Method of Cumulative Anomaly Identification for Security Database Based on Discrete Markov chain

There exists an enormous volume of data in the database system, which is accountable for the storage of data and organization of data. The intruders can breach the security system of database and steal the important information. Therefore, it is of great significance to carry out the cumulative anomaly identification of the security database. In view of the shortcomings of traditional anomaly detection methods in detection performance and poor effect of anomaly recognition, this paper proposes a cumulative anomaly recognition method based on discrete Markov chain for security database. First, the sniffer is used to read the user access behaviour data, and then, it is processed, that is, standardized processing. Then, the segmentation method is used to extract the user behaviour features, and the normal feature data and abnormal feature data are obtained. Finally, the state sequence generated by the discrete Markov chain is used to calculate the state probability, which is used to evaluate the abnormal process behaviour. The proposed method in this paper is based on the Markov chain and can be used for better anomaly recognition. The results are obtained in terms of sensitivity score, precision score, and F1-score. The results are also compared with the results obtained by using some of the state-of-the-art traditional techniques. The comparison clearly indicated that the proposed method is more effective as compared to the tradition methods. The proposed method has the highest F1-score of 0.8586, and then the traditional methods have F1-scores of 0.7233, 0.8236, and 0.7562 for methods 1, 2, and 3, respectively.