Skip to main content
SpringerLink
Log in

Research on Database Anomaly Access Detection Based on User Profile Construction

  • Conference paper
  • First Online:
Frontiers in Cyber Security (FCS 2020)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1286))

Included in the following conference series:

  • 1129 Accesses

Abstract

As a platform for data storage and administration, database contains private and large information, which makes it a target of malicious personnel attacks. To prevent attacks from outsiders, database administrators can limit unauthorized user access through role-based access control system, while masquerade attacks from insiders are often less noticeable. Therefore, the research on database anomaly detection based on user behavior has important practical application value. In this paper, we proposed the anomaly detection system for securing database. We took advantage of a user profile construction method to describe database user query statements without user grouping. Then k-means and random tree were applied to the user profile. With the specified user profile constructed according to the characteristics of the query submitted by the user, the k-means is used to group the users. Then random tree algorithm is used to train anomaly detector. The experimental results show that this method proposed is fast and effective for detecting anomaly of database user behaviors.

This work is supported by the science and technology project of State Grid Corporation of China “Research on Key Technologies of dynamic identity security authentication and risk control in power business “ (Grand No. 5700-201972227A-0-0-00).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. IBM: Ponemon Institute: 2018 Cost of a data breach study: a global overview. https://www.ibm.com/security/data-breach. Accessed 15 Aug 2019

  2. Verizon RISK Team: Data breach investigations report. https://enterprise.verizon.com/resources/reports/DBIR_2018_Report_execsummary.pdf. Accessed 25 Dec 2019

  3. Na, W.: Anomaly detection and assessment of user behavior for database access. M.S. thesis, Southeast Univ., Jiangsu, China (2017)

    Google Scholar 

  4. Dapeng, C.: Intrusion detection system of database based on user behavior of analysis and identification. M.S. thesis, Univ. of Electronic Science and Technology, Sichuan, China (2015)

    Google Scholar 

  5. Xiqiang, D.: Research on database intrusion detection based on data mining. M.S. thesis, Jiangsu Univ., Jiangsu, China (2009)

    Google Scholar 

  6. Li, N., Tripunitara, M.V.: Security analysis in role-based access control. In: Proceedings of ACM SACMAT, New York, YK, USA, pp. 126–135 (2004)

    Google Scholar 

  7. Ni, Q., et al.: Privacy-aware role-based access control. In: Proceedings of ACM SACMAT, New York, YK, USA, pp. 41–50 (2007)

    Google Scholar 

  8. Haddad, M., et al.: Access control for data integration in presence of data dependencies. In: Proceedings of DASFAA, Switzerland, pp. 203–217 (2014)

    Google Scholar 

  9. Abiteboul, S., Bourhis, P., Vianu, V.: A formal study of collaborative access control in distributed datalog. In: Proceedings of 11th International Conference on Digital Telecommunications, pp. 1–17. Xpert Publishing Services, Lisbon, Portugal (2016)

    Google Scholar 

  10. Bossi, L., Bertino, E., Hussain, S.R.: A system for profiling and monitoring database access patterns by application programs for anomaly detection. IEEE Trans. Softw. Eng. 43(5), 415–431 (2017)

    Article  Google Scholar 

  11. Lee, W., Stolfo, S.J.: Data mining approaches for intrusion detection. In: 7th Conference on USENIX Security Symposium, San Antonio, Texas, USA, pp. 26–29. USENIX Association, Berkeley (1998)

    Google Scholar 

  12. Geng, J., et al.: A novel clustering algorithm for database anomaly detection. In: Proceedings on Security and Privacy in Communication Networks, Dallas, USA, pp. 682–696 (2015)

    Google Scholar 

  13. Karami, A.: An anomaly-based intrusion detection system in presence of benign outliers with visualization capabilities. Exp. Syst. Appl. 108, 36–60 (2018)

    Article  Google Scholar 

  14. Roh, J., Lee, S., Kim, S.: Anomaly detection of access patterns in database. In: Proceedings on Information and Communication Technology Convergence (ICTC), Jeju, South Korea, pp. 1112–1115 (2015)

