Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top
Information Systems Frontiers
Published in: Information Systems Frontiers 1/2013

01-03-2013

Two-stage database intrusion detection by combining multiple evidence and belief update

Authors: Suvasini Panigrahi, Shamik Sural, Arun K. Majumdar

Published in: Information Systems Frontiers | Issue 1/2013

Log in

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

Insider threats have gained prominence and pose the most challenging threats to a database system. In this paper, we have proposed a new approach for detecting intrusive attacks in databases by fusion of information sources and use of belief update. In database intrusion detection, only intra-transactional features are not sufficient for detecting attackers within the organization as they are potentially familiar with the day-to-day work. Thus, the proposed system uses inter-transactional as well as intra-transactional features for intrusion detection. Moreover, we have also considered three different sensitivity levels of table attributes for keeping track of the malicious modification of the highly sensitive attributes more carefully. We have analyzed the performance of the proposed database intrusion detection system using stochastic models. Our system performs significantly better compared to two intrusion detection systems recently proposed in the literature.
previous article Knowing who to watch: Identifying attackers whose actions are hidden within false alarms and background noise
next article Application of density-based outlier detection to database activity monitoring

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

inform now
Literature
Altschul, S. F., Gish, W., Miller, W., Myers, W., & Lipman, J. (1990). Basic local alignment search tool. Journal of Molecular Biology, 215, 403–410.
Axelsson, S. (2000). The base-rate fallacy and the difficulty of intrusion detection. ACM Transactions on Information and System Security (TISSEC), 3, 186–205.CrossRef
Barbara, D., Goel, R., & Jajodia, S. (2002). Mining malicious data corruption with hidden markov models. In Proc. 16th annual IFIP WG 11.3 working conf. on data and application security (pp. 175–189).
Campos, F., & Cavalcante, S. (2003). An extended approach for Dempster–Shafer theory. In Proc. IEEE int. conf. on information reuse and integration (pp. 338–344).
Chen, T. M., & Venkataramanan, V. (2005). Dempster–Shafer theory for intrusion detection in ad hoc networks. In Proc. IEEE internet computing (pp. 35–41).
Chung, C. Y., Gertz, M., & Levitt, K. (1999). DEMIDS: A misuse detection system for database systems. In Proc. integrity and internal control in information system (pp. 159–178).
Damiani, E., Vimercati, S. D. C., Jajodia, S., Paraboschi, S., & Samarati, P. (2003). Balancing confidentiality and efficiency in untrusted relational DBMSs. In Proc. 10th ACM conf. on computer and communications security (pp. 93–102).
Fawcett, T. (2006). An introduction to ROC analysis. Pattern Recognition Letters, 27, 861–874.CrossRef
Fayyad, U., Shapiro, G. P., & Smyth, P. (1996). The KDD process for extracting useful knowledge from volumes of data. Communications of the ACM, 39, 27–34.CrossRef
Furnell, S. (2004). Enemies within: The problem of insider attacks. Journal of Computer Fraud & Security, 2004(7), 6–11.CrossRef
Giacinto, G., Perdisci, R., Rio, M. D., & Roli, F. (2008). Intrusion detection in computer networks by a modular ensemble of one-class classifiers. Information Fusion, 9, 69–82.CrossRef
Goan, T. (1999). A cop on the beat: Collecting and appraising intrusion evidence. Communications of the ACM, 42, 46–52.CrossRef
Hoglund, A. J., Hatonen, K., & Sorvari, A. S. (2000). A computer host-based user anomaly detection system using the self-organizing map. In Proc. IEEE-INNS-ENNS int. joint conf. on neural networks (IJCNN) (Vol. 5, pp. 411–416).
Hu, W., Hu, W., & Maybank, S. (2008). AdaBoost-based algorithm for network intrusion detection. IEEE Transactions on Systems, Man, and Cybernetics, Part B, 38, 577–583.CrossRef
