65 / 2016-03-14 09:18:07

Anomaly Detection of User Behavior for Database Security Audit Based on OCSVM

8857,8858,8859,8860,5798

In view of the defects of Safety monitoring and comprehensive audit in information network boundaries of State Grid Corporation of China(SGCC), a kind of security audit technology based on one-class support vector machine(OCSVM) is proposed for the security audit of user access behavior. Firstly, feature selection, syntax parsing of SQL statements and numerical processing of audit log are completed to obtain the feature vector of user behavior, which can be trained and identified by OCSVM. Then the audit log that reflect the rules of normal behavior in the long-term operation of the database is used as the OCSVM's training input. After training, the OCSVM classifier is trained to build the pattern library of user behavior. Finally, the OCSVM classifier is used to detect the abnormal behavior of database operation, and to realize the security audit of database user access behavior.