Skip to main content
SpringerLink
Log in

Detecting malicious transactions in database using hybrid metaheuristic clustering and frequent sequential pattern mining

  • Published:
Cluster Computing Aims and scope Submit manuscript

Abstract

Database systems have become imperative for organisations around the world to store and analyse information. However, as one of the ramifications of a massive surge in cloud-based activities and interactions brought forth by the advent of the internet era, the data is exposed to an audience broader than ever and there are a variety of new challenges putting database security in jeopardy. To be able to address the problem of data security, we propose a unique method for Database Intrusion Detection System build on frequent sequential pattern mining and a modified metaheuristic hybrid clustering of Grey Wolf and Whale optimization algorithm to determine malicious transactions in Role Based Access Control and non-RBAC supervised databases. Our proposed approach extracts data dependency rules from the database logs using CM-SPADE mining algorithm to detect outsider threats. It then assigns role profiles to the users based on the previous user activities using the modified metaheuristic clustering to detect insider threats. Thereby, identifying incoming transactions as malicious by matching the role profile of the user and comparing the adherence of the transaction pattern to the generated dependency rules. To evaluate the efficiency of the model we generated a synthetic dataset including malicious and non-malicious transactions adhering to the TPC-C benchmark, and the findings were encouraging, with levels of accuracy of around 97.8 percent.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10

Similar content being viewed by others

References

  1. Fernández-García, A.J., Iribarne, L., Corral, A., Criado, J., Wang, J.Z.: A flexible data acquisition system for storing the interactions on mashup user interfaces. Comput. Standards Interfaces 59, 10–34 (2018)

    Article  Google Scholar 

  2. Bertino, E., Sandhu, R.: Database security-concepts, approaches, and challenges. IEEE Trans. Depend. Secure Comput. 2(1), 2–19 (2005)

    Article  Google Scholar 

  3. Cappelli, D.M., Moore, A.P., Trzeciak, R.F.: The CERT guide to insider threats: how to prevent, detect, and respond to information technology crimes (Theft, Sabotage, Fraud). Addison-Wesley (2012)

  4. Heady, R., Luger, G., Maccabe, A., Servilla, M.: The architecture of a network level intrusion detection system. Tech. rep., Los Alamos National Lab., NM (United States); New Mexico Univ., Albuquerque (1990)

  5. Hu, Y., Panda, B.: A data mining approach for database intrusion detection. In: Proceedings of the 2004 ACM symposium on Applied computing, pp. 711–716 (2004)

  6. Debar, H., Dacier, M., Wespi, A.: Towards a taxonomy of intrusion-detection systems. Comput. Netw. 31(8), 805–822 (1999)

    Article  Google Scholar 

  7. Preuveneers, D., Rimmer, V., Tsingenopoulos, I., Spooren, J., Joosen, W., Ilie-Zudor, E.: Chained anomaly detection models for federated learning: An intrusion detection case study. Appl. Sci. 8(12), 2663 (2018). https://doi.org/10.3390/app8122663

    Article  Google Scholar 

  8. Lee, W., Stolfo, S.: Data mining approaches for intrusion detection (1998)

  9. Barbará, D., Couto, J., Jajodia, S., Wu, N.: Adam: a testbed for exploring the use of data mining in intrusion detection. ACM Sigmod Record 30(4), 15–24 (2001)

    Article  Google Scholar 

  10. Kanoun, W., Cuppens-Boulahia, N., Cuppens, F., Autrel, F.: Advanced reaction using risk assessment in intrusion detection systems. In: International Workshop on Critical Information Infrastructures Security, pp. 58–70. Springer (2007)

  11. Sandhu, R., Ferraiolo, D., Kuhn, R., et al.: The nist model for role-based access control: towards a unified standard. In: ACM workshop on Role-based access control, vol. 10 (2000)

