| Along with the fast development of computer technology and network, more and more important role such as enterprises, governments, scientific research institutes and financial departments have joined their databases to Internet for sharing resources. But as the profit that we gain from Internet, it also gives hack a handle to attack and tamper database.To a certain extent, the existing security mechanisms of the database can solve a part of intrusion from outside, but due to the defects they have, they can not deal with all problem about database security。As a supplement of traditional database security mechanisms, database intrusion detection has gained more attention.Database security, database intrusion detection, association rules mining algorithm are concerned in this paper. The construction and design of the database intrusion detection system are discussed in detail. This system consists of event generators, intrusion detection rule database, event analyzers, and responses units. Every component and process of the design and implementation are presented.In this paper the following functions are implemented: 1) Collecting auditing data through the profiler of SQL Server2000 by creating trace. 2) Design and implement misuse detection. 3) Design and implement anomaly detection based on data mining. The normal historical data of users is mined through Apriori association rule algorithm to generate anomaly rule database. This model can be used to detect anomaly. 4) Implementation of the simple alarm function. Some reports of intrusion cases are provided to administrator for analyzing.The main innovations in the dissertation are: 1) The system is based on agent thought to improve system efficiency. 2) In pretreatment of auditing data, we use numerical value mapping instead of Boolean mapping. 3) Use anomaly degree in anomaly detection to generate more intrusion results in detail. |
PDF Full Text Request