东北大学学报(自然科学版)

东北大学学报(自然科学版) ›› 2003, Vol. 24 ›› Issue (3): 225-228.DOI: -

• 论著 • 上一篇    下一篇

基于数据挖掘的网络数据库入侵检测系统

王丽娜;董晓梅;郭晓淳;于戈   

  1. 东北大学信息科学与工程学院;东北大学信息科学与工程学院;东北大学信息科学与工程学院;东北大学信息科学与工程学院 辽宁沈阳110004
  • 收稿日期:2013-06-23 修回日期:2013-06-23 出版日期:2003-03-15 发布日期:2013-06-23
  • 通讯作者: Wang, L.-N.
  • 作者简介:-
  • 基金资助:
    国家自然科学基金资助项目 ( 90 10 40 0 5 ;60 173 0 5 1) ;;

Research on intrusion detection system for network database based on data mining

Wang, Li-Na (1); Dong, Xiao-Mei (1); Guo, Xiao-Chun (1); Yu, Ge (1)   

  1. (1) Sch. of Info. Sci. and Eng., Northeastern Univ., Shenyang 110004, China
  • Received:2013-06-23 Revised:2013-06-23 Online:2003-03-15 Published:2013-06-23
  • Contact: Wang, L.-N.
  • About author:-
  • Supported by:
    -

RichHTML

1

PDF (PC)

1485

摘要: 提出一种基于数据挖掘的网络数据库入侵检测模型 (NDBIDS) ·讨论了NDBIDS的结构及各部件的功能·利用关联规则Apriori算法 ,对用户正常历史数据进行挖掘 ,并对产生的规则进行归并更新 ,通过训练学习生成异常检测模型 ,并利用此模型实现基于数据挖掘的异常检测·NDBIDS可以检测伪装攻击、合法用户的攻击和攻击企图三种类型的攻击 ,通过实验给出了相应攻击的检测率、假报警率、漏报率和检测正确率·本系统的建立不依赖于经验 ,具有较强的灵活性

关键词: 数据挖掘, 关联规则, 入侵检测, 攻击, 数据库安全

Abstract: An intrusion detection system model was proposed for network database NDBIDS based on data mining. The framework of the intrusion detection system and the function of components were discussed. The users' normal historical data were mined by the Apriori association-rule algorithm. The anomaly-detection model was implemented by merging and updating the rules. Three kinds of attacks, masquerading, penetration and intrusion attempt, can be detected by NDBIDS. The corresponding detection rate, false alarm rate, missing report rate and correctness rate were computed. The construction of system does not depend on experiences, so it has good flexibility.

中图分类号: