A PREVENTIVE APPROACH USING THE DATA MINING OF TRANSACTION AUDIT LOG FOR DATABASE INTRUSION DETECTION
Keywords:
Data mining;, Database Security;, Log mining;, Intrusion detection;
Abstract
Information is a key component in today’s global business environment. An organization, institute, or business firm uses various database management systems for managing its crucial information. The security mechanism provides by DBMS is not enough to prevent intruders or detect anomalous behavior. Unauthorized users and sometimes authorized users to execute malicious commands intentionally or by mistake, cannot be detected and prevented by a typical security mechanism. Intrusion detection system finds intrusive action and attempts by detecting the behavior of user’s action. Security features can be enhanced by adding intrusive detection technology to the Database management system. Data mining is to identify valid, novel, potentially useful, and ultimately understandable patterns in massive data. It is required to apply data mining techniques to detect various intrusions. In this paper mechanism based on data mining is discussed to detect malicious action in DBMS.
References
[1] Marco Vieira Henrique Madeira, “Detection of Malicious Transactions in DBMS”, Dependable Computing, 2005. Proceedings. 11th Pacific Rim International Symposium on 12-14 Dec. 2005.
[2] J. Han, M. Kamber, Data Mining: Concepts and Techniques, Morgan Kaufmann Publishers (2001).
[3] U. Fayyad, G. P. Shapiro, P. Smyth, The KDD Process for Extracting Useful Knowledge from Volumes of Data, Communications of the ACM, pp. 27-34 (1996).
[4] S. Jayaprakash and K. Kandasamy, "Database Intrusion Detection System Using Octraplet and Machine Learning," 2018 Second International Conference on Inventive Communication and Computational Technologies (ICICCT), 2018, pp. 1413-1416, DOI: 10.1109/ICICCT.2018.8473029.
[4] Heady, R., Luger, G., Maccabe, A., and Servilla, M. The Architecture of a Network Level Intrusion Detection System. Technical report, Computer Science Department, University of New Mexico, August 1990.
[5] Bertino. E, Kamra. A, Terzi. E, Vakali. A Intrusion detection in RBAC administered databases, in Proceedings of the 21st Annual Computer Security Applications Conference, USA, December. 2005
[6] Indu Singh, L Akshaya, Kejriwal, Adithya Agarwal. Conditional adherence based classification of transactions for database intrusion detection and prevention, in International Conference on Advances in Computing, Communications, and Informatics (ICACCI). ,2016
[7] B. I. Mukhtar and M. A. Azer, "Evaluating the ModSecurity Web Application Firewall Against SQL Injection Attacks," 2020 15th International Conference on Computer Engineering and Systems (ICCES), 2020, pp. 1-6, DOI: 10.1109/ICCES51560.2020.9334626.
[8] Vemulakonda, Rajesh, and Ketha Venkatesh. "SQLIADP: A Novel Framework to Detect and Prevent SQL Injection Attacks." Smart Intelligent Computing and Applications. Springer, Singapore, 2020. pp. 41-50.
[9] P. Tang, W. Qiu, Z. Huang et al., Detection of SQL injection based on artificial neural network, Knowledge-Based Systems (2020).
[10] Khraisat, A., Gondal, I., Vamplew, P. et al. Survey of intrusion detection systems: techniques, datasets, and challenges. Cybersecurity, 20 (2019). https://doi.org/10.1186/s42400-019-0038-7
[11] Ashish Kamra, Elisa Bertino, and Guy Lebanon. 2008. Mechanisms for database intrusion detection and response. In Proceedings of the 2nd SIGMOD PhD workshop on Innovative database research (IDAR '08). Association for Computing Machinery, New York, NY, USA, 31–36. DOI: https://doi.org/10.1145/1410308.1410318
[12] Chung, C., Gertz, M., and Levitt, K.: DEMIDS: A misuse detection system for database systems. In the Proceedings of the Third International IFIP TC-11 WGll.5 Working Conference on Integrity and Internal Control in Information Systems, Kluwer Academic Publishers, pp. 159-178 (1999).
[13] Lee, S. Y., Low, W. L., and Wong, P. y.: Learning Fingerprints for a Database Intrusion Detection System. In the Proceedings of the 7th European Symposium on Research in Computer Security (2002)
[14] Lee, V. C. S., Stankovic, 1. A, and Son, S. H.: Intrusion Detection in Real-time Database Systems Via Time Signatures. In the Proceedings of the 6th IEEE Real-Time Technology and Applications Symposium (2000) “OpenStack Docs: Keystone, the OpenStack Identity Service.”
[15] Y. Hu, B. Panda, A Data Mining Approach for Database Intrusion Detection, Proceedings of the ACM Symposium on Applied Computing, pp. 711-716 (2004).
[16] Barbara, D., Goel, R., and Jajodia, S. Mining Malicious Data Corruption with Hidden Markov Models. In Proceedings of the 16th Annual IFIP WG 11.3 Working Conference on Data and Application Security, Cambridge, England, July 2002.
