基于K-means和naive Bayes的数据库用户行为异常检测研究
针对数据库用户行为异常导致数据库泄露问题,提出了一种基于K-means和naive Bayes算法的数据库用户异常检测方法。首先,利用数据库历史审计日志中用户的查询语句与查询结果,采用K-means聚类方法得到用户的分组;然后,使用naive Bayes分类算法构造用户异常检测模型。与单独使用naive Bayes分类法构造的模型相比,在数据预处理时精简了用户行为轮廓的表示方法,降低了计算冗余,减少了81%的训练时间;利用K-means聚类方法得到用户组别,使检测的精确率提高了7.06%,F1值提高了3.33%。实验证明,所提方法大幅降低训练时间,取得了良好的检测效果。
iming at database leakage caused by abnormal database user behavior, this paper proposed a database user anomaly detection method based on K-means and Naive Bayes algorithm. Firstly, the K-means clustering method obtained users grouping based on the users query statements and query results in the database historical audit logs; then, the Naive Bayes classification algorithm constructed the user anomaly detection model. Compared with the model constructed by Naive Bayes classification alone, the simplified representation of user behavior profile reduces computational redundancy and reduces training time by 81%. Applying K-means clustering method to obtaining users grouping improves the detection accuracy by 7.06% and the F1 value by 3.33%. Experiments show that the proposed method greatly reduces the training time and achieves better detection results.
冯安然、王旭仁、杨杰、马慧珍、何发镁
计算技术、计算机技术
数据库用户行为异常检测K-means聚类naive Bayes分类算法
冯安然,王旭仁,杨杰,马慧珍,何发镁.基于K-means和naive Bayes的数据库用户行为异常检测研究[EB/OL].(2019-01-28)[2025-08-02].https://chinaxiv.org/abs/201901.00173.点此复制
评论