17-03-2014, 09:24 PM
Abstract: Intrusion detection analyzes unauthorized accesses
and malicious behaviors and finds intrusion behaviors and
attempts by detecting the state and activity of an operation
system to provide an effective means for intrusion defense.
Applying the intrusion detection technology to databases is an
effective method of enabling databases to have positive and
active security mechanisms. This paper makes an intensive
study of a database intrusion detection technology, especially
an anomaly detection technology based on data mining first
and then puts forward a kind of realization based on Trie tree
for the classical algorithm of association rules---Apriori and
finally uses Apriori algorithm to realize the extraction of user
behavior rules.
Key words: intrusion detection system; database; anomaly
detection
I. INTRODUCTION
Information technology has brought great convenience
to people's work and life, along with its deep and wide
application in the social life, it has also brought many new
problems and the security problem of data is one of the most
outstanding problems. At present, all large database systems
provide security management mechanisms, but the existing
database security mechanisms can not completely solve the
security problems of database. Intrusion detection
technology is a technology and management means widely
used nowadays as well as a positive and active security
protection technology, at present, the domestic studies on
the intrusion detection of database systems are rare and they
are still at research stage technically, this paper introduces a
data mining technology and the data mining method
commonly used in database intrusion detection and puts
forward a kind of realization of Apriori algorithm based on
Trie tree with a relatively high efficiency.
II. SYSTEM MODEL STRUCTURE
This system is a real-time database intrusion detection
system and its core part a composite detection engine with
anomaly detection and misuse detection features and the
two detection engines work serially to detect the user's
activity in turn. The system collects the data of database
audit system in real time, analyzes the audit data, judges that
it is a normal behavior, abnormal behavior or aggressive
behavior and responds to the result obtained by the
operation behavior and finally reports the result to the
manager in a comprehensible form. The model structure is
shown as Figure 1.
From the above diagram we can see the system is
divided into four modules from the angle of function
realization, namely data preprocessing module, rule
generation module, intrusion detection module and response
module. In order to improve the adaptability of intrusion
detection system, we increase a new rule generation module.