Research On A Method Of Application-level Database Intrusion Detection And Its Implementation

Database application systems have been widely used in all aspects of our social lives. However,data security becomes an important research topic of database application system which has allured more and more eyes.As the supporting platform of database system, computer network,operating system and database management system have been researched deeply,and have their own security mechanisms.But the database application systems remain weak with security controls.Intrusion is the main security threat to the database application systems.So it is a hard problem how to detect intrusions accurately and rapidly.In this paper,we have made some useful research on intrusion detection technology for database application system as follows:Firstly,we propose a design of application-level database intrusion detection system. Based on the main features of existing database application systems,the methodology of intrusion detection system and the features of users' behavior in the database,we propose a design of application-level database intrusion detection system.Secondly,existing pattern matching methods could easily lose the key information and lead to a high false positives and false negatives.In this paper we introduce two phases modeling and fuzzy profile tree pattern matching method.We build a fuzzy profile tree based on describing attributes and behavior patterns based on acting attribute,and finally detect invasions based on the fuzzy profile tree.Finally,we propose a method of application-level database intrusion detection.In this paper,we detect invasions from three levels,including SQL statement structure,SQL data manipulation behavior and application system behavior.Compared with the existing designs Which only detect single SQL statement,this method is able to identify application behavior of users in reasonable manner.In summary,this paper introduces an application-level database intrusion detection technology.To detect intrusion accurately we propose a two phases modeling method and fuzzy profile tree pattern matching method.Theoretical analysis and experiments show that this method has high feasibility and practical value.