Researches On Anomaly Detection And Some Critical Techniques Of Secure Database

Databases often are the most attractive targets of attackers for their savings of important data of information systems. However, based on user identification and access control, traditional database security mechanism is a kind of passive security mechanism of prevention-centric, which cannot satisfy the requirements of modern database security. For example, some internal misusings or network attacks such as passwork sniffing or session hijack often can get the identifications of legal users and make it difficult for prevention-centric mechanisms to deal with.Intrusion detection is an important method to prevent from intrusions. But most of current researches of intrusion detection focus on intrusion detection of networks or operation systems, and few of them are concerned about database intrusion detection. However, the data in database has its own structure and semantic, database users have their unique actions, such as the internal misuses of legal database users, which only can be detected by using the data structure or semantic of database itself. So it is very difficult to keep efficiency or precision of detection if we only depend on bottom operation system or network intrusion detection system whose scopes mainly focus on file or command level. So the researches on anomaly detection and some critical techniques of secure database have both a theoritical and a practical value, which shape up the background of researches in this thesis.Based on the discussion of insufficiency of traditional database security mechanism and requirement of anolmaly detection, the paper analyzes the advantages and disadvantages of current methods of database anomaly detection, and has following contributionss on database anomaly detection technology and some relevant critital techniques.(1) Concerned on the problem of performance decrease when applying current multidimensional association rule mining methods to objects with multi-value, which assume that an object attribute only has a single-value, the semantic of multidimensional set association rule and its mining algorithm APMA-MS with its improved algorithm on small dataset APMA-MSSD is presented. The algorithms make use of the restricted characteristics of multidimensional set association rule and can execute a triplicate prune on candidate set with a reduction of data set, which make them a better performance than that of Apriori or FP-growth algorithms. Multidimensional sets and its mining algorithms can be applied in expressing or mining objects with multi-value such as database query profiles.(2) Concerned on the problem that geometric distance fuctions in metric space cannot be used to compute distance between two clusters, which leads to performance decrease of anomaly detection algorithms based on cluster analysis, an anomaly detection algorithm based on metric space AD_Density and its application in database are presented, which builds its normal profiles by core objects of density-based clusters. The algorithm organizes its profiles into a metric tree, which makes the detection process a fast similarity search in a metric tree. And more, the density-based clustering algorithm is insenstiive to shapes of clusters and noises. So the algorithm makes up the deficiency of performance decrease of anomaly detection algorithms based on cluster analysis such as Lenoid algorithm or its variations when applied in metric space, and solves the problem that detection rate is influenced by distribution of train set in these algorithms.(3) Concerned on the problem of expressive power and flexibility of access control models in current secure databases, A kind of Datalog?,c that satisfies constraint of single variable is analyzed, which can enlarge the scope of constraint domains that can be evaluated in closed form. Based on the logic semantic, an intrusion-tolerant generic authorization model MUAM for multilevel secure DBMS also is presented. The model introduces the temporal and intrusion-tolerant factors to access control and argues that the authorization decision rules should be considered from three ways: authorization, data protection and data control. The model can express not only the traditional discretionary access control and mandatory access control, but also all kinds of special authorization semantics and constraints of multilevel relational DBMS at same time, which improves expressive power and flexibility of access control models in secure databases(4) Concerned on the problem of high assurance secure database architecture that must overcome the problem of covert channel when implementing two-phase locking protocol in multilevel secure database while still keeping the trusted computing base (TCB) minimization, a secure locking protocol HALock based on high assurance architecture is presented. The protocol avoids covert channel by roll backing the high level transaction partly when there is contention and keeps the TCB minimization by dividing transaction manager into different levels, which makes up the insufficiency on the problem in current researches.(5) Concerned on the problem that the standard role-based access control (RBAC) mechanism does not consider the implementation in multilevel secure database, an extended RBAC model MRBAC is presented, which introduces classified policy into standard RBAC. The model erases the downward information flow by extended rules of read and write and some authorization constraints while still keeping the expressive power and flexibility of standard RBAC, which makes up the limitations when applying standard RBAC on multilevel secure databases.Besides the theoretical analysis of these novel algorithms, lots of experiments are designed and carried out to testify algorithms'efficiency and effectiveness. The processing strategies and experimental results prove the rationality and availability of the novel algorithms. To access control model, logical analysis and theoretical proof are carried out, and show the flexibility or expressive power of the model by simulating traditional access control methods and practical examples. At last, theoretical analysis and proof also are presented to prove the security and serialization of the secure locking protocol.