Research Article
Fast Detection of Database System Abuse Behaviors Based on Data Mining Approach
@INPROCEEDINGS{10.4108/infoscale.2007.916, author={Yubao Liu and Jiarong Cai and Zhilan Huang and Jingwen Yu and Jian Yin}, title={Fast Detection of Database System Abuse Behaviors Based on Data Mining Approach}, proceedings={2nd International ICST Conference on Scalable Information Systems}, proceedings_a={INFOSCALE}, year={2010}, month={5}, keywords={Data System Abuse Behaviors Access Profiles Maximal AccessProfiles FP-tree Anomaly-based Detection Model.}, doi={10.4108/infoscale.2007.916} }- Yubao Liu
Jiarong Cai
Zhilan Huang
Jingwen Yu
Jian Yin
Year: 2010
Fast Detection of Database System Abuse Behaviors Based on Data Mining Approach
INFOSCALE
ICST
DOI: 10.4108/infoscale.2007.916
Abstract
Recently, the mining of system log datasets has be widely used in the system security application field such as the detection of abuse behaviors. At present, most of efforts concentrate on the network or operating system level. There are few works concentrated on database system application. In this paper, we present the concept of access profile to represent the user behavior characteristics of accessing database system and study the problem of mining maximal access profiles for fast detection of database system insider abuse behaviors by legitimate users. Based on the existing FP-tree structure, a new mining algorithm MMAP is presented for our problem. A new constraint of relation distance, which is based on the foreign key dependencies of relations, is also presented to reduce the mining algorithm search space. An anomaly-based detection model is build based on MMAP algorithm for performance experiments. The experimental results show that our approach works efficiently for detecting the abuse behaviors of database system.