Skip to main content
SpringerLink
Log in

A Novel Clustering Algorithm for Database Anomaly Detection

  • Conference paper
Security and Privacy in Communication Networks (SecureComm 2015)

Abstract

As a main method in database intrusion detection, database anomaly detection should be able to detect users’ operational behaviours for timely prevention of possible attacks and for guarantee of database security. Aiming at this, we apply cluster analysis techniques to anomaly detection and propose a novel density-based clustering algorithm called DBCAPSIC, which is adopted to clustering database users according to their behavior types and behavior frequencies. Privilege patterns are extracted from the clusters and serve as a reference in anomaly detection. The simulation experiment proves that the algorithm can recognize the anomalous operations with few mistakes.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Anderson, J.P.: Computer security threat monitoring and surveillance. Technical report, James P. Anderson Company, Fort Washington, Pennsylvania (1980)

    Google Scholar 

  2. Lee, W., Stolfo, S.J.: Data mining approaches for intrusion detection. In: Usenix Security (1998)

    Google Scholar 

  3. Denning, D.E.: An intrusion-detection model. IEEE Transactions on Software Engineering 2, 222–232 (1987)

    Article  Google Scholar 

  4. Sherif, J.S., Dearmond, T.G.: Intrusion detection: systems and models. In: 2012 IEEE 21st International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises, pp. 115–115. IEEE Computer Society (2002)

    Google Scholar 

  5. Eskin, E., Miller, M., Zhong, Z.D., et al.: Adaptive model generation for intrusion detection systems (2000)

    Google Scholar 

  6. Ashoor, A.S., Gore, S.: Intrusion detection system (IDS): case study. In: Proceedings of 2011 International Conference on Advanced Materials Engineering (ICAME 2011) (2011)

    Google Scholar 

  7. Kokane, S., Jadhav, A., Mandhare, N., et al.: Intrusion Detection in RBAC Model

    Google Scholar 

  8. Zhang, J., Chen, X.: Research on Intrusion Detection of Database based on Rough Set. Physics Procedia 25, 1637–1641 (2012)

    Article  Google Scholar 

  9. Zhang, Y., Ye, X., Xie, F., et al.: A practical database intrusion detection system framework. In: Ninth IEEE International Conference on Computer and Information Technology, CIT 2009, vol. 1, pp. 342–347. IEEE (2009)

    Google Scholar 

  10. Pang-Ning, T., Steinbach, M., Kumar, V.: Introduction to data mining. Library of Congress (2006)

    Google Scholar 

  11. Campos, M.M., Milenova, B.L.: Creation and deployment of data mining-based intrusion detection systems in oracle database l0g. In: Proceedings of the Fourth International Conference on Machine Learning and Applications, 2005, p. 8. IEEE (2005)

    Google Scholar 

  12. Bloedorn, E., Christiansen, A.D., Hill, W., et al.: Data mining for network intrusion detection: How to get started. MITRE Technical Report (2001)

    Google Scholar 

  13. Feng, W., Zhang, Q., Hu, G., et al.: Mining network data for intrusion detection through combining SVMs with ant colony networks. Future Generation Computer Systems 37, 127–140 (2014)

    Article  Google Scholar 

  14. Kim, M.Y., Lee, D.H.: Data-mining based SQL injection attack detection using internal query trees. Expert Systems with Applications 41(11), 5416–5430 (2014)

    Article  Google Scholar 

  15. Pietraszek, T., Tanner, A.: Data mining and machine learning—towards reducing false positives in intrusion detection. Information Security Technical Report 10(3), 169–183 (2005)

    Article  Google Scholar 

  16. Khan, S.S., Ahmad, A.: Cluster center initialization algorithm for K-means clustering. Pattern Recognition Letters 25(11), 1293–1302 (2004)

    Article  Google Scholar 

  17. Mitra, P., Murthy, C.A., Pal, S.K.: Density-based multiscale data condensation. IEEE Transactions on Pattern Analysis and Machine Intelligence 24(6), 734–747 (2002)

    Article  Google Scholar 

  18. Macqueen, J., et al.: Some methods for classification and analysis of multivariate observations. In: Proceedings of the Fifth Berkeley Symposium on Mathematical Statistics and Probability, pp. 281–297 1967: Smith, T.F., Waterman, M.S.: Identification of Common Molecular Subsequences. J. Mol. Biol. 147, 195–197 (1981)

    Google Scholar 

  19. Brossette, S.E., Ahymel, P.: Data mining and infection control. Clinics in Laboratory Medicine 28(1) (2008)

    Google Scholar 

  20. Giudici, P.: Applied Data Mining: Statistical Methods for Business and Industry. Journal of the American Statistical Association 38(475), 1317–1318 (2006)

    Google Scholar 

  21. Luan, J.: Data Mining and Knowledge Management in Higher Education -Potential Applications. Cluster Analysis (2002)

    Google Scholar 

  22. Zou, B., Ma, X., Kemme, B., Newton, G., Precup, D.: Data mining using relational database management systems. In: Ng, W.-K., Kitsuregawa, M., Li, J., Chang, K. (eds.) PAKDD 2006. LNCS (LNAI), vol. 3918, pp. 657–667. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Software, Beihang University, Beijing, 100191, China

    Jinkun Geng & Daren Ye

  2. Key Laboratory for Information System Security, Ministry of Education, Tsinghua National Laboratory for Information Science and Technology(TNlist), School of Software, Tsinghua University, Beijing, 100084, China

    Ping Luo

  3. State Information Center, Beijing, 100045, China

    Pin Lv

Authors
  1. Jinkun Geng
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Daren Ye
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ping Luo
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Pin Lv
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jinkun Geng .

Editor information

Editors and Affiliations

  1. The University of Texas at Dallas, Richardson, Texas, USA

    Bhavani Thuraisingham

  2. Indiana University at Bloomington, Bloomington, Indiana, USA

    XiaoFeng Wang

  3. SRI International, Menlo Park, California, USA

    Vinod Yegneswaran

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Geng, J., Ye, D., Luo, P., Lv, P. (2015). A Novel Clustering Algorithm for Database Anomaly Detection. In: Thuraisingham, B., Wang, X., Yegneswaran, V. (eds) Security and Privacy in Communication Networks. SecureComm 2015. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 164. Springer, Cham. https://doi.org/10.1007/978-3-319-28865-9_45

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-28865-9_45

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-28864-2

  • Online ISBN: 978-3-319-28865-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation