An Algorithm of Unsupervised Anomaly Detection Based on DBMS and its Application
一种基于DBMS的无监督异常检测算法及其应用

There are limitations on the traditional user identification and access control of database security mechanism, such as in preventing the illegal actions of SQL injection, misusing authorization. However, most of existed intrusion detection researches focus on network or operation system, so the paper presents an algorithm of unsupervised anomaly detection based on DBMS. Firstly, the paper defines the expression of database queries and similarity computation between queries. Then an anomaly detection algorithm that includes three phases: clustering, labeling and detecting is given out. Finally, an experiment result on a synthetic data set and a result on a real data set for detecting SQL injection are reported, and the modified algorithm based on index also is discussed at the end of the paper.