Research On Database Intrusion Detection Based On Data Mining

Database systems often store the important data about the company or the organization.These data is arractive to some intruder,and has high possibility to be intrusion target.The weakness of the database system is also the cause of the intrusion,such as often updating the data of the database and the optimization interface of some database.Some traditional database security mechanisms such as identity authentication, access control,encryption and so on are prevention-oriented and passive,and can't totoally stop the intrusion.so,a positive security mechanism-intrusion detection needs to be utilized to detect the intrusion that can't be found by traditional security mechanisms,and to block the attack.Now,although intrusion detection has made many great achievements,they mostly focus on the area of network and operating systems,database intrusion detection reserch is less involved.Database intrusion detection focuses on the attack inside the database,and belongs to the intrusion detection in the level of application.It can detect the malicious transaction which can't be detected by network and OS intrusion detection system.Data mining means a process of nontrivial extraction of implicit,previously unknown and potentially useful information and knowledge from excessive,incomplete,noisy,fuzzy and random data.Intrusion detection is a data handing process for a large deal of data such as audit log.intrusion detection using data mining can find anomaly behaviors from the hided law in the security audit data itself,even if the action mechanism of various attacks are unknown at all.intrusion detection using data mining technique has better ability of self-learning,self-adapting,and self-extending.In this paper database intrusion detection utilizes association rule algorithm.The main work in the paper is as follows:1) MFP-Growth algorithm is presented to improve the efficiency of the FP-Growth algorithm.This algorithm utilizes the transaction-item matrix to represent the transaction database.Conditional matrix which is constructed from the frequent pattern matrix is used to mine the frequent pattern sets.This algorithm avoids the constructing recursively the contidition pattern tree which is an operation of high overhead,and the algorithm needs not accessing the database again,when the support threshold changes and the data is updated.it achieves the changes on the transaction-item matrix simply.The experiment shows this algorithm is more effective than FP-Growth.2)The application study and optimization of MFP-Growth algorithm in database intrusion detection.The paper optimizes MFP-Growth algorithm,in order to make it well appliyed in database intrusion detection,introduing attribute correlation support concept and distance measure function.Attribute correlation support concept assures the completeness of the rule base.So the characteristic attribute with high importance and low frequency can't be missed in the rule mined.Distance measure function describes the data structure characteristic and semantic characteristic of user behavior.the patterns mined by MFP-Growth algorithm opitimized can better describe the operation patterns of database users,and the precision of intrusion detection is improved.3) Design of the database intrusion detection system prototype.The paper constructs the database intrusion detection system prototype,the framework is described.In data acquisition,the audit log of Oracle9i is selected to be data source;In pattern mining component,MFP-Growth algorithm optimized is used to mine the histroy behavior patterns.In order to make the patterns in the pattern base more accurate and confident,the normal patterns which are judged from anomaly records by database administrator are inserted into the pattern base whennever,updating pattern base.The experiment shows the effectiveness of the prototype.