Skip to main content
SpringerLink
Log in

A Hybrid System of Deep Learning and Learning Classifier System for Database Intrusion Detection

  • Conference paper
  • First Online:
Hybrid Artificial Intelligent Systems (HAIS 2017)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 10334))

Included in the following conference series:

Abstract

Nowadays, as most of the companies and organizations rely on the database to safeguard sensitive data, it is required to guarantee the strong protection of the data. Intrusion detection system (IDS) can be an important component of the strong security framework, and the machine learning approach with adaptation capability has a great advantage for this system. In this paper, we propose a hybrid system of convolutional neural network (CNN) and learning classifier system (LCS) for IDS, called Convolutional Neural-Learning Classifier System (CN-LCS). CNN, one of the deep learning methods for image and pattern classification, classifies the queries by modeling normal behaviors of database. LCS, one of the adapted heuristic search algorithms based on genetic algorithm, discovers new rules to detect abnormal behaviors to supplement the CNN. Experiments with TPC-E benchmark database show that CN-LCS yields the best classification accuracy compared to other state-of-the-art machine learning algorithms. Additional analysis by t-SNE algorithm reveals the common patterns among highly misclassified queries.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Lee, S.Y., Low, W.L., Wong, P.Y.: Learning fingerprints for a database intrusion detection system. In: Gollmann, D., Karjoth, G., Waidner, M. (eds.) ESORICS 2002. LNCS, vol. 2502, pp. 264–279. Springer, Heidelberg (2002). doi:10.1007/3-540-45853-0_16

    Chapter  Google Scholar 

  2. Ronao, C.A., Cho, S.-B.: Mining SQL queries to detect anomalous database access using random forest and PCA. In: Ali, M., Kwon, Y.S., Lee, C.-H., Kim, J., Kim, Y. (eds.) IEA/AIE 2015. LNCS, vol. 9101, pp. 151–160. Springer, Cham (2015). doi:10.1007/978-3-319-19066-2_15

    Google Scholar 

  3. Jin, X., Osborn, S.L.: Architecture for data collection in database intrusion detection systems. In: Jonker, W., Petković, M. (eds.) SDM 2007. LNCS, vol. 4721, pp. 96–107. Springer, Heidelberg (2007). doi:10.1007/978-3-540-75248-6_7

    Chapter  Google Scholar 

  4. Mathes, S., Petropoulos, M., Ngo, H.Q., Upadhyaya, S.: A data-centric approach to insider attack detection in database systems. In: International Workshop on Recent Advances in Intrusion Detection, pp. 382–401 (2010)

    Google Scholar 

  5. Pinzon, C.I., De Paz, J.F., Herrero, A., Corchado, E., Bajo, J., Corchado, J.M.: idMAS-SQL: intrusion detection based on MAS to detect and block SQL injection through data mining. Inf. Sci. 231, 15–31 (2013)

    Article  Google Scholar 

  6. Ronao, C.A., Cho, S.-B.: Random forests with weighted voting for anomalous query access detection in relational databases. In: Rutkowski, L., Korytkowski, M., Scherer, R., Tadeusiewicz, R., Zadeh, L.A., Zurada, J.M. (eds.) ICAISC 2015. LNCS, vol. 9120, pp. 36–48. Springer, Cham (2015). doi:10.1007/978-3-319-19369-4_4

    Chapter  Google Scholar 

  7. Dam, H.H., Abbass, H.A., Lokan, C., Yao, X.: Neural-based learning classifier systems. IEEE Trans. Knowl. Data Eng. 20, 26–39 (2008)

    Article  MATH  Google Scholar 

  8. LeCun, Y., Bengio, Y., Hinton, G.: Deep learning. Nature 521, 436–444 (2015)

    Article  Google Scholar 

  9. Hu, Y., Panda, B.: A data mining approach for database intrusion detection. In: Proceedings of the 2004 ACM Symposium on Applied Computing, pp. 711–716 (2004)

    Google Scholar 

  10. Rajput, I.J., Shrivastava, D.: Data mining based database intrusion detection system: a survey. Int. J. Eng. Res. Appl. 2, 1752–1755 (2012)

    Google Scholar 

  11. Barbará, D., Goel, R., Jajodia, S.: Mining malicious corruption of data with hidden markov models. In: Gudes, E., Shenoi, S. (eds.) Research Directions in Data and Applications Security. ITIFIP, vol. 128, pp. 175–189. Springer, Boston, MA (2003). doi:10.1007/978-0-387-35697-6_14

    Chapter  Google Scholar 

  12. Valeur, F., Mutz, D., Vigna, G.: A learning-based approach to the detection of SQL attacks. In: Julisch, K., Kruegel, C. (eds.) DIMVA 2005. LNCS, vol. 3548, pp. 123–140. Springer, Heidelberg (2005). doi:10.1007/11506881_8

