Abstract
Database systems have become imperative for organisations around the world to store and analyse information. However, as one of the ramifications of a massive surge in cloud-based activities and interactions brought forth by the advent of the internet era, the data is exposed to an audience broader than ever and there are a variety of new challenges putting database security in jeopardy. To be able to address the problem of data security, we propose a unique method for Database Intrusion Detection System build on frequent sequential pattern mining and a modified metaheuristic hybrid clustering of Grey Wolf and Whale optimization algorithm to determine malicious transactions in Role Based Access Control and non-RBAC supervised databases. Our proposed approach extracts data dependency rules from the database logs using CM-SPADE mining algorithm to detect outsider threats. It then assigns role profiles to the users based on the previous user activities using the modified metaheuristic clustering to detect insider threats. Thereby, identifying incoming transactions as malicious by matching the role profile of the user and comparing the adherence of the transaction pattern to the generated dependency rules. To evaluate the efficiency of the model we generated a synthetic dataset including malicious and non-malicious transactions adhering to the TPC-C benchmark, and the findings were encouraging, with levels of accuracy of around 97.8 percent.
Similar content being viewed by others
References
Fernández-García, A.J., Iribarne, L., Corral, A., Criado, J., Wang, J.Z.: A flexible data acquisition system for storing the interactions on mashup user interfaces. Comput. Standards Interfaces 59, 10–34 (2018)
Bertino, E., Sandhu, R.: Database security-concepts, approaches, and challenges. IEEE Trans. Depend. Secure Comput. 2(1), 2–19 (2005)
Cappelli, D.M., Moore, A.P., Trzeciak, R.F.: The CERT guide to insider threats: how to prevent, detect, and respond to information technology crimes (Theft, Sabotage, Fraud). Addison-Wesley (2012)
Heady, R., Luger, G., Maccabe, A., Servilla, M.: The architecture of a network level intrusion detection system. Tech. rep., Los Alamos National Lab., NM (United States); New Mexico Univ., Albuquerque (1990)
Hu, Y., Panda, B.: A data mining approach for database intrusion detection. In: Proceedings of the 2004 ACM symposium on Applied computing, pp. 711–716 (2004)
Debar, H., Dacier, M., Wespi, A.: Towards a taxonomy of intrusion-detection systems. Comput. Netw. 31(8), 805–822 (1999)
Preuveneers, D., Rimmer, V., Tsingenopoulos, I., Spooren, J., Joosen, W., Ilie-Zudor, E.: Chained anomaly detection models for federated learning: An intrusion detection case study. Appl. Sci. 8(12), 2663 (2018). https://doi.org/10.3390/app8122663
Lee, W., Stolfo, S.: Data mining approaches for intrusion detection (1998)
Barbará, D., Couto, J., Jajodia, S., Wu, N.: Adam: a testbed for exploring the use of data mining in intrusion detection. ACM Sigmod Record 30(4), 15–24 (2001)
Kanoun, W., Cuppens-Boulahia, N., Cuppens, F., Autrel, F.: Advanced reaction using risk assessment in intrusion detection systems. In: International Workshop on Critical Information Infrastructures Security, pp. 58–70. Springer (2007)
Sandhu, R., Ferraiolo, D., Kuhn, R., et al.: The nist model for role-based access control: towards a unified standard. In: ACM workshop on Role-based access control, vol. 10 (2000)
Mirjalili, S., Lewis, A.: The whale optimization algorithm. Adv. Eng. Softw. 95, 51–67 (2016)
Hoglund, A.J., Hatonen, K., Sorvari, A.S.: A computer host-based user anomaly detection system using the self-organizing map. In: Proceedings of the IEEE-INNS-ENNS International Joint Conference on Neural Networks. IJCNN 2000. Neural Computing: New Challenges and Perspectives for the New Millennium, vol. 5, pp. 411–416. IEEE (2000)
Lunt, T.F., Tamaru, A., Gillham, F.: A real-time intrusion-detection expert system (IDES). SRI International, Computer Science Laboratory (1992)
Talpade, R., Kim, G., Khurana, S.: Nomad: Traffic-based network monitoring framework for anomaly detection. In: Proceedings IEEE International Symposium on Computers and Communications (Cat. No. PR00250), pp. 442–451. IEEE (1999)
