Skip to main content
SpringerLink
Log in

Trust factor-based analysis of user behavior using sequential pattern mining for detecting intrusive transactions in databases

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

Organizations today are employing databases on a large scale to store data essential for their functioning. Malicious access and modifications of the databases may lead to adverse financial and legal implications. In recent years, security researchers have focused on detecting abuse of access privileges by employees of an organization. Identifying threats from insiders is hard because they are aware of the organization of the database in addition to having authorised access privileges. To detect insider attacks effectively and efficiently, we present a novel approach to dynamically determine the malicious transactions using historical data. We propose Trust factor-based user behavior analysis using sequential pattern mining for database intrusion detection systems (TFUBID). Since, groups of users access the organizational database for similar purposes, we cluster user behavior vectors using fuzzy clustering and define a class of Integral Data Attributes using sequential pattern mining to model trust factor-based behavioral patterns of employees accessing the database assigning higher weight to critical elements and Directly Correlated Attributes. A comprehensive experimental evaluation on our synthetic dataset adhering to TPC-C standard benchmark revealed that TFUBID achieved an accuracy of 94% for detecting malicious transactions and outperforms competing state-of-the-art techniques on several performance measures.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

Data availability

The datasets generated and/or analzsed during the current study are available in http://www.tpc.org/tpcc/default.asp.

References

  1. Agrawal R, Srikant R (1994) Fast algorithms for mining association rules in large databases. In: Proceedings of the 20th International Conference on Very Large Data Bases, VLDB ’94. Morgan Kaufmann Publishers Inc, San Francisco, pp 487–499

  2. Agrawal R, Srikant R (1995) Mining sequential patterns. In: Proceedings of the Eleventh International Conference on Data Engineering, ICDE ’95. IEEE Computer Society, pp 3–14

  3. Aljawarneh S, Aldwairi M, Yassein MB (2018) Anomaly-based intrusion detection system through feature selection analysis and building hybrid efficient model. J Comput Sci 25:152–160

    Article  Google Scholar 

  4. Bertino E, Sandhu R (2005) Database security—concepts, approaches, and challenges. IEEE Trans Depend Secure Comput 2(1):2–19

    Article  Google Scholar 

  5. Bertino E, Terzi E, Kamra A, Vakali A (2005) Intrusion detection in RBAC-administered databases. In: 21st Annual Computer Security Applications Conference (ACSAC’05), pp 10–182

  6. Bezdek JC, Ehrlich R, Full W (1984) FCM: the fuzzy c-means clustering algorithm. Comput Geosci 10(2):191–203

    Article  Google Scholar 

  7. Bu SJ, Cho SB (2020) A convolutional neural-based learning classifier system for detecting database intrusion via insider attack. Inf Sci 512:123–136

    Article  Google Scholar 

  8. Bu S-J, Kang H-B, Cho S-B (2022) Ensemble of deep convolutional learning classifier system based on genetic algorithm for database intrusion detection. Electronics 11(5):745

    Article  Google Scholar 

  9. Cappelli D, Moore A, Trzeciak R, Shimeall T (2006) Common sense guide to prevention and detection of insider threats 3rd edition-version 3.1

  10. Chung CY, Gertz M, Levitt K (2000) DEMIDS: a misuse detection system for database systems. Springer, Boston, pp 159–178

    Google Scholar 

  11. Corney M, Mohay GM, Clark AJ (2011) Detection of anomalies from user profiles generated from system logs. In: Proceedings of the Ninth Australasian Information Security Conference, Volume 116 of AISC ’11. Australian Computer Society, Inc., pp 23–32

  12. Denning DE (1987) An intrusion-detection model. IEEE Trans Softw Eng 13(2):222–232

    Article  Google Scholar 

  13. Dunn JC (1973) A fuzzy relative of the ISODATA process and its use in detecting compact well-separated clusters. J Cybern 3(3):32–57

    Article  MathSciNet  MATH  Google Scholar 

  14. Fuglede B, Topsoe F (2004) Jensen–Shannon divergence and Hilbert space embedding. In: International Symposium on Information Theory, 2004. ISIT 2004. Proceedings, p 31

  15. Furnell S (2004) Enemies within: the problem of insider attacks. Comput Fraud Secur 2004(7):6–11

    Article  Google Scholar 

  16. Hashemi S, Yang Y, Zabihzadeh D, Kangavari M (2008) Detecting intrusion transactions in databases using data item dependencies and anomaly analysis. Expert Syst 25(5):460–473

