A Hybrid System of Deep Learning and Learning Classifier System for Database Intrusion Detection

  • Seok-Jun Bu
  • Sung-Bae ChoEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10334)


Nowadays, as most of the companies and organizations rely on the database to safeguard sensitive data, it is required to guarantee the strong protection of the data. Intrusion detection system (IDS) can be an important component of the strong security framework, and the machine learning approach with adaptation capability has a great advantage for this system. In this paper, we propose a hybrid system of convolutional neural network (CNN) and learning classifier system (LCS) for IDS, called Convolutional Neural-Learning Classifier System (CN-LCS). CNN, one of the deep learning methods for image and pattern classification, classifies the queries by modeling normal behaviors of database. LCS, one of the adapted heuristic search algorithms based on genetic algorithm, discovers new rules to detect abnormal behaviors to supplement the CNN. Experiments with TPC-E benchmark database show that CN-LCS yields the best classification accuracy compared to other state-of-the-art machine learning algorithms. Additional analysis by t-SNE algorithm reveals the common patterns among highly misclassified queries.


Feature Selection Intrusion Detection Machine Learning Algorithm Intrusion Detection System Convolutional Neural Network 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



This work was supported by Defense Acquisition Program Administration and Agency for Defense Development under the contract (UD160066BD).


  1. 1.
    Lee, S.Y., Low, W.L., Wong, P.Y.: Learning fingerprints for a database intrusion detection system. In: Gollmann, D., Karjoth, G., Waidner, M. (eds.) ESORICS 2002. LNCS, vol. 2502, pp. 264–279. Springer, Heidelberg (2002). doi: 10.1007/3-540-45853-0_16 CrossRefGoogle Scholar
  2. 2.
    Ronao, C.A., Cho, S.-B.: Mining SQL queries to detect anomalous database access using random forest and PCA. In: Ali, M., Kwon, Y.S., Lee, C.-H., Kim, J., Kim, Y. (eds.) IEA/AIE 2015. LNCS, vol. 9101, pp. 151–160. Springer, Cham (2015). doi: 10.1007/978-3-319-19066-2_15 Google Scholar
  3. 3.
    Jin, X., Osborn, S.L.: Architecture for data collection in database intrusion detection systems. In: Jonker, W., Petković, M. (eds.) SDM 2007. LNCS, vol. 4721, pp. 96–107. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-75248-6_7 CrossRefGoogle Scholar
  4. 4.
    Mathes, S., Petropoulos, M., Ngo, H.Q., Upadhyaya, S.: A data-centric approach to insider attack detection in database systems. In: International Workshop on Recent Advances in Intrusion Detection, pp. 382–401 (2010)Google Scholar
  5. 5.
    Pinzon, C.I., De Paz, J.F., Herrero, A., Corchado, E., Bajo, J., Corchado, J.M.: idMAS-SQL: intrusion detection based on MAS to detect and block SQL injection through data mining. Inf. Sci. 231, 15–31 (2013)CrossRefGoogle Scholar
  6. 6.
    Ronao, C.A., Cho, S.-B.: Random forests with weighted voting for anomalous query access detection in relational databases. In: Rutkowski, L., Korytkowski, M., Scherer, R., Tadeusiewicz, R., Zadeh, L.A., Zurada, J.M. (eds.) ICAISC 2015. LNCS, vol. 9120, pp. 36–48. Springer, Cham (2015). doi: 10.1007/978-3-319-19369-4_4 CrossRefGoogle Scholar
  7. 7.
    Dam, H.H., Abbass, H.A., Lokan, C., Yao, X.: Neural-based learning classifier systems. IEEE Trans. Knowl. Data Eng. 20, 26–39 (2008)CrossRefzbMATHGoogle Scholar
  8. 8.
    LeCun, Y., Bengio, Y., Hinton, G.: Deep learning. Nature 521, 436–444 (2015)CrossRefGoogle Scholar
  9. 9.
    Hu, Y., Panda, B.: A data mining approach for database intrusion detection. In: Proceedings of the 2004 ACM Symposium on Applied Computing, pp. 711–716 (2004)Google Scholar
