Genetic Algorithm-Based Deep Learning Ensemble for Detecting Database Intrusion via Insider Attack

A database Intrusion Detection System (IDS) based on Role-based Access Control (RBAC) mechanism that has capability of learning and adaptation learns SQL transaction patterns represented by roles to detect insider attacks. In this paper, we parameterize the rules for partitioning the entire query set into multiple areas with simple chromosomes and propose an ensemble of multiple deep learning models that can effectively model the tree structural characteristics of SQL transactions. Experimental results on a large synthetic query dataset verify that it quantitatively outperforms other ensemble methods and machine learning methods including deep learning models, in terms of 10-fold cross validation and chi-square validation.

[1]  Bruce W. Weide,et al.  Using parse tree validation to prevent SQL injection attacks , 2005, SEM '05.

[2]  Hung Q. Ngo,et al.  A Data-Centric Approach to Insider Attack Detection in Database Systems , 2010, RAID.

[3]  Michael Meier,et al.  Learning SQL for Database Intrusion Detection using Context-Sensitive Modelling , 2009, LWA.

[4]  Marco Colombetti,et al.  What Is a Learning Classifier System? , 1999, Learning Classifier Systems.

[5]  Sung-Bae Cho,et al.  The Impact of Payoff Function and Local Interaction on the N-Player Iterated Prisoner's Dilemma , 2000, Knowledge and Information Systems.

[6]  Xin Yao,et al.  A Survey on Evolutionary Computation Approaches to Feature Selection , 2016, IEEE Transactions on Evolutionary Computation.

[7]  Michael Meier,et al.  Learning SQL for Database Intrusion Detection Using Context-Sensitive Modelling (Extended Abstract) , 2009, DIMVA.

[8]  Sung-Bae Cho,et al.  Evolutionary Learning of Modular Neural Networks with Genetic Programming , 1998, Applied Intelligence.

[9]  Tarek M. Taha,et al.  Intrusion Detection Using Deep Belief Network and Extreme Learning Machine , 2015, Int. J. Monit. Surveillance Technol. Res..

[10]  Sung-Bae Cho,et al.  A Hybrid System of Deep Learning and Learning Classifier System for Database Intrusion Detection , 2017, HAIS.

[11]  Tara N. Sainath,et al.  Convolutional neural networks for small-footprint keyword spotting , 2015, INTERSPEECH.

[12]  Geoffrey E. Hinton,et al.  Visualizing Data using t-SNE , 2008 .

[13]  Jason H. Moore,et al.  Learning classifier systems: a complete introduction, review, and roadmap , 2009 .

[14]  Sung-Bae Cho,et al.  Anomalous query access detection in RBAC-administered databases with random forest and PCA , 2016, Inf. Sci..

[15]  Javier Bajo,et al.  idMAS-SQL: Intrusion Detection Based on MAS to Detect and Block SQL injection through data mining , 2013, Inf. Sci..

[16]  Jasper Snoek,et al.  Spectral Representations for Convolutional Neural Networks , 2015, NIPS.

[17]  Giovanni Vigna,et al.  A Learning-Based Approach to the Detection of SQL Attacks , 2005, DIMVA.

[18]  Meg Murray,et al.  Database Security: What Students Need to Know , 2010, J. Inf. Technol. Educ. Innov. Pract..

[19]  Dong Hoon Lee,et al.  Data-mining based SQL injection attack detection using internal query trees , 2014, Expert Syst. Appl..

[20]  Arputharaj Kannan,et al.  A genetic-algorithm based neural network short-term forecasting framework for database intrusion prediction system , 2006, Soft Comput..