基于密度聚类的数据库入侵检测系统研究
|
摘要
针对现有数据库入侵检测系统高误报率的问题,提出了一种基于密度聚类数据库入侵检测系统,其检测系统过程分为2个部分,①数据训练阶段:执行事务属性的数据预处理,然后将数据集划分为训练集和测试集,使用点排序识别聚类结构(Ordering of Points To Identify Clustering Structure,OPTICS)来构建用户的正常配置文件;②入侵检测阶段:每个传入行为有2种状态,位于群集内或是集群外,根据其局部异常因子(Local Outlier Factor,LOF)值来确定事务的异常程度,对于LOF<1的行为允许访问数据库,其他行为通过采用不同的监督机器学习技术进一步验证是正常值或异常值,实现入侵检测.实验结果表明,与其他现有数据库入侵检测系统相比,本文系统性能优于其他2种系统.
Aiming at the problem of high false positive rate of existing database intrusion detection systems, a database intrusion detection system based on density clustering was proposed in this paper. The intrusion detection system is divided into two parts. ①Data training stage: in this stage, data preprocessing of transaction attributes is executed, and then the data set is divided into training set and testing set. And ordering of points to identify clustering structure(OPTICS) is used to construct the user's normal configuration file; ②Intrusion detection stage: each incoming behavior has two states, located within or outside the cluster, and the degree of abnormality of the transaction is determined by its local outlier factor(LOF) value. For LOF<1 behavior allows access to the database, for other behaviors, through the use of different supervised machine learning technology to further verify that the normal/abnormal value, to achieve intrusion detection. The experimental results show that compared with other existing database intrusion detection systems, the performance of this system is better than the other two systems.
Aiming at the problem of high false positive rate of existing database intrusion detection systems, a database intrusion detection system based on density clustering was proposed in this paper. The intrusion detection system is divided into two parts. ①Data training stage: in this stage, data preprocessing of transaction attributes is executed, and then the data set is divided into training set and testing set. And ordering of points to identify clustering structure(OPTICS) is used to construct the user's normal configuration file; ②Intrusion detection stage: each incoming behavior has two states, located within or outside the cluster, and the degree of abnormality of the transaction is determined by its local outlier factor(LOF) value. For LOF<1 behavior allows access to the database, for other behaviors, through the use of different supervised machine learning technology to further verify that the normal/abnormal value, to achieve intrusion detection. The experimental results show that compared with other existing database intrusion detection systems, the performance of this system is better than the other two systems.
引文
[1] 李洋,吕家恪.基于Hadoop与Storm的日志实时处理系统研究 [J].西南师范大学学报(自然科学版),2017,42(4):119-126.
[2] 曾强,缪力,秦拯.面向大数据处理的Hadoop与MongoDB整合技术研究 [J].计算机应用与软件,2016,33(2):21-24,37.
[3] ASHFAQ R A R,WANG X Z,HUANG J Z,et al.Fuzziness Based Semi-Supervised Learning Approach for Intrusion Detection System [J].Information Sciences,2017,378:484-497.
[4] 张礼哲,顾兆军,何波,等.多源攻击模式图入侵检测方法 [J].计算机工程与设计,2016,37(11):2909-2916.
[5] 陈虹,万广雪,肖振久.基于优化数据处理的深度信念网络模型的入侵检测方法 [J].计算机应用,2017,37(6):1636-1643,1656.
[6] LAI S F,SU H K,HSIAO W H,et al.Design and Implementation of Cloud Security Defense System with Software Defined Networking Technologies [C]//2016 International Conference on Information and Communication Technology Convergence (ICTC).Jeju:IEEE,2016.
[7] DAWLE Y,NAIK M,VANDE S,et al.Database Security Using Intrusion Detection System [J].Database,2017,2(3):1-6.
[8] SURYAWANSHI S S,MULANI T,ZANJURNE S,et al.Database Intrusion Detection and Protection System Using Log Mining and Forensic Analysis [J].Int J Comput Sci Inf Technol,2015,6:5059-5061.