    Google Scholar 

  15. Bossi, L., Bertino, E., Hussain, S.R.: A system for profiling and monitoring database access patterns by application programs for anomaly detection. IEEE Trans. Softw. Eng. 43, 415–431 (2016)

    Article  Google Scholar 

  16. Chen, Y., Nyemba, S., Malin, B.: Detecting anomalous insiders in collaborative information systems. IEEE Trans. Depend. Secure Comput. 9(3), 332–344 (2012)

    Article  Google Scholar 

  17. Wurzenberger, M., et al.: Incremental clustering for semi-supervised anomaly detection applied on log data. In: Proceedings of the 12th International Conference on Availability, Reliability and Security, pp. 1–6. ACM, Reggio Calabria Italy (2017)

    Google Scholar 

  18. Sun, X., Yang, G., Zhang, J.: A Real-time detection scheme of user behavior anomaly for management information system. In: Proceedings of IEEE 4th Information Technology, Networking, Electronic and Automation Control Conference (ITNEC), Chongqing, China, pp. 1054–1058. (2020)

    Google Scholar 

  19. Karami, A., Terzi, E., Bertino, E.: Detecting anomalous access patterns in relational databases. J. Very Large Data Base 17(5), 1063–1077 (2008)

    Article  Google Scholar 

  20. Sallam, A., Fadolalkarim, D., Bertino, E., et al.: Data and syntax centric anomaly detection for relational databases. J. Data Mining Knowl. Disc. 6(6), 231–239 (2016)

    Article  Google Scholar 

  21. Java Code Examples for weka.classifiers.trees.RandomTree. https://www.programcreek.com/java-api-examples/index.php?api=weka.classifiers.trees.RandomTree. Accessed 01 mar 2019

  22. Ronao, C.A., Cho, SB.: Mining SQL queries to detect anomalous database access using random forest and PCA. In: Proceedings of the 28th International Conference on Current Approaches in Applied Artificial Intelligence, Seoul, South Korea, pp. 151–160 (2015)

    Google Scholar 

  23. Islam, S.M., Kuzu, M., Kantarcioglu, M.: A dynamic approach to detect anomalous queries on relational databases. In: Proceedings of the 5th ACM Conference on Data and Application Security and Privacy, San Antonio, Texas, USA, pp. 245–252 (2015)

    Google Scholar 

  24. TPC Benchmark C Standard Specification Revision 5.11. http://www.tpc.org/tpc_documents_current_versions/pdf/tpc-c_v5.11.0.pdf. 15 Sep 2018

Download references

Author information

Authors and Affiliations

  1. Information Engineering College, Capital Normal University, Beijing, 100048, China

    Xuren Wang & Anran Feng

  2. State Grid Zhejiang Electric Power Co., Ltd., Information and Communication Branch, Hangzhou, 310013, Zhejiang, China

    Zhou Fang

  3. State Grid Electronic Commerce Co., LTD. (State Grid Xiong’an Financial Technology Group Co., LTD.), Beijing, 100053, China

    Dong Wang

  4. Key Laboratory of Network Assessment Technology, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, 100093, China

    Xuren Wang & Qiuyun Wang

Authors
  1. Xuren Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zhou Fang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Dong Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Anran Feng
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Qiuyun Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Xuren Wang .

Editor information

Editors and Affiliations

  1. Tianjin University, Tianjin, China

    Guangquan Xu

  2. Delft University of Technology, Delft, The Netherlands

    Kaitai Liang

  3. University of Aizu, Aizuwakamatsu, Japan

    Chunhua Su

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Wang, X., Fang, Z., Wang, D., Feng, A., Wang, Q. (2020). Research on Database Anomaly Access Detection Based on User Profile Construction. In: Xu, G., Liang, K., Su, C. (eds) Frontiers in Cyber Security. FCS 2020. Communications in Computer and Information Science, vol 1286. Springer, Singapore. https://doi.org/10.1007/978-981-15-9739-8_30

Download citation

  • DOI: https://doi.org/10.1007/978-981-15-9739-8_30

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-15-9738-1

  • Online ISBN: 978-981-15-9739-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation