With the development of computer hardware and software technology, database systems provide a growingly large data storage capacity to massive numbers of users, and the security related to accessing these database systems has also improved significantly. At present, with office automation via network in enterprises such as banks and insurance companies, database systems where sensitive information is has stored become a key object for protection. Techniques have been developed to ensure the security of a database based upon analysis of the security level of Structured Query Language (SQL) statements accessing the database and based on data mining technology. These techniques may detect the security threat of each individual SQL statement.
As databases become increasingly complex, one individual SQL statement can no longer meet the query demand of a user, and usually multiple SQL statements may therefore be involved during accessing databases. As is clear from historical experience, some individual SQL statements may pose no risk (or a low risk) to sensitive information in a database but, when multiple SQL statements involved in a session are combined, they may cause serious potential security hazards.
Existing security safeguard measures cannot evaluate the potential risk of SQL statements to a database. Therefore, how to evaluate the security of a sequence comprising multiple SQL statements has become a research focus in the database field.