  10. 10.
    Rajput, I.J., Shrivastava, D.: Data mining based database intrusion detection system: a survey. Int. J. Eng. Res. Appl. 2, 1752–1755 (2012)Google Scholar
  11. 11.
    Barbará, D., Goel, R., Jajodia, S.: Mining malicious corruption of data with hidden markov models. In: Gudes, E., Shenoi, S. (eds.) Research Directions in Data and Applications Security. ITIFIP, vol. 128, pp. 175–189. Springer, Boston, MA (2003). doi: 10.1007/978-0-387-35697-6_14 CrossRefGoogle Scholar
  12. 12.
    Valeur, F., Mutz, D., Vigna, G.: A learning-based approach to the detection of SQL attacks. In: Julisch, K., Kruegel, C. (eds.) DIMVA 2005. LNCS, vol. 3548, pp. 123–140. Springer, Heidelberg (2005). doi: 10.1007/11506881_8 CrossRefGoogle Scholar
  13. 13.
    Ramasubramanian, P., Kannan, A.: A genetic-algorithm based neural network short-term forecasting framework for database intrusion prediction system. Soft. Comput. 10, 699–714 (2006)CrossRefGoogle Scholar
  14. 14.
    Kamra, A., Ber, E.: Survey of machine learning methods for database security. In: Kamra, A., Ber, E. (eds.) Machine Learning in Cyber Trust, pp. 53–71. Springer, USA (2009)CrossRefGoogle Scholar
  15. 15.
    Pionzon, C., De Paz, J.F., Herrero, A., Corchado, E., Bajo, J.: A distributed hierarchical multi-agent architecture for detecting injections in SQL queries. In: Herrero, Á., Corchado, E., Redondo, C., Alonso, Á. (eds.) Computational Intelligence in Security for Information Systems, pp. 51–59. Springer, Berlin (2010)Google Scholar
  16. 16.
    Hinton, G.E., Salakhutdinov, R.R.: Reducing the dimensionality of data with neural networks. Science 313, 504–507 (2006)CrossRefzbMATHMathSciNetGoogle Scholar
  17. 17.
    Krizhevsky, A., Sutskever, I., Hinton, G.E.: ImageNet classification with deep convolutional neural networks. In: Advances in Neural Information Processing Systems, pp. 1097–1105 (2012)Google Scholar
  18. 18.
    Szegedy, C., Liu, W., Jia, Y., Sermanet, P., Reed, S., Anguelov, D., Rabinovich, A.: Going deeper with convolutions. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 1–9 (2015)Google Scholar
  19. 19.
    Yang, J., Honavar, V.: Feature subset selection using a genetic algorithm. In: Feature Extraction, Construction and Selection, pp. 117–136 (1998)Google Scholar
  20. 20.
    Goldberg, D.E., Holland, J.H.: Genetic algorithms and machine learning. Mach. Learn. 3, 95–99 (1988)CrossRefGoogle Scholar
  21. 21.
    Oreski, S., Oreski, G.: Genetic algorithm-based heuristic for feature selection in credit risk assessment. Expert Syst. Appl. 41, 2052–2064 (2014)CrossRefGoogle Scholar
  22. 22.
    Van Der Maaten, L., Postma, E., Van den Herik, J.: Dimensionality reduction: a comparative. J. Mach. Learn. Res. 10, 66–71 (2009)Google Scholar
  23. 23.
    Sainath, T.N., Mohamed, A.R., Kingsbury, B., Ramabhadran, B.: Deep convolutional neural networks for LVCSR. In: Acoustics, Speech and Signal Processing, pp. 8614–8618 (2013)Google Scholar
  24. 24.
    He, K., Zhang, X., Ren, S., Sun, J.: Deep residual learning for image recognition. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 770–778 (2016)Google Scholar
  25. 25.
    Abadi, M., Barham, P., Chen, J., Chen, Z., Davis, A., Dean, J., Kudlur, M.: Tensorflow: a system for large-scale machine learning. In: Proceedings of the 12th USENIX Symposium on Operating Systems Design and Implementation (2016)Google Scholar
  26. 26.
    Maaten, L.V.D., Hinton, G.: Visualizing data using t-SNE. J. Mach. Learn. Res. 9, 2579–2605 (2008)zbMATHGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.Department of Computer ScienceYonsei UniversitySeoulSouth Korea

Personalised recommendations