[17] Elisa Bertino, Ashish Kamra, Evimaria Terzi, Athena Vakali, “Intrusion detection in RBAC-administered databases”, 21st Annual Comp. Security App. Conference (ACSAC) 2005.
[18] Sin Yeung Lee, Wai Lup Low, Pei Yuen Wong, “Learning Fingerprints for a Database Intrusion Detection System”, 7th European Symposium on Research in Computer Security (ESORICS 2002).
[19] Lee, V. C.S., Stankovic, J. A., Son, S. H. Intrusion Detection in Real-time Database Systems Via Time Signatures.
[20] Database system concepts 4th Edition By Silberschatz-Korth-Sudarshan.
[2] J. Han, M. Kamber, Data Mining: Concepts and Techniques, Morgan Kaufmann Publishers (2001).
[3] U. Fayyad, G. P. Shapiro, P. Smyth, The KDD Process for Extracting Useful Knowledge from Volumes of Data, Communications of the ACM, pp. 27-34 (1996).
[4] S. Jayaprakash and K. Kandasamy, "Database Intrusion Detection System Using Octraplet and Machine Learning," 2018 Second International Conference on Inventive Communication and Computational Technologies (ICICCT), 2018, pp. 1413-1416, DOI: 10.1109/ICICCT.2018.8473029.
[4] Heady, R., Luger, G., Maccabe, A., and Servilla, M. The Architecture of a Network Level Intrusion Detection System. Technical report, Computer Science Department, University of New Mexico, August 1990.
[5] Bertino. E, Kamra. A, Terzi. E, Vakali. A Intrusion detection in RBAC administered databases, in Proceedings of the 21st Annual Computer Security Applications Conference, USA, December. 2005
[6] Indu Singh, L Akshaya, Kejriwal, Adithya Agarwal. Conditional adherence based classification of transactions for database intrusion detection and prevention, in International Conference on Advances in Computing, Communications, and Informatics (ICACCI). ,2016
[7] B. I. Mukhtar and M. A. Azer, "Evaluating the ModSecurity Web Application Firewall Against SQL Injection Attacks," 2020 15th International Conference on Computer Engineering and Systems (ICCES), 2020, pp. 1-6, DOI: 10.1109/ICCES51560.2020.9334626.
[8] Vemulakonda, Rajesh, and Ketha Venkatesh. "SQLIADP: A Novel Framework to Detect and Prevent SQL Injection Attacks." Smart Intelligent Computing and Applications. Springer, Singapore, 2020. pp. 41-50.
[9] P. Tang, W. Qiu, Z. Huang et al., Detection of SQL injection based on artificial neural network, Knowledge-Based Systems (2020).
[10] Khraisat, A., Gondal, I., Vamplew, P. et al. Survey of intrusion detection systems: techniques, datasets, and challenges. Cybersecurity, 20 (2019). https://doi.org/10.1186/s42400-019-0038-7
[11] Ashish Kamra, Elisa Bertino, and Guy Lebanon. 2008. Mechanisms for database intrusion detection and response. In Proceedings of the 2nd SIGMOD PhD workshop on Innovative database research (IDAR '08). Association for Computing Machinery, New York, NY, USA, 31–36. DOI: https://doi.org/10.1145/1410308.1410318
[12] Chung, C., Gertz, M., and Levitt, K.: DEMIDS: A misuse detection system for database systems. In the Proceedings of the Third International IFIP TC-11 WGll.5 Working Conference on Integrity and Internal Control in Information Systems, Kluwer Academic Publishers, pp. 159-178 (1999).
[13] Lee, S. Y., Low, W. L., and Wong, P. y.: Learning Fingerprints for a Database Intrusion Detection System. In the Proceedings of the 7th European Symposium on Research in Computer Security (2002)
[14] Lee, V. C. S., Stankovic, 1. A, and Son, S. H.: Intrusion Detection in Real-time Database Systems Via Time Signatures. In the Proceedings of the 6th IEEE Real-Time Technology and Applications Symposium (2000) “OpenStack Docs: Keystone, the OpenStack Identity Service.”
[15] Y. Hu, B. Panda, A Data Mining Approach for Database Intrusion Detection, Proceedings of the ACM Symposium on Applied Computing, pp. 711-716 (2004).
[16] Barbara, D., Goel, R., and Jajodia, S. Mining Malicious Data Corruption with Hidden Markov Models. In Proceedings of the 16th Annual IFIP WG 11.3 Working Conference on Data and Application Security, Cambridge, England, July 2002.
[17] Elisa Bertino, Ashish Kamra, Evimaria Terzi, Athena Vakali, “Intrusion detection in RBAC-administered databases”, 21st Annual Comp. Security App. Conference (ACSAC) 2005.
[18] Sin Yeung Lee, Wai Lup Low, Pei Yuen Wong, “Learning Fingerprints for a Database Intrusion Detection System”, 7th European Symposium on Research in Computer Security (ESORICS 2002).
[19] Lee, V. C.S., Stankovic, J. A., Son, S. H. Intrusion Detection in Real-time Database Systems Via Time Signatures.
[20] Database system concepts 4th Edition By Silberschatz-Korth-Sudarshan.
