Anomaly Detection And Assessment Of User Behavior For Database Access

In recent years,with the rise of information trafficking in dark industrial chain,the data security situation has become more and more serious.Data leakage,data tampering,data corruption and other data security incidents have been frequent.In the data security threats,internal attacks are the key and difficult points for database security auditing.In order to deal with internal attacks,user behavior anomaly detection and assessment technology for database access have become hot topics.In the current study of user behavior anomaly detection,there is a prevalence of high false positive rate.Meanwhile,as one of the main anomaly assessment methods,M-Score has some problems.It requires defining the sensitivity for all pieces of information.Such a workload is heavy.In addition,M-Score is not able to consider factors comprehensively.In view of the above problems,this thesis studies the user behavior anomaly detection technology and anomaly assessment technology for database access,and implements an anomaly detection and assessment system.Specifically,the main work includes the following four aspects.First of all,this thesis studies the damage of internal threats in data security problems,and investigates the research status of user behavior anomaly detection and assessment technology in database security auditing.On the basis of demand analysis,the framework of user behavior anomaly detection and assessment system for database access is designed.After that,the user behavior anomaly detection technology is studied.First,the method of user behavior representation based on syntax and context is used to analyze and process the audit data.Then,this thesis use the association rules and decision tree to construct user behavior patterns.Respectively,a matching detection algorithm based on association rules and a classifying detection algorithm based on decision tree are designed.Also,the validity and the scope of these methods are verified by experiments.Next,this thesis studies the user behavior anomaly assessment technology for database access.Anomaly assessment is divided into two parts,that is,data leakage assessment and data tampering/corruption assessment.And,user behavior anomaly assessment algorithms are designed.For data leakage,this thesis established the inheritance relational data model and the association relational data model.According to the data models,data importance of a result set is calculated.The assessment result is determined on the basis of data importance,data quantity and data uniqueness.For data change and corruption assessment,the assessment result is measured by the execution probability of the abnormal behavior.Finally,integrating user behavior anomaly detection technology and anomaly assessment technology,this thesis implements an anomaly detection and assessment prototype system.Also,functional tests and performance tests are conducted on the system.In summary,this thesis studies the user behavior anomaly detection and assessment technology for database access.On this basis,an anomaly detection and assessment prototype system is implemented,which can effectively improve the security of databases.