| 多角度数据库活动监控技术研究 |
| |
| 引用本文: | 陈旦,杨非,叶晓俊.多角度数据库活动监控技术研究[J].电子科技大学学报(自然科学版),2015,44(2):266-271. |
| |
| 作者姓名: | 陈旦 杨非 叶晓俊 |
| |
| 作者单位: | 1.清华大学软件学院 北京 海淀区 100084; |
| |
| 基金项目: | 核高基项目-通用基础软件测试评估 |
| |
| 摘 要: | 基于网络协议抓取的数据库活动监控是数据库安全深度防御的一种手段。针对用户数据库请求的内容与方式,设计了包括用户行为获取与潜在安全威胁检测的数据库活动监控器。根据异常攻击检测策略,提出了基于SQL语法结构和语义特点的单语句用户行为模型和基于SQL操作序列的多语句用户行为模型。在训练阶段,对SQL训练集进行学习以构建用户行为模式库。入侵检测引擎通过计算SQL间结构距离和多语句序列距离的模式匹配方法发现潜在的数据库攻击行为。对实际SQL请求的实验验证了该文提出的监控器体系结构、相关模型、行为模式挖掘和攻击匹配算法的可用性。
|
| 关 键 词: | 数据库活动监控 入侵检测 匹配 用户行为模型模式 |
| 收稿时间: | 2013-05-21 |
Research on Multi-Dimensional Database Activity Monitor |
| |
| Affiliation: | 1.School of Software,Tsinghua University Haidian Beijing 100084;2.Tsinghua National Laboratory for Information Science and Technology,Tsinghua University Haidian Beijing 100084 |
| |
| Abstract: | According to known and unknown database attacking, we propose an architecture of multi-dimensional attack-aware database activity monitor based on captured SQLs, in which the user database behavior schema set can be constructed in the beginning by monitoring their requests and detect potential attacks by analyzing SQL queries/statements during database running. Based on the SQL's syntactic structure and semantic feature, we present different user behavior models on SQL schematic and semantic level, session level, and structure for libraries of user behavior patterns. Malicious transactions are detected by means of calculating the structure distance of user database requests with SQLs or SQL sequences in schema matching set of the detection engine. |
| |
| Keywords: | database activity monitor intrusion detection pattern matching user behavior model |
| 本文献已被 万方数据 等数据库收录! |
| 点击此处可从《电子科技大学学报(自然科学版)》浏览原始摘要信息 |
|
点击此处可从《电子科技大学学报(自然科学版)》下载全文 |
