论文信息 - Monitoring cumulated Anomaly in Databases

Monitoring cumulated Anomaly in Databases

A new type of database anomaly called Cumulated Anomaly (CA) is dealt with in this paper. It occurs when submitting the time of authorized transactions or the changed data is cumulated out of some thresholds. A database-level detection method for Cumulated Anomaly is proposed based on statistics and fuzzy set theories. By measuring each database transaction with a real number between zero and one, this method quantitatively monitors how dangerous a transaction is. The real number is termed dubiety degree; therefore the method is named as Dubiety-Determining Method (DDM). After formally presenting the concepts of Cumulated Anomaly and DDM, the algorithm of DDM is given in detail. Software system architecture to support DDM was designed and implemented. Three experiments were performed on it for testing DDM. The first experiment showed the general results of DDM with a set of randomly generated audit records, while the second one simulated a practical case. DDM monitored dubiety degrees for each database transaction and detected expected Cumulated Anomaly in two experiments. The effect on database performance by DDM was tested in the last experiment. Experimental results show that DDM method is feasible and effective.

Gang Lu | Junkai Yi | Kevin Lü

[1] Marina Moscarini,et al. Auditing sum-queries to make a statistical database secure , 2006, TSEC.

[2] Doo Heon Song,et al. Effective Intrusion Detection Model through the Combination of a Signature-based Intrusion Detection System and a Machine Learning-based Intrusion Detection System , 2006, J. Inf. Sci. Eng..

[3] Arputharaj Kannan,et al. A genetic-algorithm based neural network short-term forecasting framework for database intrusion prediction system , 2006, Soft Comput..

[4] Vinay M. Igure,et al. Security issues in SCADA networks , 2006, Comput. Secur..

[5] Dorothy E. Denning,et al. Secure statistical databases with random sample queries , 1980, TODS.

[6] Xiaoning Zhang,et al. Data Mining for Network Intrusion Detection: A Comparison of Alternative Methods , 2001, Decis. Sci..

[7] Dorothy E. Denning,et al. An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[8] Man Hon Wong,et al. Mining fuzzy association rules in databases , 1998, SGMD.

[9] Ying Wang,et al. The Design and Implementation of a Self-Healing Database System , 2004, Journal of Intelligent Information Systems.