    Chapter  Google Scholar 

  13. Ramasubramanian, P., Kannan, A.: A genetic-algorithm based neural network short-term forecasting framework for database intrusion prediction system. Soft. Comput. 10, 699–714 (2006)

    Article  Google Scholar 

  14. Kamra, A., Ber, E.: Survey of machine learning methods for database security. In: Kamra, A., Ber, E. (eds.) Machine Learning in Cyber Trust, pp. 53–71. Springer, USA (2009)

    Chapter  Google Scholar 

  15. Pionzon, C., De Paz, J.F., Herrero, A., Corchado, E., Bajo, J.: A distributed hierarchical multi-agent architecture for detecting injections in SQL queries. In: Herrero, Á., Corchado, E., Redondo, C., Alonso, Á. (eds.) Computational Intelligence in Security for Information Systems, pp. 51–59. Springer, Berlin (2010)

    Google Scholar 

  16. Hinton, G.E., Salakhutdinov, R.R.: Reducing the dimensionality of data with neural networks. Science 313, 504–507 (2006)

    Article  MATH  MathSciNet  Google Scholar 

  17. Krizhevsky, A., Sutskever, I., Hinton, G.E.: ImageNet classification with deep convolutional neural networks. In: Advances in Neural Information Processing Systems, pp. 1097–1105 (2012)

    Google Scholar 

  18. Szegedy, C., Liu, W., Jia, Y., Sermanet, P., Reed, S., Anguelov, D., Rabinovich, A.: Going deeper with convolutions. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 1–9 (2015)

    Google Scholar 

  19. Yang, J., Honavar, V.: Feature subset selection using a genetic algorithm. In: Feature Extraction, Construction and Selection, pp. 117–136 (1998)

    Google Scholar 

  20. Goldberg, D.E., Holland, J.H.: Genetic algorithms and machine learning. Mach. Learn. 3, 95–99 (1988)

    Article  Google Scholar 

  21. Oreski, S., Oreski, G.: Genetic algorithm-based heuristic for feature selection in credit risk assessment. Expert Syst. Appl. 41, 2052–2064 (2014)

    Article  Google Scholar 

  22. Van Der Maaten, L., Postma, E., Van den Herik, J.: Dimensionality reduction: a comparative. J. Mach. Learn. Res. 10, 66–71 (2009)

    Google Scholar 

  23. Sainath, T.N., Mohamed, A.R., Kingsbury, B., Ramabhadran, B.: Deep convolutional neural networks for LVCSR. In: Acoustics, Speech and Signal Processing, pp. 8614–8618 (2013)

    Google Scholar 

  24. He, K., Zhang, X., Ren, S., Sun, J.: Deep residual learning for image recognition. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 770–778 (2016)

    Google Scholar 

  25. Abadi, M., Barham, P., Chen, J., Chen, Z., Davis, A., Dean, J., Kudlur, M.: Tensorflow: a system for large-scale machine learning. In: Proceedings of the 12th USENIX Symposium on Operating Systems Design and Implementation (2016)

    Google Scholar 

  26. Maaten, L.V.D., Hinton, G.: Visualizing data using t-SNE. J. Mach. Learn. Res. 9, 2579–2605 (2008)

    MATH  Google Scholar 

Download references

Acknowledgements

This work was supported by Defense Acquisition Program Administration and Agency for Defense Development under the contract (UD160066BD).

Author information

Authors and Affiliations

  1. Department of Computer Science, Yonsei University, Seoul, South Korea

    Seok-Jun Bu & Sung-Bae Cho

Authors
  1. Seok-Jun Bu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sung-Bae Cho
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sung-Bae Cho .

Editor information

Editors and Affiliations

  1. University of La Rioja , Logroño, La Rioja, Spain

    Francisco Javier Martínez de Pisón

  2. University of La Rioja , Logroño, La Rioja, Spain

    Rubén Urraca

  3. University of A Coruña , Ferrol, La Coruña, Spain

    Héctor Quintián

  4. University of Salamanca, Salamanca, Spain

    Emilio Corchado

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Bu, SJ., Cho, SB. (2017). A Hybrid System of Deep Learning and Learning Classifier System for Database Intrusion Detection. In: Martínez de Pisón, F., Urraca, R., Quintián, H., Corchado, E. (eds) Hybrid Artificial Intelligent Systems. HAIS 2017. Lecture Notes in Computer Science(), vol 10334. Springer, Cham. https://doi.org/10.1007/978-3-319-59650-1_52

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-59650-1_52

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-59649-5

  • Online ISBN: 978-3-319-59650-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation