Adaptive Database Intrusion Detection Using Evolutionary Reinforcement Learning

This paper proposes an adaptive database intrusion detection model that can be resistant to potential insider misuse with a limited number of data. The intrusion detection model can be adapted online using evolutionary reinforcement learning (ERL) which combines reinforcement learning and evolutionary learning. The model consists of two feedforward neural networks, a behavior network and an evaluation network. The behavior network detects the intrusion, and the evaluation network provides feedback to the detection of the behavior network. To find the optimal model, we encode the weights of the networks as an individual and produce populations of better individuals over generations. TPC-E scenario-based virtual query data were used for verification of the proposed model. Experimental results show that the detection performance improves as the proposed model learns the intrusion adaptively.

[1]  Lothar Thiele,et al.  A Comparison of Selection Schemes Used in Evolutionary Algorithms , 1996, Evolutionary Computation.

[2]  Elisa Bertino,et al.  Mechanisms for database intrusion detection and response , 2008, IDAR '08.

[3]  Jaideep Srivastava,et al.  A Comparative Study of Anomaly Detection Schemes in Network Intrusion Detection , 2003, SDM.

[4]  Elisa Bertino,et al.  Profiling Database Application to Detect SQL Injection Attacks , 2007, 2007 IEEE International Performance, Computing, and Communications Conference.

[5]  Giovanni Vigna,et al.  A Learning-Based Approach to the Detection of SQL Attacks , 2005, DIMVA.

[6]  Lawrence Davis,et al.  Training Feedforward Neural Networks Using Genetic Algorithms , 1989, IJCAI.

[7]  Gilbert Syswerda,et al.  Uniform Crossover in Genetic Algorithms , 1989, ICGA.

[8]  Yi Hu,et al.  Insider Threat in Database Systems: Preventing Malicious Users' Activities in Databases , 2009, 2009 Sixth International Conference on Information Technology: New Generations.

[9]  David H. Ackley,et al.  Interactions between learning and evolution , 1991 .

[10]  Sung-Bae Cho,et al.  Anomalous query access detection in RBAC-administered databases with random forest and PCA , 2016, Inf. Sci..

[11]  Eugene H. Spafford,et al.  A PATTERN MATCHING MODEL FOR MISUSE INTRUSION DETECTION , 1994 .

[12]  Hung Q. Ngo,et al.  A Data-Centric Approach to Insider Attack Detection in Database Systems , 2010, RAID.

[13]  Elisa Bertino,et al.  Intrusion detection in RBAC-administered databases , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[14]  Hiroaki Kitano,et al.  Designing Neural Networks Using Genetic Algorithms with Graph Generation System , 1990, Complex Syst..