Security and Privacy in Communication Networks. 11th International Conference, SecureComm 2015, Dallas, TX, USA, October 26-29, 2015, Revised Selected Papers

Research Article

A Novel Clustering Algorithm for Database Anomaly Detection

Download
266 downloads
  • @INPROCEEDINGS{10.1007/978-3-319-28865-9_45,
        author={Jinkun Geng and Daren Ye and Ping Luo and Pin Lv},
        title={A Novel Clustering Algorithm for Database Anomaly Detection},
        proceedings={Security and Privacy in Communication Networks. 11th International Conference, SecureComm 2015, Dallas, TX, USA, October 26-29, 2015, Revised Selected Papers},
        proceedings_a={SECURECOMM},
        year={2016},
        month={2},
        keywords={Database anomaly detection Database security Cluster analysis Privilege pattern},
        doi={10.1007/978-3-319-28865-9_45}
    }
    
  • Jinkun Geng
    Daren Ye
    Ping Luo
    Pin Lv
    Year: 2016
    A Novel Clustering Algorithm for Database Anomaly Detection
    SECURECOMM
    Springer
    DOI: 10.1007/978-3-319-28865-9_45
Jinkun Geng1,*, Daren Ye1, Ping Luo2,*, Pin Lv3
  • 1: Beihang University
  • 2: Tsinghua University
  • 3: State Information Center
*Contact email: steam1994@163.com, luop@mail.tsinghua.edu.cn

Abstract

As a main method in database intrusion detection, database anomaly detection should be able to detect users’ operational behaviours for timely prevention of possible attacks and for guarantee of database security. Aiming at this, we apply cluster analysis techniques to anomaly detection and propose a novel density-based clustering algorithm called DBCAPSIC, which is adopted to clustering database users according to their behavior types and behavior frequencies. Privilege patterns are extracted from the clusters and serve as a reference in anomaly detection. The simulation experiment proves that the algorithm can recognize the anomalous operations with few mistakes.