Abstract:
Malicious transaction detection technique is one of important issues in database intrusion detection area. Immediate detection of the malicious transactions is the basis for building a survivable database system. Based on the study of existing malicious transaction detection methods, a novel detecting mechanism based on the database transaction template is proposed. First, fine-grained SQL statement feature vector is defined. The vector contains logical structure of condition clause by expanding the analysis granularity on SQL statements. Second, database transaction template is proposed which has two aspects: one is the SQL statements directed graphs, which contain the transaction's SQL statements feature vectors and the executing sequence of database operations, the other is execution environment constraints, which represent the transaction's execution requirements, such as time constraints, location constraints, operational constraints, etc. Finally, a malicious transaction detection algorithm based on database transaction template is provided, which integrates the virtues of the template and is based on a decision algorithm called template support. To validate the effectiveness of the proposed detection method, experiments on transaction executing performance, various detection types and malicious transaction detection rates are performed. Experimental results indicate that the proposed method has good detection performance and ability, and can be applied in wider detection scopes.