Skip to Main Content
Database intrusion detection technology is an important part of the database security. The paper presents a new database intrusion detection method based on the event sequence clustering. Firstly, aiming at computing the similarity of two SQL statement sequences, an improved edit distance function is defined. The corresponding clustering results are obtained by the computed similarity. Secondly, the attack sequences are detected by calculating the similarity between user's operation sequences and cluster center. The association between two operation sequences is analyzed. At last, the experimental results show that our approach has lower false alarm rate and higher accuracy rate.