2nd International ICST Conference on Scalable Information Systems

Research Article

Fast Detection of Database System Abuse Behaviors Based on Data Mining Approach

Download331 downloads
  • @INPROCEEDINGS{10.4108/infoscale.2007.916,
        author={Yubao Liu and Jiarong Cai and Zhilan Huang and Jingwen Yu and Jian Yin},
        title={Fast Detection of Database System Abuse Behaviors Based on Data Mining Approach},
        proceedings={2nd International ICST Conference on Scalable Information Systems},
        proceedings_a={INFOSCALE},
        year={2010},
        month={5},
        keywords={Data System Abuse Behaviors Access Profiles Maximal AccessProfiles FP-tree Anomaly-based Detection Model.},
        doi={10.4108/infoscale.2007.916}
    }
    
  • Yubao Liu
    Jiarong Cai
    Zhilan Huang
    Jingwen Yu
    Jian Yin
    Year: 2010
    Fast Detection of Database System Abuse Behaviors Based on Data Mining Approach
    INFOSCALE
    ICST
    DOI: 10.4108/infoscale.2007.916
Yubao Liu1,*, Jiarong Cai1,*, Zhilan Huang1,*, Jingwen Yu1,*, Jian Yin1,*
  • 1: Sun Yat-Sen University Department of Computer Science of Sun Yat-Sen University Guangzhou, China, 510275
*Contact email: liuyubao@mail.sysu.edu.cn, kelvin2004_cai@163.com, santahzl@gmail.com, yjw831@163.com, issjyin@mail.sysu.edu.cn

Abstract

Recently, the mining of system log datasets has be widely used in the system security application field such as the detection of abuse behaviors. At present, most of efforts concentrate on the network or operating system level. There are few works concentrated on database system application. In this paper, we present the concept of access profile to represent the user behavior characteristics of accessing database system and study the problem of mining maximal access profiles for fast detection of database system insider abuse behaviors by legitimate users. Based on the existing FP-tree structure, a new mining algorithm MMAP is presented for our problem. A new constraint of relation distance, which is based on the foreign key dependencies of relations, is also presented to reduce the mining algorithm search space. An anomaly-based detection model is build based on MMAP algorithm for performance experiments. The experimental results show that our approach works efficiently for detecting the abuse behaviors of database system.