Hu, Y., & Panda, B. (2005). Design and analysis of techniques for detection of malicious activities in database systems. Journal of Network and Systems Management, 13, 269–291.CrossRef
Julisch, K., & Dacier, M. (2002). Mining intrusion detection alarms for actionable knowledge. In Proc. ACM SIGKDD conf. on knowledge discovery and data mining (pp. 366–375).
Kamra, A., Terzi, E., & Bertino, E. (2007). Detecting anomalous access patterns in relational databases. The VLDB Journal, 17, 1063–1077.CrossRef
Knorr, E. M., Ng, R. T., & Tucakov, V. (2000). Distance-based outliers: Algorithms and applications. The VLDB Journal, 8, 237–253.CrossRef
Lee, S. Y., Low, W. L., & Wong, P. Y. (2002). Learning fingerprints for a database intrusion detection system. In Proc. 7th European symposium on research in computer security, 2502/2002 (pp. 264–280).
Lee, V., Stankovic, J., & Son, S. (2000). Intrusion detection in realtime databases via time signatures. In Proc. 6th IEEE real-time technology and applications symposium (RTAS) (pp. 124–133).
Lunt, T. (1996). Inside risks: Securing the information infrastructure. Communications of the ACM, 39, 130.CrossRef
Panigrahi, S., Kundu, A., Sural, S., & Majumdar, A. K. (2007). Use of Dempster–Shafer theory and Bayesian inferencing for fraud detection in mobile communication networks. In Proc. Australasian conf. on information security and privacy (ACISP). Lecture notes in computer science (Vol. 4586/2007, pp. 446–460).
Panigrahi, S., Sural, S., & Majumdar, A. K. (2009). Detection of intrusive activity in databases by combining multiple evidences and belief update. In IEEE symposium on computational intelligence in cyber security (CICS 2009) (pp. 83–90). Nashville, Tennessee, USA.
Shafer, G. (1976). A mathematical theory of evidence. Princeton: Princeton University Press.
Srivastava, A., Sural, S., & Majumdar, A. K. (2006). Weighted intratransactional rule mining for database intrusion detection. In Proc. Pacific-Asia knowledge discovery and data mining (PAKDD). Lecture notes in artificial intelligence, 3918/2006 (pp. 611–620). Springer.
Triantafyllopoulos, K., & Pikoulas, J. (2002). Multivariate bayesian regression applied to the problem of network security. Journal of Forecasting, 21, 579–594.CrossRef
Wang, Y., Yang, H., Wang, X., & Zhang, R. (2004). Distributed intrusion detection system based on data fusion method. In Proc. 5th world congress on intelligent control and automation (pp. 4331–4334).
Wenhui, S., & Tan, T. (2001). A novel intrusion detection system model for securing web-based database systems. In Proc. 25th annual int. computer software and applications conf. (COMPSAC) (pp. 249–254).
Yi, Z., Khing, H. Y., Seng, C. C., & Wei, Z. X. (2000). Multi-ultrasonic sensor fusion for mobile robots. In Proc. IEEE intelligent vehicles symposium (pp. 387–391).
Zhong, Y., & Qin, X. (2004). Database intrusion detection based on user query frequent itemsets mining with item constraints. In Proc. 3rd int. conf. on information security (pp. 224–225).
Metadata
Title
Two-stage database intrusion detection by combining multiple evidence and belief update
Authors
Suvasini Panigrahi
Shamik Sural
Arun K. Majumdar
Publication date
01-03-2013
Publisher
Springer US
Published in
Information Systems Frontiers / Issue 1/2013
Print ISSN: 1387-3326
Electronic ISSN: 1572-9419
DOI
https://doi.org/10.1007/s10796-010-9252-2

Other articles of this Issue 1/2013

Information Systems Frontiers 1/2013 Go to the issue

EditorialNotes

Guest editorial: A brief overview of data leakage and insider threats

OriginalPaper

Examining continuous usage of location-based services from the perspective of perceived justice

OriginalPaper

“Padding” bitmaps to support similarity and mining

OriginalPaper

Application of density-based outlier detection to database activity monitoring

OriginalPaper

A collaborative platform for buyer coalition: Introducing the Awareness-based Buyer Coalition (ABC) system

OriginalPaper

Knowing who to watch: Identifying attackers whose actions are hidden within false alarms and background noise

Premium Partner

    Image Credits