Hu, Y., Panda, B.: Identification of malicious transactions in database systems. In: Seventh International Database Engineering and Applications Symposium, 2003. Proceedings., pp. 329–335. IEEE (2003)
Srivastava, A., Sural, S., Majumdar, A.K.: Database intrusion detection using weighted sequence mining. J. Comput. 1(4), 8–17 (2006)
Denning, D.E.: An intrusion-detection model. IEEE Trans. Softw. Eng. 2, 222–232 (1987)
Corney, M., Mohay, G., Clark, A.: Detection of anomalies from user profiles generated from system logs. In: Proceedings of the Ninth Australasian Information Security Conference, pp. 23–31. Australian Computer Society (2011)
Cárdenas, A.A., Amin, S., Lin, Z.S., Huang, Y.L., Huang, C.Y., Sastry, S.: Attacks against process control systems: risk assessment, detection, and response. In: Proceedings of the 6th ACM symposium on information, computer and communications security, pp. 355–366 (2011)
Liao, H.J., Lin, C.H.R., Lin, Y.C., Tung, K.Y.: Intrusion detection system: a comprehensive review. J. Netw. Comput. Appl. 36(1), 16–24 (2013)
Hastie, T., Tibshirani, R., Friedman, J.: Unsupervised learning. In: The elements of statistical learning, pp. 485–585. Springer (2009)
Chen, M.S., Han, J., Yu, P.S.: Data mining: an overview from a database perspective. IEEE Trans. Knowledge Data Eng. 8(6), 866–883 (1996)
Hashemi, S., Yang, Y., Zabihzadeh, D., Kangavari, M.: Detecting intrusion transactions in databases using data item dependencies and anomaly analysis. Expert Syst. 25(5), 460–473 (2008)
Rahman, M.M., Ahmed, C.F., Leung, C.K., Pazdor, A.G.: Frequent sequence mining with weight constraints in uncertain databases. In: Proceedings of the 12th international conference on ubiquitous information management and communication, pp. 1–8 (2018)
Kundu, A., Sural, S., Majumdar, A.K.: Database intrusion detection using sequence alignment. Int. J. Inform. Security 9(3), 179–191 (2010)
Subudhi, S., Panigrahi, S.: Application of optics and ensemble learning for database intrusion detection. J. King Saud University-Comput. Inform. Sci. (2019)
Sallam, A., Bertino, E.: Result-based detection of insider threats to relational databases. In: Proceedings of the ninth ACM conference on data and application security and privacy, pp. 133–143 (2019)
Agrawal, R., Srikant, R.: Mining sequential patterns. In: Proceedings of the eleventh international conference on data engineering, pp. 3–14. IEEE (1995)
Srikant, R., Agrawal, R.: Mining sequential patterns: Generalizations and performance improvements. In: International conference on extending database technology, pp. 1–17. Springer (1996)
Zaki, M.J.: Spade: an efficient algorithm for mining frequent sequences. Mach. Learn. 42(1), 31–60 (2001)
Pei, J., Han, J., Mortazavi-Asl, B., Wang, J., Pinto, H., Chen, Q., Dayal, U., Hsu, M.C.: Mining sequential patterns by pattern-growth: the prefixspan approach. IEEE Trans. Knowledge Data Eng. 16(11), 1424–1440 (2004)
Ayres, J., Flannick, J., Gehrke, J., Yiu, T.: Sequential pattern mining using a bitmap representation. In: Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining, pp. 429–435 (2002)
Gomariz, A., Campos, M., Marin, R., Goethals, B.: Clasp: An efficient algorithm for mining frequent closed sequences. In: Pacific-Asia Conference on Knowledge Discovery and Data Mining, pp. 50–61. Springer (2013)
Fournier-Viger, P., Gomariz, A., Campos, M., Thomas, R.: Fast vertical mining of sequential patterns using co-occurrence information. In: Pacific-Asia Conference on Knowledge Discovery and Data Mining, pp. 40–52. Springer (2014)
Lan, G.C., Hong, T.P., Lee, H.Y.: An efficient approach for finding weighted sequential patterns from sequence databases. Appl. Intell. 41(2), 439–452 (2014)
Rahman, M.M., Ahmed, C.F., Leung, C.K.S.: Mining weighted frequent sequences in uncertain databases. Inform. Sci. 479, 76–100 (2019)
Chung, C.Y., Gertz, M., Levitt, K.: Demids: A misuse detection system for database systems. In: Working Conference on Integrity and Internal Control in Information Systems, pp. 159–178. Springer (1999)
Spalka, A., Lehnhardt, J.: A comprehensive approach to anomaly detection in relational databases. In: IFIP Annual Conference on Data and Applications Security and Privacy, pp. 207–221. Springer (2005)