  12. Mirjalili, S., Lewis, A.: The whale optimization algorithm. Adv. Eng. Softw. 95, 51–67 (2016)

    Article  Google Scholar 

  13. Hoglund, A.J., Hatonen, K., Sorvari, A.S.: A computer host-based user anomaly detection system using the self-organizing map. In: Proceedings of the IEEE-INNS-ENNS International Joint Conference on Neural Networks. IJCNN 2000. Neural Computing: New Challenges and Perspectives for the New Millennium, vol. 5, pp. 411–416. IEEE (2000)

  14. Lunt, T.F., Tamaru, A., Gillham, F.: A real-time intrusion-detection expert system (IDES). SRI International, Computer Science Laboratory (1992)

    Google Scholar 

  15. Talpade, R., Kim, G., Khurana, S.: Nomad: Traffic-based network monitoring framework for anomaly detection. In: Proceedings IEEE International Symposium on Computers and Communications (Cat. No. PR00250), pp. 442–451. IEEE (1999)

  16. Hu, Y., Panda, B.: Identification of malicious transactions in database systems. In: Seventh International Database Engineering and Applications Symposium, 2003. Proceedings., pp. 329–335. IEEE (2003)

  17. Srivastava, A., Sural, S., Majumdar, A.K.: Database intrusion detection using weighted sequence mining. J. Comput. 1(4), 8–17 (2006)

    Article  Google Scholar 

  18. Denning, D.E.: An intrusion-detection model. IEEE Trans. Softw. Eng. 2, 222–232 (1987)

    Article  Google Scholar 

  19. Corney, M., Mohay, G., Clark, A.: Detection of anomalies from user profiles generated from system logs. In: Proceedings of the Ninth Australasian Information Security Conference, pp. 23–31. Australian Computer Society (2011)

  20. Cárdenas, A.A., Amin, S., Lin, Z.S., Huang, Y.L., Huang, C.Y., Sastry, S.: Attacks against process control systems: risk assessment, detection, and response. In: Proceedings of the 6th ACM symposium on information, computer and communications security, pp. 355–366 (2011)

  21. Liao, H.J., Lin, C.H.R., Lin, Y.C., Tung, K.Y.: Intrusion detection system: a comprehensive review. J. Netw. Comput. Appl. 36(1), 16–24 (2013)

    Article  Google Scholar 

  22. Hastie, T., Tibshirani, R., Friedman, J.: Unsupervised learning. In: The elements of statistical learning, pp. 485–585. Springer (2009)

  23. Chen, M.S., Han, J., Yu, P.S.: Data mining: an overview from a database perspective. IEEE Trans. Knowledge Data Eng. 8(6), 866–883 (1996)

    Article  Google Scholar 

  24. Hashemi, S., Yang, Y., Zabihzadeh, D., Kangavari, M.: Detecting intrusion transactions in databases using data item dependencies and anomaly analysis. Expert Syst. 25(5), 460–473 (2008)

    Article  Google Scholar 

  25. Rahman, M.M., Ahmed, C.F., Leung, C.K., Pazdor, A.G.: Frequent sequence mining with weight constraints in uncertain databases. In: Proceedings of the 12th international conference on ubiquitous information management and communication, pp. 1–8 (2018)

  26. Kundu, A., Sural, S., Majumdar, A.K.: Database intrusion detection using sequence alignment. Int. J. Inform. Security 9(3), 179–191 (2010)

    Article  Google Scholar 

  27. Subudhi, S., Panigrahi, S.: Application of optics and ensemble learning for database intrusion detection. J. King Saud University-Comput. Inform. Sci. (2019)

  28. Sallam, A., Bertino, E.: Result-based detection of insider threats to relational databases. In: Proceedings of the ninth ACM conference on data and application security and privacy, pp. 133–143 (2019)

  29. Agrawal, R., Srikant, R.: Mining sequential patterns. In: Proceedings of the eleventh international conference on data engineering, pp. 3–14. IEEE (1995)

