论文信息 - Use of OPTICS and Supervised Learning Methods for Database Intrusion Detection

Use of OPTICS and Supervised Learning Methods for Database Intrusion Detection

Database security has become a prime concern in today's internet world due to the escalation of various web applications and information systems. Ensuring the security of the back-end databases is highly essential for maintaining the confidentiality and integrity of the stored sensitive information. In this paper, a Density-based clustering technique, namely, OPTICS, has been applied for constructing the normal profile of users. Each incoming transaction either lies within a cluster or is found to deviate from the clusters based on its Local Outlier Factor value. The transactions observed as outliers are further verified by employing various supervised machine learning techniques individually – Naïve Bayes, Decision Tree, Rule Induction, k-Nearest Neighbor and Radial Basis Function Network. The effectiveness of our system is demonstrated by carrying out extensive experimentations and comparative analysis using stochastic models.

[1] Stefan Axelsson,et al. The base-rate fallacy and the difficulty of intrusion detection , 2000, TSEC.

[2] Taewan Kim,et al. Application of density-based outlier detection to database activity monitoring , 2013, Inf. Syst. Frontiers.

[3] Hung Q. Ngo,et al. A Data-Centric Approach to Insider Attack Detection in Database Systems , 2010, RAID.

[4] Brajendra Panda,et al. Predicting and Preventing Insider Threat in Relational Database Systems , 2010, WISTP.

[5] Shamik Sural,et al. Two-stage database intrusion detection by combining multiple evidence and belief update , 2013, Inf. Syst. Frontiers.

[6] Hans-Peter Kriegel,et al. A Density-Based Algorithm for Discovering Clusters in Large Spatial Databases with Noise , 1996, KDD.

[7] Hans-Peter Kriegel,et al. OPTICS: ordering points to identify the clustering structure , 1999, SIGMOD '99.