Research On Database Intrusion Detection System Based On Association Rule Mining

The article first studies the Database Security,then introduces the related technology of the Database Intrusion Detection. At last, it analyses the shortages of the traditional Database Security mechanisms according to the features of the present Database Security System. And it studies the related Database Intrusion Detection System by combining Data Mining with Intrusion Detection technology. It has designed and realized an prototype system of the Database Intrusion Detection based on Association Rules mining.In order to improve the mining efficiency of Association Rules, the article brings up an advanced algorithm of Apriori based on the Frequent Itemsets Matrix FM and constraint of incompatible-item.This algorithm has improved the performance bottleneck. Using Frequent Itemsets Matrix can avoid producing candidate k-itemsets. And using "logical AND" operation can directly produce frequent k-itemsets and mostly reduce the calculating works and scanning times to the transactional databases.Using the constraint of incompatible-item can stop the connection in the linking step and largely reduces the production of unwanted frequent itemsets.This has improved the efficiency of the association rules mining.This algorithm is mainly used in mining the user's normal behavior rules and the user's current behavior rules.The prototype system of Database Intrusion Detection designed by the article can be wholly divided into the four models of Data acquisition, rule generation, Intrusion detection and Responsing.The model of Data acquisition uses Oracle's auditing function to get data and realize the Data acquisition. The model of rules generation generates the user's normal behavior rules and the current behavior rules. The model of Intrusion Detection combines the features of Misuse Detection and Anomaly Detection. First it takes Misuse Detection and then Anomaly Detection, this reduces the rate of lost detection and the rate of error detection. At the same time the Anomaly Detection introduces the concept of Sliding Window and uses the Association Rule mining measures. This can detect the instrusion in time and improved the efficiency and real-time. The response model records the abnormal and intrusion information in the detection results and warned it to the administrator.At last it tests the prototype system and offers the analyses of the results of the experiment.