[9] BUCZAK A L,GUVEN E.A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection [J].IEEE Communications Surveys & Tutorials,2016,18(2):1153-1176.
[10] RAO U P,SINGH N K.Weighted Role Based Data Dependency Approach for Intrusion Detection in Database [J].IJ Network Security,2017,19(3):358-370.
[11] ELAZIZ P E A,MOHAMED H K.Database Intrusion Detection Using Sequential Data Mining Approaches [C]//2014 9th International Conference on Computer Engineering & Systems (ICCES).Cairo:IEEE,2014.
[12] WANG N,LI Y,YUAN L M.Simulation on Optimized Intrusion Detection of Multi-Layer,Distributed and Large Differences Database [J].Applied Mechanics and Materials,2014,556-562:2886-2889.
[13] YI M.On the Research of Force into Computer Database Intrusion Detection Technology [J].R Risti Iberian Journal on Information Systems & Technologies,2016,18:80-89.
[14] PANIGRAHI S,SURAL S,MAJUMDAR A K.Two-Stage Database Intrusion Detection by Combining Multiple Evidence and Belief Update [J].Information Systems Frontiers,2013,15(1):35-53.
[2] 曾强,缪力,秦拯.面向大数据处理的Hadoop与MongoDB整合技术研究 [J].计算机应用与软件,2016,33(2):21-24,37.
[3] ASHFAQ R A R,WANG X Z,HUANG J Z,et al.Fuzziness Based Semi-Supervised Learning Approach for Intrusion Detection System [J].Information Sciences,2017,378:484-497.
[4] 张礼哲,顾兆军,何波,等.多源攻击模式图入侵检测方法 [J].计算机工程与设计,2016,37(11):2909-2916.
[5] 陈虹,万广雪,肖振久.基于优化数据处理的深度信念网络模型的入侵检测方法 [J].计算机应用,2017,37(6):1636-1643,1656.
[6] LAI S F,SU H K,HSIAO W H,et al.Design and Implementation of Cloud Security Defense System with Software Defined Networking Technologies [C]//2016 International Conference on Information and Communication Technology Convergence (ICTC).Jeju:IEEE,2016.
[7] DAWLE Y,NAIK M,VANDE S,et al.Database Security Using Intrusion Detection System [J].Database,2017,2(3):1-6.
[8] SURYAWANSHI S S,MULANI T,ZANJURNE S,et al.Database Intrusion Detection and Protection System Using Log Mining and Forensic Analysis [J].Int J Comput Sci Inf Technol,2015,6:5059-5061.
[9] BUCZAK A L,GUVEN E.A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection [J].IEEE Communications Surveys & Tutorials,2016,18(2):1153-1176.
[10] RAO U P,SINGH N K.Weighted Role Based Data Dependency Approach for Intrusion Detection in Database [J].IJ Network Security,2017,19(3):358-370.
[11] ELAZIZ P E A,MOHAMED H K.Database Intrusion Detection Using Sequential Data Mining Approaches [C]//2014 9th International Conference on Computer Engineering & Systems (ICCES).Cairo:IEEE,2014.
[12] WANG N,LI Y,YUAN L M.Simulation on Optimized Intrusion Detection of Multi-Layer,Distributed and Large Differences Database [J].Applied Mechanics and Materials,2014,556-562:2886-2889.
[13] YI M.On the Research of Force into Computer Database Intrusion Detection Technology [J].R Risti Iberian Journal on Information Systems & Technologies,2016,18:80-89.
[14] PANIGRAHI S,SURAL S,MAJUMDAR A K.Two-Stage Database Intrusion Detection by Combining Multiple Evidence and Belief Update [J].Information Systems Frontiers,2013,15(1):35-53.
© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号 地址:北京市海淀区学院路29号 邮编:100083 电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700 |