Application And Research On Transaction-level Database Intrusion Detection System

Nowadays, the database, which is the foundation of data processing and management of information system, tends to be the main target of the invaders. The traditional intrusion detection system can only detect the validity of the users in the database intrusion detection. However, it can not detect the abnormal behaviors and the malicious transaction processing of the users. The national tennis team information system stores the data which is very confidential, for example, the information of training and competition, the index of physiological and biochemical and so on. Therefore, the transaction-level database intrusion detection system based on the national tennis team information system is designed in the paper. The intrusion detection system owns certain active defense capability, and it can be used to detect the attempted attacks and abnormal behavior such as the misuse by valid user, the masquerading attacks executed by unauthorized users that may access to the database by exploring system vulnerabilities and so on. This system can make up for the deficiencies of traditional information systems and pay more attention to the security of data stored in the information management system.Firstly, this paper introduces the concept of the intrusion detection and the classification, structure, defects of the intrusion detection system. Then it focuses on data mining and neural network technology in the abnormal intrusion detection system. Finally, an intrusion detection system based on data mining and neural network is proposed in the paper. In the training stage, the Apriori algorithm of association rules is used to mine the rules of users'normal behavior at first. The rules can be used as the training samples to train the modified RBFNN, and then the trained neural network as the abnormal detection model is obtained. In the detecting stage, it can detect the abnormal behavior of database users and malicious services operation by matching the current users'behavior patterns and users'normal rules of conduct with the help of the identification and classification of the anomaly detection model. The innovated works of this paper compared with the traditional intrusion detection systems are as follows:1. The intrusion detection system is designed by the method of the combination of association rules and neural network. The users'normal rules of conduct which are mined by the association rules can be used as the training samples to train the neural network. This approach can reduce the neural network training time and improve the efficiency, make the training process more focused and enhanced the ability of neural network classification.2. The paper adopts RBF Neural Network and modifies the network. RBFNN has good nonlinear approximation capability, and it also has many advantages including simple structure, learning fast, and no local minimum. Therefore the RBF neural network is adopted in the detection unit. The main centre of the selection function is the key factor to the performance of the RBFNN. In this paper the training samples with the similar characteristics are classified to determine the centre number of the function by combining the subtraction clustering and the Fuzzy C-Means clustering. And the algorithm further optimizes the performance of the network.