融合密度聚类与集成学习的数据库异常检测

目前,针对数据库系统内部攻击与威胁的检测方法较少,且已有的数据库异常检测方案存在代价开销高、检测准确率低等问题.为此,将密度聚类和集成学习融合,提出一种基于密度聚类和集成学习的数据库异常检测方法.利用OPTICS(Ordering Points To Identify the Clustering Structure)密度聚类算法对用户产生的数据库SQL操作日志进行聚类,通过对SQL语句中的各属性进行分析,提取用户的异常行为,形成先验知识;将Bagging、Boosting和Stacking进行组合,形成集成学习模型,以OPTICS聚类形成的先验知识为基础,并利用该集成学习模型对用户行为作进一步分析,并创建用户行为特征库.基于用户形成特征库,对用户行为进行检测.给出了方案的详细构建过程,包括数据预处理、训练、学习模型建立以及异常检测;利用相关实验数据进行测试,结果表明本方案能以较高的效率检测出数据库异常行为,并且在准确率方面优于同类方案.

Database Anomaly Detection Based on Density Clustering and Ensemble Learning

At present,there are fewer detection methods for internal attacks and threats in database systems,and most existing database anomaly detection schemes have problems such as high cost and low accuracy.Therefore,we proposed a database anomaly detection scheme based on OPTICS and ensemble learning.Use OPTICS to cluster the database SQL operation log generated by the user,and analyze the attributes of the SQL statement to extract the abnormal behavior.Finally,use ensemble learning model composed of Bagging,Boosting and Stacking to further analyze user behavior and create a feature database.Detect user behavior based on the feature database.The detailed construction process of the scheme is given including data preprocessing,training,learning model construction and anomaly detection.The performance of the proposed scheme are evaluated and compared on different metrics.The results show that the scheme can detect abnormal database user behavior with high efficiency and accuracy.