Subjects: Computer Science >> Integration Theory of Computer Science submitted time 2019-01-28 Cooperative journals: 《计算机应用研究》
Abstract: Aiming at database leakage caused by abnormal database user behavior, this paper proposed a database user anomaly detection method based on K-means and Naive Bayes algorithm. Firstly, the K-means clustering method obtained users’ grouping based on the user’s query statements and query results in the database historical audit logs; then, the Naive Bayes classification algorithm constructed the user anomaly detection model. Compared with the model constructed by Naive Bayes classification alone, the simplified representation of user behavior profile reduces computational redundancy and reduces training time by 81%. Applying K-means clustering method to obtaining users’ grouping improves the detection accuracy by 7.06% and the F1 value by 3.33%. Experiments show that the proposed method greatly reduces the training time and achieves better detection results.