  30. Srikant, R., Agrawal, R.: Mining sequential patterns: Generalizations and performance improvements. In: International conference on extending database technology, pp. 1–17. Springer (1996)

  31. Zaki, M.J.: Spade: an efficient algorithm for mining frequent sequences. Mach. Learn. 42(1), 31–60 (2001)

    Article  MATH  Google Scholar 

  32. Pei, J., Han, J., Mortazavi-Asl, B., Wang, J., Pinto, H., Chen, Q., Dayal, U., Hsu, M.C.: Mining sequential patterns by pattern-growth: the prefixspan approach. IEEE Trans. Knowledge Data Eng. 16(11), 1424–1440 (2004)

    Article  Google Scholar 

  33. Ayres, J., Flannick, J., Gehrke, J., Yiu, T.: Sequential pattern mining using a bitmap representation. In: Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining, pp. 429–435 (2002)

  34. Gomariz, A., Campos, M., Marin, R., Goethals, B.: Clasp: An efficient algorithm for mining frequent closed sequences. In: Pacific-Asia Conference on Knowledge Discovery and Data Mining, pp. 50–61. Springer (2013)

  35. Fournier-Viger, P., Gomariz, A., Campos, M., Thomas, R.: Fast vertical mining of sequential patterns using co-occurrence information. In: Pacific-Asia Conference on Knowledge Discovery and Data Mining, pp. 40–52. Springer (2014)

  36. Lan, G.C., Hong, T.P., Lee, H.Y.: An efficient approach for finding weighted sequential patterns from sequence databases. Appl. Intell. 41(2), 439–452 (2014)

    Article  Google Scholar 

  37. Rahman, M.M., Ahmed, C.F., Leung, C.K.S.: Mining weighted frequent sequences in uncertain databases. Inform. Sci. 479, 76–100 (2019)

    Article  Google Scholar 

  38. Chung, C.Y., Gertz, M., Levitt, K.: Demids: A misuse detection system for database systems. In: Working Conference on Integrity and Internal Control in Information Systems, pp. 159–178. Springer (1999)

  39. Spalka, A., Lehnhardt, J.: A comprehensive approach to anomaly detection in relational databases. In: IFIP Annual Conference on Data and Applications Security and Privacy, pp. 207–221. Springer (2005)

  40. Alzubi, J.A., Jain, R., Kathuria, A., Khandelwal, A., Saxena, A., Singh, A.: Paraphrase identification using collaborative adversarial networks. J. Intell. Fuzzy Syst. 39(1), 1021–1032 (2020). https://doi.org/10.3233/JIFS-191933

    Article  Google Scholar 

  41. Alzubi, J.A., Jain, R., Nagrath, P., Satapathy, S., Taneja, S., Gupta, P.: Deep image captioning using an ensemble of cnn and lstm based deep neural networks. J. Intell. Fuzzy Syst. 40(4), 5761–5769 (2021). https://doi.org/10.3233/JIFS-189415

    Article  Google Scholar 

  42. Kamra, A., Terzi, E., Bertino, E.: Detecting anomalous access patterns in relational databases. VLDB J. 17(5), 1063–1077 (2008)

    Article  Google Scholar 

  43. Panigrahi, S., Sural, S., Majumdar, A.K.: Two-stage database intrusion detection by combining multiple evidence and belief update. Inform. Syst. Front. 15(1), 35–53 (2013)

    Article  Google Scholar 

  44. Hussain, S.R., Sallam, A.M., Bertino, E.: Detanom: Detecting anomalous database transactions by insiders. In: Proceedings of the 5th ACM Conference on Data and Application Security and Privacy, pp. 25–35 (2015)

  45. Sallam, A., Bertino, E., Hussain, S.R., Landers, D., Lefler, R.M., Steiner, D.: Dbsafe-an anomaly detection system to protect databases from exfiltration attempts. IEEE Syst. J. 11(2), 483–493 (2015)

