The paper is devoted to the detection of intrusions and violations regarding the confidentiality of data stored in a database based on behavioral analysis. A particular difficulty in this area is taking into account not only the query syntax, but also the semantic relationships of thedata, since syntactic and contextual approaches do not allow detecting all types of attacks. Based on the analysis of well-known studies, a method is proposed for detecting anomalies in user behavior based on author’s metrics for evaluating behavior and the coverage of requested data. The proposed method develops the well-known research, but at the same time significantly surpasses it in the task of detecting certain types of behavioral abnormalities. An important part of the work is to identify the application features of this type of analysis and its limitations.