Abstract
This paper presents a novel approach for detecting intrusions in databases based on fuzzy logic, which combines evidences from user’s current as well as past behavior. A first-order Sugeno fuzzy model is used to compute an initial belief for each transaction. Whether the current transaction is genuine, suspicious or intrusive is first decided based on this belief. If a transaction is found to be suspicious, its posterior belief is computed using the previous suspicion score and the fuzzy evidences obtained from the history databases by applying fuzzy-Bayesian inferencing. Final decision is made about a transaction according to its current suspicion score. Evaluation of the proposed method clearly shows that the application of fuzzy logic significantly reduces the number of false alarms, which is one of the core problems of existing database intrusion detection systems.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Murray, A.C.: “The Threat From Within”, Network Computing (August 2005), http://www.networkcomputing.com/showArticle.jhtml?articleID=166400792
Sentz, K.: Combination of Evidence in Dempster-Shafer Theory, Sandia National Laboratories, US Department of Energy (July 11, 2008), http://www.sandia.gov/epistemic/Reports/SAND2002-0835.pdf
Zadeh, L.A.: Soft Computing and Fuzzy Logic. IEEE Software 11(6), 48–56 (1994)
Ross, T.J.: Fuzzy Logic with Engineering Applications, 2nd edn. Wiley International Edition (2007)
Hoglund, A.J., Hatonen, K., Sorvari, A.S.: A Computer Host-Based User Anomaly Detection Using the Self-Organizing Map. In: Proceedings of the IEEE-INNS-ENNS International Joint Conference on Neural Networks, IJCNN, July 2000, vol. 5, pp. 411–416 (2000)
Hu, W., Hu, W., Maybank, S.: AdaBoost-Based Algorithm for Network Intrusion Detection. IEEE Transactions on Systems, Man, and Cybernetics, Part B 38(2), 577–583 (2008)
Chung, C.Y., Gertz, M., Levitt, K.: DEMIDS: A Misuse Detection System for Database Systems. In: Proceedings of the Integrity and Internal Control in Information System, pp. 159–178 (1999)
Lee, V., Stankovic, J., Son, S.: Intrusion Detection in Realtime Databases via Time Signatures. In: Proceedings of the 6th IEEE Real-Time Technology and Applications Symposium, RTAS, pp. 124–133 (2000)
Barbara, D., Goel, R., Jajodia, S.: Mining Malicious Data Corruption with Hidden Markov Models. In: Proceedings of the 16th Annual IFIP WG 11.3 Working Conference on Data and Application Security, July 2002, pp. 175–189 (2002)
Lee, S.Y., Low, W.L., Wong, P.Y.: Learning Fingerprints for a Database Intrusion Detection System. In: Gollmann, D., Karjoth, G., Waidner, M. (eds.) ESORICS 2002. LNCS, vol. 2502, pp. 264–280. Springer, Heidelberg (2002)
Hu, Y., Panda, B.: A Data Mining Approach for Database Intrusion Detection. In: Proceedings of the ACM Symposium on Applied Computing, pp. 711–716 (2004)
Bertino, E., Terzi, E., Kamra, A., Vakali, A.: Intrusion Detection in RBAC-Administered Databases. In: Proceedings of the 21st Annual Computer Security Applications Conference, ACSAC, December 2005, pp. 170–182 (2005)
Kamra, A., Bertino, E., Lebanon, G.: Mechanisms for Database Intrusion Detection and Response. In: Proceedings of the 2nd SIGMOD PhD Workshop on Innovative Database Research, IDAR 2008, June 2008, pp. 31–36 (2008)
Srivastava, A., Sural, S., Majumdar, A.K.: Weighted Intra-transactional Rule Mining for Database Intrusion Detection. In: Ng, W.-K., Kitsuregawa, M., Li, J., Chang, K. (eds.) PAKDD 2006. LNCS (LNAI), vol. 3918, pp. 611–620. Springer, Heidelberg (2006)
Dickerson, J.E., Juslin, J., Koukousoula, O., Dickerson, J.A.: Fuzzy Intrusion Detection. In: Proceedings of the IFSA World Congress and 20th NAFIPS International Conference, pp. 1506–1510 (2001)
Seo, H.S., Cho, T.H.: Application of Fuzzy Logic for Distributed Intrusion Detection. In: Hao, Y., Liu, J., Wang, Y.-P., Cheung, Y.-m., Yin, H., Jiao, L., Ma, J., Jiao, Y.-C. (eds.) CIS 2005. LNCS (LNAI), vol. 3802, pp. 340–347. Springer, Heidelberg (2005)
Kundu, A., Sural, S., Majumdar, A.K.: Two-Stage Credit Card Fraud Detection Using Sequence Alignment. In: Bagchi, A., Atluri, V. (eds.) ICISS 2006. LNCS, vol. 4332, pp. 260–275. Springer, Heidelberg (2006)
Altschul, S.F., Gish, W., Miller, W., Myers, W., Lipman, J.: Basic Local Alignment Search Tool. Journal of Molecular Biology 215, 403–410 (1990)
Knorr, E.M., Ng, R.T., Tucakov, V.: Distance-Based Outliers: Algorithms and Applications. The International Journal on Very Large Data Bases 8(3-4), 237–253 (2000)
Jang, J.S., Sun, C.T., Mizutani, E.: Neuro-Fuzzy and Soft Computing: A Computational Approach to Learning and Machine Intelligence. Prentice-Hall India, Englewood Cliffs (1997)
Transaction Processing Performance Council, TPC BenchmarkTM W (Web Commerce), Specification, Version 1.8 (February 2002), http://www.tpc.org/tpcw/default.asp
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Panigrahi, S., Sural, S. (2009). Detection of Database Intrusion Using a Two-Stage Fuzzy System. In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds) Information Security. ISC 2009. Lecture Notes in Computer Science, vol 5735. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04474-8_9
Download citation
DOI: https://doi.org/10.1007/978-3-642-04474-8_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-04473-1
Online ISBN: 978-3-642-04474-8
eBook Packages: Computer ScienceComputer Science (R0)