Alzubi, J.A., Jain, R., Kathuria, A., Khandelwal, A., Saxena, A., Singh, A.: Paraphrase identification using collaborative adversarial networks. J. Intell. Fuzzy Syst. 39(1), 1021–1032 (2020). https://doi.org/10.3233/JIFS-191933
Alzubi, J.A., Jain, R., Nagrath, P., Satapathy, S., Taneja, S., Gupta, P.: Deep image captioning using an ensemble of cnn and lstm based deep neural networks. J. Intell. Fuzzy Syst. 40(4), 5761–5769 (2021). https://doi.org/10.3233/JIFS-189415
Kamra, A., Terzi, E., Bertino, E.: Detecting anomalous access patterns in relational databases. VLDB J. 17(5), 1063–1077 (2008)
Panigrahi, S., Sural, S., Majumdar, A.K.: Two-stage database intrusion detection by combining multiple evidence and belief update. Inform. Syst. Front. 15(1), 35–53 (2013)
Hussain, S.R., Sallam, A.M., Bertino, E.: Detanom: Detecting anomalous database transactions by insiders. In: Proceedings of the 5th ACM Conference on Data and Application Security and Privacy, pp. 25–35 (2015)
Sallam, A., Bertino, E., Hussain, S.R., Landers, D., Lefler, R.M., Steiner, D.: Dbsafe-an anomaly detection system to protect databases from exfiltration attempts. IEEE Syst. J. 11(2), 483–493 (2015)
Sallam, A., Fadolalkarim, D., Bertino, E., Xiao, Q.: Data and syntax centric anomaly detection for relational databases. Wiley interdisciplinary reviews: data mining and knowledge discovery 6(6), 231–239 (2016)
Sallam, A., Bertino, E.: Detection of temporal insider threats to relational databases. In: 2017 IEEE 3rd International Conference on Collaboration and Internet Computing (CIC), pp. 406–415. IEEE (2017)
Ronao, C.A., Cho, S.B.: Anomalous query access detection in rbac-administered databases with random forest and pca. Inform. Sci. 369, 238–250 (2016)
Kim, T.Y., Cho, S.B.: Cnn-lstm neural networks for anomalous database intrusion detection in rbac-administered model. In: International Conference on Neural Information Processing, pp. 131–139. Springer (2019)
Mahalingam, T., Subramoniam, M.: A hybrid gray wolf and genetic whale optimization algorithm for efficient moving object analysis. Multim Tools Appl. 78(18), 26633–26659 (2019)
Rathore, R.S., Sangwan, S., Prakash, S., Adhikari, K., Kharel, R., Cao, Y.: Hybrid wgwo: whale grey wolf optimization-based novel energy-efficient clustering for eh-wsns. EURASIP J. Wireless Commun. Netw. 2020(1), 1–28 (2020)
Movassagh, A.A., Alzubi, J.A., Gheisari, M., Rahimi, M., Mohan, S., Abbasi, A.A., Nabipour, N.: Artificial neural networks training algorithm integrating invasive weed optimization with differential evolutionary model. J. Ambient Intell. Human. Comput. (2021). https://doi.org/10.1007/s12652-020-02623-6
Rahnema, N., Gharehchopogh, F.S.: An improved artificial bee colony algorithm based on whale optimization algorithm for data clustering. Multim. Tools Appl. 79(43), 32169–32194 (2020)
Aljarah, I., Mafarja, M., Heidari, A.A., Faris, H., Mirjalili, S.: Clustering analysis using a novel locality-informed grey wolf-inspired clustering approach. Knowledge Inform. Syst. 62(2), 507–539 (2020)
Ghany, K.K.A., AbdelAziz, A.M., Soliman, T.H.A., Sewisy, A.A.E.M.: A hybrid modified step whale optimization algorithm with tabu search for data clustering. Journal of King Saud University-Computer and Information Sciences (2020)
Viet, K., Panda, B., Hu, Y.: Detecting collaborative insider attacks in information systems. In: 2012 IEEE International Conference on Systems, Man, and Cybernetics (SMC), pp. 502–507. IEEE (2012)
Benchmark, T.C.: (2020). http://www.tpc.org/tpcc/default5.asp
Doroudian, M., Shahriari, H.R.: A hybrid approach for database intrusion detection at transaction and inter-transaction levels. In: 2014 6th Conference on Information and Knowledge Technology (IKT), pp. 1–6. IEEE (2014)
Bu, S.J., Cho, S.B.: A convolutional neural-based learning classifier system for detecting database intrusion via insider attack. Inform. Sci. 512, 123–136 (2020)
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Jindal, R., Singh, I. Detecting malicious transactions in database using hybrid metaheuristic clustering and frequent sequential pattern mining. Cluster Comput 25, 3937–3959 (2022). https://doi.org/10.1007/s10586-022-03622-2
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10586-022-03622-2