摘要
自互联网出现以来,世界性的信息化使传统的数据库所要承担的安全风险越来越高。网络上无孔不入的网络入侵技术和黑客攻击无时无刻在发展在进化,严重威胁着网络接入的数据库的安全。 在网络中数据库的弱点和漏洞会让恶意入侵者有机可乘,而ids可以将网络流作为输入数据库的审计数据来源,当异常情况出现时,可以及时报警并写入日志。
此面向数据库入侵检测系统模型主要由事件产生器,事件分析器,事件数据库和响应单元组成。数据库入侵检测系统主要实现的功能有: 检测用户异常操作,匹配非正常入侵行为,记录入侵操作。在事件产生器中使用SQLServerProfiler 性能检测优化工具获得审计数据,进行实时的数据采集;在事件分析器中使用基于统计分析的异常检测线程,以及基于模式匹配的误用检测线程对Profiler工具采集到的审计数据进行分析检测;当发现异常情况时,响应单元会记录违规操作并实时地报警;创建入侵异常事件表单,管理员可以对表单进行统计和分析。
关键字: 数据库安全 误用检测 异常检测 数据挖掘
Abstract:
Since the advent of the Internet, the world of information technology to make the traditional database to assume more and more security risks. Network pervasive network intrusion technology and hacking constantly in the development in evolution, a serious threat to the network access of database security.
In the network database for weaknesses and vulnerabilities will allow a malicious intruder can exploit, and IDS can flow network as input database audit data sources, when the abnormal situation, timely alarm and written to the log.
The model of database intrusion detection system is mainly composed of event generator, event analyzer, event database and response unit. The main function of the database intrusion detection system is to detect the abnormal operation of the user, to match the abnormal intrusion behavior and to record the invasion operation. In the event generator using SQL Server profiler performance testing optimization tool for obtaining the audit data, real-time data acquisition; in the event analyzer using based on statistical analysis of anomaly detection thread, and based on pattern matching of misuse detection thread to detect and analyze the audit data profiler tool collection; when found abnormal response unit will record the illegal operations and real-time alarm; create intrusion abnormal events form, the administrator can to form statistics and analysis.
