库索引的扩展算法。
There are limitations on the traditional user identification and access control of database security mechanism, such as in preventing the illegal actions of SQL injection, misusing authorization. However, most of existed intrusion detection researches focus on network or operation system, so the paper presents an algorithm of unsupervised anomaly detection based on DBMS. Firstly, the paper defines the expression of database queries and similarity computation between queries. Then an anomaly detection algorithm that includes three phases: clustering, labeling and detecting is given out. Finally, an experiment result on a synthetic data set and a result on a real data set for detecting SQL injection are reported, and the modified algorithm based on index also is discussed at the end of the paper.
出处
《计算机科学》
CSCD
北大核心
2007年第1期123-127,共5页
Computer Science
基金
航空科学基金(02F52033)
江苏省高技术项目(BG2004-005)资助
关键词
聚类算法
数据库安全
异常检测
Clustering algorithm, Database security, Anomaly detection
