Application of OPTICS and ensemble learning for Database Intrusion Detection

Abstract In this paper, we have proposed a novel approach for detecting intrusive activities in databases by the use of clustering and information fusion through ensemble learning. We have applied OPTICS clustering on the transaction attributes for building user behavioral profiles. A transaction is initially passed through the clustering module for computing its cluster belongingness and an outlier factor that signifies its degree of outlierness. Depending on the outlier factor value, the transaction is classified as genuine or an outlier. Each outlier transaction is further analyzed by passing it onto an Ensemble Learner that applies three different aggregation methods, bagging, boosting and stacking. We have conducted experiments using stochastic models to demonstrate the effectiveness of the proposed system. The performance of the three different ensembles are evaluated and compared based on various metrics. Moreover, our system is found to exhibit better performance as compared to other approaches taken from the literature.

[1]  Vitalii I. Yesin,et al.  Ensuring Database Security with the Universal Basis of Relations , 2018, CISIM.

[2]  Steven Furnell Enemies within: the problem of insider attacks , 2004 .

[3]  Indu Singh,et al.  Conditional adherence based classification of transactions for database intrusion detection and prevention , 2016, 2016 International Conference on Advances in Computing, Communications and Informatics (ICACCI).

[4]  Hans-Peter Kriegel,et al.  OPTICS: ordering points to identify the clustering structure , 1999, SIGMOD '99.

[5]  Suvasini Panigrahi,et al.  A new approach to intrusion detection in databases by using artificial neuro fuzzy inference system , 2015, Int. J. Reason. based Intell. Syst..

[6]  Alina A. von Davier,et al.  Cross-Validation , 2014 .

[7]  Friedhelm Schwenker,et al.  Three learning phases for radial-basis-function networks , 2001, Neural Networks.

[8]  William W. Cohen Fast Effective Rule Induction , 1995, ICML.

[9]  Robert E. Schapire,et al.  The Boosting Approach to Machine Learning An Overview , 2003 .

[10]  Kagan Tumer,et al.  Classifier ensembles: Select real-world applications , 2008, Inf. Fusion.

[11]  Shamik Sural,et al.  Two-stage database intrusion detection by combining multiple evidence and belief update , 2013, Inf. Syst. Frontiers.

[12]  Hans-Peter Kriegel,et al.  OPTICS-OF: Identifying Local Outliers , 1999, PKDD.

[13]  Peter E. Hart,et al.  Nearest neighbor pattern classification , 1967, IEEE Trans. Inf. Theory.

[14]  Sung-Bae Cho,et al.  A Hybrid System of Deep Learning and Learning Classifier System for Database Intrusion Detection , 2017, HAIS.

[15]  J. Ross Quinlan,et al.  Induction of Decision Trees , 1986, Machine Learning.

[16]  Bin Liu,et al.  A Generic Construction of Quantum-Oblivious-Key-Transfer-Based Private Query with Ideal Database Security and Zero Failure , 2017, IEEE Transactions on Computers.

[17]  Taewan Kim,et al.  Application of density-based outlier detection to database activity monitoring , 2013, Inf. Syst. Frontiers.

[18]  Irina Rish,et al.  An empirical study of the naive Bayes classifier , 2001 .

[19]  Leo Breiman,et al.  Bagging Predictors , 1996, Machine Learning.

[20]  Stefan Axelsson,et al.  The base-rate fallacy and the difficulty of intrusion detection , 2000, TSEC.

[21]  Sung-Bae Cho,et al.  Anomalous query access detection in RBAC-administered databases with random forest and PCA , 2016, Inf. Sci..