【作者】 冯玉才； 詹伟； 朱虹； 张勇；

【机构】 华中科技大学数据库与多媒体研究所；

【摘要】 <正>1引言现有的入侵检测系统,如IDES,NADIR,都是基于探测与期望的统计模式的偏离或者基于与已知的攻击方法进行模式匹配,但是以上系统提出的探测方法基本上都是在操作系统层。针对DBMS,提出的入侵检测方法还较少见。现存的IDS还不足以阐述清楚数据库系统入侵检测的概念,既没有考更多还原

【Abstract】 The method addressed in the extant IDS is primarily at the operating system level.It provides limited help with intrusion detection about DBMS.In this paper data mining method is used to solve intrusion detection problems based on DBMS,two measures——distance measure and correlation are introduced to guide profile mining and profile comparision to effectively reduce false positives.The notion of distance measure refers to domain knowledge and reflect data structure and semantics in DBS.This system has another characteristic:role profile may give rise to more general and regular patterns than user profile.This IDS succeeds in detecting intrusion on DBS.更多还原