Abstract
Nowadays, as most of the companies and organizations rely on the database to safeguard sensitive data, it is required to guarantee the strong protection of the data. Intrusion detection system (IDS) can be an important component of the strong security framework, and the machine learning approach with adaptation capability has a great advantage for this system. In this paper, we propose a hybrid system of convolutional neural network (CNN) and learning classifier system (LCS) for IDS, called Convolutional Neural-Learning Classifier System (CN-LCS). CNN, one of the deep learning methods for image and pattern classification, classifies the queries by modeling normal behaviors of database. LCS, one of the adapted heuristic search algorithms based on genetic algorithm, discovers new rules to detect abnormal behaviors to supplement the CNN. Experiments with TPC-E benchmark database show that CN-LCS yields the best classification accuracy compared to other state-of-the-art machine learning algorithms. Additional analysis by t-SNE algorithm reveals the common patterns among highly misclassified queries.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Lee, S.Y., Low, W.L., Wong, P.Y.: Learning fingerprints for a database intrusion detection system. In: Gollmann, D., Karjoth, G., Waidner, M. (eds.) ESORICS 2002. LNCS, vol. 2502, pp. 264–279. Springer, Heidelberg (2002). doi:10.1007/3-540-45853-0_16
Ronao, C.A., Cho, S.-B.: Mining SQL queries to detect anomalous database access using random forest and PCA. In: Ali, M., Kwon, Y.S., Lee, C.-H., Kim, J., Kim, Y. (eds.) IEA/AIE 2015. LNCS, vol. 9101, pp. 151–160. Springer, Cham (2015). doi:10.1007/978-3-319-19066-2_15
Jin, X., Osborn, S.L.: Architecture for data collection in database intrusion detection systems. In: Jonker, W., Petković, M. (eds.) SDM 2007. LNCS, vol. 4721, pp. 96–107. Springer, Heidelberg (2007). doi:10.1007/978-3-540-75248-6_7
Mathes, S., Petropoulos, M., Ngo, H.Q., Upadhyaya, S.: A data-centric approach to insider attack detection in database systems. In: International Workshop on Recent Advances in Intrusion Detection, pp. 382–401 (2010)
Pinzon, C.I., De Paz, J.F., Herrero, A., Corchado, E., Bajo, J., Corchado, J.M.: idMAS-SQL: intrusion detection based on MAS to detect and block SQL injection through data mining. Inf. Sci. 231, 15–31 (2013)
Ronao, C.A., Cho, S.-B.: Random forests with weighted voting for anomalous query access detection in relational databases. In: Rutkowski, L., Korytkowski, M., Scherer, R., Tadeusiewicz, R., Zadeh, L.A., Zurada, J.M. (eds.) ICAISC 2015. LNCS, vol. 9120, pp. 36–48. Springer, Cham (2015). doi:10.1007/978-3-319-19369-4_4
Dam, H.H., Abbass, H.A., Lokan, C., Yao, X.: Neural-based learning classifier systems. IEEE Trans. Knowl. Data Eng. 20, 26–39 (2008)
LeCun, Y., Bengio, Y., Hinton, G.: Deep learning. Nature 521, 436–444 (2015)
Hu, Y., Panda, B.: A data mining approach for database intrusion detection. In: Proceedings of the 2004 ACM Symposium on Applied Computing, pp. 711–716 (2004)
Rajput, I.J., Shrivastava, D.: Data mining based database intrusion detection system: a survey. Int. J. Eng. Res. Appl. 2, 1752–1755 (2012)
Barbará, D., Goel, R., Jajodia, S.: Mining malicious corruption of data with hidden markov models. In: Gudes, E., Shenoi, S. (eds.) Research Directions in Data and Applications Security. ITIFIP, vol. 128, pp. 175–189. Springer, Boston, MA (2003). doi:10.1007/978-0-387-35697-6_14
Valeur, F., Mutz, D., Vigna, G.: A learning-based approach to the detection of SQL attacks. In: Julisch, K., Kruegel, C. (eds.) DIMVA 2005. LNCS, vol. 3548, pp. 123–140. Springer, Heidelberg (2005). doi:10.1007/11506881_8
Ramasubramanian, P., Kannan, A.: A genetic-algorithm based neural network short-term forecasting framework for database intrusion prediction system. Soft. Comput. 10, 699–714 (2006)
Kamra, A., Ber, E.: Survey of machine learning methods for database security. In: Kamra, A., Ber, E. (eds.) Machine Learning in Cyber Trust, pp. 53–71. Springer, USA (2009)
Pionzon, C., De Paz, J.F., Herrero, A., Corchado, E., Bajo, J.: A distributed hierarchical multi-agent architecture for detecting injections in SQL queries. In: Herrero, Á., Corchado, E., Redondo, C., Alonso, Á. (eds.) Computational Intelligence in Security for Information Systems, pp. 51–59. Springer, Berlin (2010)
Hinton, G.E., Salakhutdinov, R.R.: Reducing the dimensionality of data with neural networks. Science 313, 504–507 (2006)
Krizhevsky, A., Sutskever, I., Hinton, G.E.: ImageNet classification with deep convolutional neural networks. In: Advances in Neural Information Processing Systems, pp. 1097–1105 (2012)
Szegedy, C., Liu, W., Jia, Y., Sermanet, P., Reed, S., Anguelov, D., Rabinovich, A.: Going deeper with convolutions. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 1–9 (2015)
Yang, J., Honavar, V.: Feature subset selection using a genetic algorithm. In: Feature Extraction, Construction and Selection, pp. 117–136 (1998)
Goldberg, D.E., Holland, J.H.: Genetic algorithms and machine learning. Mach. Learn. 3, 95–99 (1988)
Oreski, S., Oreski, G.: Genetic algorithm-based heuristic for feature selection in credit risk assessment. Expert Syst. Appl. 41, 2052–2064 (2014)
Van Der Maaten, L., Postma, E., Van den Herik, J.: Dimensionality reduction: a comparative. J. Mach. Learn. Res. 10, 66–71 (2009)
Sainath, T.N., Mohamed, A.R., Kingsbury, B., Ramabhadran, B.: Deep convolutional neural networks for LVCSR. In: Acoustics, Speech and Signal Processing, pp. 8614–8618 (2013)
He, K., Zhang, X., Ren, S., Sun, J.: Deep residual learning for image recognition. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 770–778 (2016)
Abadi, M., Barham, P., Chen, J., Chen, Z., Davis, A., Dean, J., Kudlur, M.: Tensorflow: a system for large-scale machine learning. In: Proceedings of the 12th USENIX Symposium on Operating Systems Design and Implementation (2016)
Maaten, L.V.D., Hinton, G.: Visualizing data using t-SNE. J. Mach. Learn. Res. 9, 2579–2605 (2008)
Acknowledgements
This work was supported by Defense Acquisition Program Administration and Agency for Defense Development under the contract (UD160066BD).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Bu, SJ., Cho, SB. (2017). A Hybrid System of Deep Learning and Learning Classifier System for Database Intrusion Detection. In: Martínez de Pisón, F., Urraca, R., Quintián, H., Corchado, E. (eds) Hybrid Artificial Intelligent Systems. HAIS 2017. Lecture Notes in Computer Science(), vol 10334. Springer, Cham. https://doi.org/10.1007/978-3-319-59650-1_52
Download citation
DOI: https://doi.org/10.1007/978-3-319-59650-1_52
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-59649-5
Online ISBN: 978-3-319-59650-1
eBook Packages: Computer ScienceComputer Science (R0)