A framework for database intrusion detection system

Nandasana, Drashti; Barot, Virendra

doi:10.1109/icgtspicc.2016.7955272

Cited by 3 publications

(3 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Pendekatan berbasis signature lain yang didefinisikan pada hierarki peran dapat menangani pemeriksaan hak istimewa pada tingkat atribut. Perilaku pengguna di generalisasi pada tingkat peran lalu diperiksa permintaan atribut dari hak istimewa mereka sebagai referensi dan memeriksa aktivitas berbahaya, waktu eksekusi cepat dan kecil penyimpanan memori [2]. Identifikasi perilaku menggunakan teknik penambangan aturan asosiasi dianalisis oleh klaster Classification of Database Cransactions based on Association Rules and Cluster Analysis (CDTARCA) menghasilkan kelompok parameter aktivitas profil pengguna yang digunakan untuk mengklasifikasi transaksi berbahaya [3].…”

Section: Pendahuluanunclassified

Deteksi Intrusi Pada Basis Data Menggunakan Random Forest

Putri

Zulianto

Suwarningsih

2021

JICT

View full text Add to dashboard Cite

More services have been made online in recent years, more and more data is being stored virtually. This important and confidential data becomes an easy target for criminals in the era of digitalization. Database security becomes very necessary to keep data safe. Attacks can come from outside or from within, attacks caused by insiders are the second biggest threat after hacking. Conventional security has not been able to detect anomalies from internal users. This can be anticipated using an intrusion detection mechanism. This mechanism has previously been applied to networks and hosts. However, some actions that are harmful to the database are not necessarily harmful to the network and hosts so that intrusion detection on the database becomes extra security to defend the database from intruders. This system uses the Random Forest algorithm which includes supervised learning to detect anomalous transactions. The dataset used is a transaction log containing 773 records and 9 attributes. Anomalies are determined based on the threshold value of 3 attributes, namely operation, object and field name. The test uses 6 different trees, 10, 20, 40, 60, 80 and 100. The results of the test on 762 records and 5 attributes used, the Random Forest algorithm has the highest accuracy value on the number of trees 80 and 100 which have a test time difference of 0 .03 seconds. In the dataset used, the optimum number of trees is found at number 80 with an accuracy value of 99.56% and an execution time of 0.13183 seconds.

show abstract

Section: Pendahuluanunclassified

Deteksi Intrusi Pada Basis Data Menggunakan Random Forest

Putri

Zulianto

Suwarningsih

2021

JICT

View full text Add to dashboard Cite

show abstract

“…The Application-based IDS (AppIDS) [36] is used to keep an eye on the user-application interaction by analyzing the application log file to detect malicious user behavior such as those who bypass the security authorization rules. The database IDS (DIDS) [37][38][39] and Web application IDS (WAIDS) [40] are two examples of AppIDS.…”

Section: Introductionmentioning

confidence: 99%

Towards a Hybrid Immune Algorithm Based on Danger Theory for Database Security

Said

2020

IEEE Access

View full text Add to dashboard Cite

In Databases, the most prevalent cause of data breaches comes from insiders who misuse their account privileges. Due to the difficulty of discovering such breaches, an adaptive, accurate, and proactive database security strategy is required. Intrusion detection systems are utilized to detect, as fast as possible, user's account privilege misuse when a prevention mechanism has failed to address such breaches. In order to address the foremost deficiencies of intrusion detection systems, artificial immune systems are used to tackle these defects. The dynamic and more complex nature of cybersecurity, as well as the high false positive rate and high false negative percentage in current intrusion detection systems, are examples of such deficiency. In this paper, we propose an adaptable efficient database intrusion detection algorithm based on a combination of the Danger Theory model and the Negative Selection algorithm from artificial immune system mechanisms. Experimental results for the implementation of the proposed algorithm provide a self-learning mechanism for achieving high detection coverage with a low false positive rate by using the signature of previously detected intrusions as detectors for the future detection process. The proposed algorithm can enhance detecting insider threats and eliminate data breaches by protecting confidentiality, ensuring integrity, and maintaining availability. To give an integrated picture, a comprehensive and informative survey for the different research directions that are related to the proposed algorithm is performed.

show abstract

“…The ability of the IDS is to warn the network administrator by generating alerts on identifying suspicious activities in the network. These malicious activities can be generally categorized as internal (caused by authorized user intentionally or unintentionally) and external (real alerts caused by unauthorized users) [1]. As it is difficult for IDS to differentiate the unintentional and intentional attacks, it largely generates false alerts.…”

Section: Introductionmentioning

confidence: 99%

A Quality Framework to Improve IDS Performance Through Alert Post-Processing

Riyad¹,

Ahmed²,

Almistarihi³

2019

IJIES

View full text Add to dashboard Cite

An intrusion detection system is one of the network security tools installed to monitor suspicious activity in the network and act as a last line of defense. It normally notifies about the skeptical activity occurred in the network using sensors by sending alarms to the administrator. However, the IDS present in the large network generates not only a large number of alerts but also abundant false alerts. These generated alerts are very difficult to handle as it increases the burden for the network administrator and also pulls down the performance of the defense system. In order to overcome the issue, various countermeasures have been proposed. Commonly, to increase the quality of alerts, the alerts are post-processed in such a way that the false alerts are filtered out thereby refining the performance of the IDS defense. In this paper, we propose an IDS quality framework using alert post-processing techniques to separate out the false alerts generated by various sensors in the network. At low level alert post-processing, the priority scores are assigned based on the quality measures to filter the irrelevant alerts having less significance. At high level alert postprocessing, higher level operations such as alert aggregation, clustering, and hyper alert correlation have been carried out to minimize the number of alerts and the high level report consisting of significant alerts is presented to the administrator. Experiments have been conducted using DARPA 2000 dataset to assess the performance of the proposed system. The system has produced pleasing results than many of the existing methods with 95% of alert reduction rate, 99% of completeness and 100% of soundness towards enlightening the quality of the alerts generated by the IDS.

show abstract

A framework for database intrusion detection system

Cited by 3 publications

References 9 publications

Deteksi Intrusi Pada Basis Data Menggunakan Random Forest

Deteksi Intrusi Pada Basis Data Menggunakan Random Forest

Towards a Hybrid Immune Algorithm Based on Danger Theory for Database Security

A Quality Framework to Improve IDS Performance Through Alert Post-Processing

Contact Info

Product

Resources

About