一种基于事务模板的恶意事务检测方法  

作　　者：戴华[1] 秦小麟[1] 柏传杰[1] 

机构地区：[1]南京航空航天大学信息科学与技术学院

出　　处：《计算机研究与发展》2010年第5期921-929,共9页Journal of Computer Research and Development

基　　金：国家自然科学基金项目(60673127);国家"八六三"高技术研究发展计划基金项目(2007AA01Z404);江苏省科技支撑计划基金项目(BE2008135)~~

摘　　要：恶意事务检测是数据库入侵检测技术研究中的一个重要课题,而及时的恶意事务检测是构建可生存性DBMS的基础.在已有的恶意事务检测方法的基础上,通过扩展对SQL操作语句的解析粒度,给出了蕴含条件子句逻辑结构的细粒度SQL操作语句特征向量表示方法,并在此基础上给出包含事务语句有向图和事务执行环境约束集合的事务模板表示方法,最后,在给出事务模板支持判定算法的基础上,提出了一种基于事务模板的恶意事务检测算法.为了验证提出方法的有效性,针对事务执行性能、检测类型以及检测率进行实验,结果表明该恶意事务检测方法不仅具有较好的性能,同时具有更强的检测能力和更广的适用范围.Malicious transaction detection technique is one of important issues in database intrusion detection area.Immediate detection of the malicious transactions is the basis for building a survivable database system.Based on the study of existing malicious transaction detection methods,a novel detecting mechanism based on the database transaction template is proposed.First,fine-grained SQL statement feature vector is defined.The vector contains logical structure of condition clause by expanding the analysis granularity on SQL statements.Second,database transaction template is proposed which has two aspects：one is the SQL statements directed graphs,which contain the transaction＇s SQL statements feature vectors and the executing sequence of database operations,the other is execution environment constraints,which represent the transaction＇s execution requirements,such as time constraints,location constraints,operational constraints,etc.Finally,a malicious transaction detection algorithm based on database transaction template is provided,which integrates the virtues of the template and is based on a decision algorithm called template support.To validate the effectiveness of the proposed detection method,experiments on transaction executing performance,various detection types and malicious transaction detection rates are performed.Experimental results indicate that the proposed method has good detection performance and ability,and can be applied in wider detection scopes.

关 键 词：数据库系统 数据库安全 入侵检测 恶意事务检测 事务模板 

分 类 号：TP392[自动化与计算机技术—计算机应用技术]