    Article  Google Scholar 

  46. Sallam, A., Fadolalkarim, D., Bertino, E., Xiao, Q.: Data and syntax centric anomaly detection for relational databases. Wiley interdisciplinary reviews: data mining and knowledge discovery 6(6), 231–239 (2016)

    Google Scholar 

  47. Sallam, A., Bertino, E.: Detection of temporal insider threats to relational databases. In: 2017 IEEE 3rd International Conference on Collaboration and Internet Computing (CIC), pp. 406–415. IEEE (2017)

  48. Ronao, C.A., Cho, S.B.: Anomalous query access detection in rbac-administered databases with random forest and pca. Inform. Sci. 369, 238–250 (2016)

    Article  Google Scholar 

  49. Kim, T.Y., Cho, S.B.: Cnn-lstm neural networks for anomalous database intrusion detection in rbac-administered model. In: International Conference on Neural Information Processing, pp. 131–139. Springer (2019)

  50. Mahalingam, T., Subramoniam, M.: A hybrid gray wolf and genetic whale optimization algorithm for efficient moving object analysis. Multim Tools Appl. 78(18), 26633–26659 (2019)

    Article  Google Scholar 

  51. Rathore, R.S., Sangwan, S., Prakash, S., Adhikari, K., Kharel, R., Cao, Y.: Hybrid wgwo: whale grey wolf optimization-based novel energy-efficient clustering for eh-wsns. EURASIP J. Wireless Commun. Netw. 2020(1), 1–28 (2020)

    Article  Google Scholar 

  52. Movassagh, A.A., Alzubi, J.A., Gheisari, M., Rahimi, M., Mohan, S., Abbasi, A.A., Nabipour, N.: Artificial neural networks training algorithm integrating invasive weed optimization with differential evolutionary model. J. Ambient Intell. Human. Comput. (2021). https://doi.org/10.1007/s12652-020-02623-6

    Article  Google Scholar 

  53. Rahnema, N., Gharehchopogh, F.S.: An improved artificial bee colony algorithm based on whale optimization algorithm for data clustering. Multim. Tools Appl. 79(43), 32169–32194 (2020)

    Article  Google Scholar 

  54. Aljarah, I., Mafarja, M., Heidari, A.A., Faris, H., Mirjalili, S.: Clustering analysis using a novel locality-informed grey wolf-inspired clustering approach. Knowledge Inform. Syst. 62(2), 507–539 (2020)

    Article  Google Scholar 

  55. Ghany, K.K.A., AbdelAziz, A.M., Soliman, T.H.A., Sewisy, A.A.E.M.: A hybrid modified step whale optimization algorithm with tabu search for data clustering. Journal of King Saud University-Computer and Information Sciences (2020)

  56. Viet, K., Panda, B., Hu, Y.: Detecting collaborative insider attacks in information systems. In: 2012 IEEE International Conference on Systems, Man, and Cybernetics (SMC), pp. 502–507. IEEE (2012)

  57. Benchmark, T.C.: (2020). http://www.tpc.org/tpcc/default5.asp

  58. Doroudian, M., Shahriari, H.R.: A hybrid approach for database intrusion detection at transaction and inter-transaction levels. In: 2014 6th Conference on Information and Knowledge Technology (IKT), pp. 1–6. IEEE (2014)

  59. Bu, S.J., Cho, S.B.: A convolutional neural-based learning classifier system for detecting database intrusion via insider attack. Inform. Sci. 512, 123–136 (2020)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Delhi Technological University, Delhi, India

    Rajni Jindal & Indu Singh

Authors
  1. Rajni Jindal
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Indu Singh
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Indu Singh.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Jindal, R., Singh, I. Detecting malicious transactions in database using hybrid metaheuristic clustering and frequent sequential pattern mining. Cluster Comput 25, 3937–3959 (2022). https://doi.org/10.1007/s10586-022-03622-2

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10586-022-03622-2

Keywords

Search

Navigation