Intrusion detection in role administrated database: Transaction-based approach

Abstract

Most of valuable information resources for all organizations are stored in database. It's a serious subject to protect this information against intruders. However, conventional security mechanisms haven't been designed to detect anomalous actions of database users. Intrusion detection systems (IDS) deliver an extra layer of security that cannot be guaranteed by built-in security tools. IDS provide the ideal solution to defend databases from intruders. In this paper, we suggest an anomaly detection approach that summarizes the raw transactional SQL queries into compact data structure called hexplet, which can model normal database access behavior (abstract the user's role profile) and recognize impostors specifically tailored for role-based access control (RBAC) database system. This hexplet allows us to preserve the correlation among SQL statements in the same transaction by exploiting the information in the transaction-log entry. Our target is to improve detection accuracy, specially the detection of those intruders inside the organization who behave strange behavior. Our model utilizes Naive Bayes Classifier (NBC) as a simple technique for evaluating the legitimacy of transaction. Experimental results show the performance of the proposed model in the term of error equal rate.