| With the rapid development of Internet technology and the wide application of the Internet,more and more government,enterprises and other organizations connect their own private databases to the Internet.These databases often contain much valuable and sensitive information and are highly likely to be deliberately attacked.Faced with the complex and diverse means of attack,the traditional database security mechanism appears a bit weak.Intrusion detection technology is a new generation of security defense technology,which protects the security of the database by proactively discovering the possible intrusion and taking measures such as alarm.The thesis introduces the related knowledge of database security,intrusion detection and data mining,analyzes the shortcomings of the traditional database security mechanisms and discusses the role of intrusion detection in the protection of database security,and expounds the advantages of using data mining technology in the intrusion detection.The thesis designs and realizes the database intrusion detection system based on data mining and intrusion detection technology.The thesis uses K-Means clustering algorithm to distinguish between normal data and abnormal data.Considering the disadvantages of randomly selecting K clustering centers and the outliers may be the cluster centers,an improved K-Means algorithm is proposed in order to improve the clustering effect.A matrix association algorithm is used to mine the behavior patterns,and a matrix correlation algorithm is proposed to reduce the time of database scanning and improve the efficiency of the algorithm.The modules of the database intrusion detection system include data preprocessing,rule base generation,data mining,intrusion detection and response unit.The data preprocessing module get data through the Mysql audit function and standardize data.The rule base generation module includes the generation of a normal behavior rule base and an abnormal behavior rule base.The normal behavior rules are extracted from the historical training dataset.The abnormal database stores the known rules of abnormal behavior.The data mining module uses the improved K-Means clustering algorithm to distinguish between normal data and abnormal data,and uses the improved Apriori algorithm to mine user behavior patterns.Intrusion detection module includes two kinds of mixed detection methods,misuse detection and anomaly detection.The response unit module realizes the simple alarm function.The final test results show that the system can reduce false alarm rate,false negative rate,and effectively protect the security of the database. |
PDF Full Text Request