Using Fuzzy Neural Networks and rule heuristics for anomaly intrusion detection on database connection

This paper addresses the issue of intrusion detection in database security management. A fuzzy adaptive resonance theory neural network and rule heuristics are used to build a model of company security judgment. The model is based on analysis of the log file of connections from the client side to the database of server side. The log file information includes user name, network address of client, the time of connection, the database name, the program used, and the protocol. Those features are inputted to a fuzzy adaptive resonance theory neural network for security judgment. An experiment using records from a local government office database indicates that our system has good results in detecting anomalous intrusions.

[1]  Steven Furnell,et al.  Insider Threat Prediction Tool: Evaluating the probability of IT misuse , 2002, Comput. Secur..

[2]  M.I. Heywood,et al.  Host-based intrusion detection using self-organizing maps , 2002, Proceedings of the 2002 International Joint Conference on Neural Networks. IJCNN'02 (Cat. No.02CH37290).

[3]  Malcolm I. Heywood,et al.  Training genetic programming on half a million patterns: an example from anomaly detection , 2005, IEEE Transactions on Evolutionary Computation.

[4]  S. Grossberg,et al.  Pattern Recognition by Self-Organizing Neural Networks , 1991 .

[5]  Timothy Sherwood,et al.  Architectures for Bit-Split String Scanning in Intrusion Detection , 2006, IEEE Micro.

[6]  Palma Blonda,et al.  A survey of fuzzy clustering algorithms for pattern recognition. I , 1999, IEEE Trans. Syst. Man Cybern. Part B.

[7]  Fabio A. González,et al.  CIDS: An agent-based intrusion detection system , 2005, Comput. Secur..

[8]  Stephen Grossberg,et al.  The ART of adaptive pattern recognition by a self-organizing neural network , 1988, Computer.

[9]  L. F. Wilson,et al.  Analysis of distributed intrusion detection systems using Bayesian methods , 2002, Conference Proceedings of the IEEE International Performance, Computing, and Communications Conference (Cat. No.02CH37326).

[10]  Won Suk Lee,et al.  An anomaly intrusion detection method by clustering normal user behavior , 2003, Comput. Secur..

[11]  E. Eugene Schultz A framework for understanding and predicting insider attacks , 2002, Comput. Secur..