    Article  Google Scholar 

  17. Hu Y, Panda B (2004) A data mining approach for database intrusion detection. In: Proceedings of the 2004 ACM Symposium on Applied Computing, SAC ’04. Association for Computing Machinery, New York, pp 711–716

  18. Hu Y, Panda B (2005) Design and analysis of techniques for detection of malicious activities in database systems. J Netw Syst Manag 13(3):269–291

    Article  Google Scholar 

  19. Jindal R, Singh I (2022) Detecting malicious transactions in database using hybrid metaheuristic clustering and frequent sequential pattern mining. Cluster Comput 25(6):3937–3959

    Article  Google Scholar 

  20. Kim J, Jung H, Kim W (2022) Sequential pattern mining approach for personalized fraudulent transaction detection in online banking. Sustainability 14(15):9791

    Article  Google Scholar 

  21. Kim T-Y, Cho S-B (2019) CNN-LSTM neural networks for anomalous database intrusion detection in RBAC-administered model. In: Gedeon T, Wong KW, Lee M (eds) Neural information processing. Springer, Cham, pp 131–139

    Chapter  Google Scholar 

  22. Kim TY, Bae Cho S (2021) Optimizing CNN-LSTM neural networks with PSO for anomalous query access control. Neurocomputing 456:666–677

    Article  Google Scholar 

  23. Kumar S, Mohbey KK (2022) A review on big data based parallel and distributed approaches of pattern mining. J King Saud Univ Comput Inf Sci 34(5):1639–1662

    Google Scholar 

  24. Kumar S, Mohbey KK (2022) A utility-based distributed pattern mining algorithm with reduced shuffle overhead. IEEE Trans Parallel Distrib Syst 34(1):416–428

    Article  Google Scholar 

  25. Lan G-C, Hong T-P, Lee H-Y (2014) An efficient approach for finding weighted sequential patterns from sequence databases. Appl Intell 41(2):439–452

    Article  Google Scholar 

  26. Lee VCS, Stankovic JA, Son SH (2000) Intrusion detection in real-time database systems via time signatures. In: Proceedings Sixth IEEE Real-Time Technology and Applications Symposium. RTAS 2000, pp 124–133

  27. Lunt T, Tamaru A, Gilham F, Jagannathan R, Jalali C, Neumann P, Javitz H, Garvey T (1992) A real-time intrusion-detection expert system

  28. Mangalampalli A, Pudi V (2009) Fuzzy association rule mining algorithm for fast and efficient performance on very large datasets, pp 1163–1168

  29. Pannell G, Ashman H (2010) Anomaly detection over user profiles for intrusion detection. In: 8th Australian Information Security Management Conference

  30. Pei J, Han J, Mortazavi-Asl B, Wang J, Pinto H, Chen Q, Dayal U, Hsu MC (2004) Mining sequential patterns by pattern-growth: the prefixspan approach. IEEE Trans Knowl Data Eng 16(11):1424–1440

    Article  Google Scholar 

  31. Rahman MM, Ahmed CF, Leung CK, Pazdor AGM (2018) Frequent sequence mining with weight constraints in uncertain databases. In: Proceedings of the 12th International Conference on Ubiquitous Information Management and Communication, IMCOM ’18. Association for Computing Machinery, New York

  32. Rahman MM, Ahmed CF, Leung CK-S (2019) Mining weighted frequent sequences in uncertain databases. Inf Sci 479:76–100

    Article  Google Scholar 

  33. Roesch M (1999) Snort: lightweight intrusion detection for networks. In: Proceedings of the 13th USENIX Conference on System Administration, LISA ’99. USENIX Association, New York, pp 229–238

  34. Ronao CA, Cho S-B (2016) Anomalous query access detection in RBAC-administered databases with random forest and PCA. Inf Sci 369:238–250

    Article  Google Scholar 

  35. Ruijuan Z, Jing C, Mingchuan Z, Junlong Z, Qingtao W (2016) User abnormal behavior analysis based on neural network clustering. J China Univ Posts Telecommun 23(3):29–44

    Article  Google Scholar 

  36. Singh I, Jindal R (2021) Expectation maximization clustering and sequential pattern mining based approach for detecting intrusive transactions in databases. Multim Tools Appl 80(18):27649–27681

    Article  Google Scholar 

  37. Singh I, Manuja M, Mathur R, Goswami M (2020) Detecting intrusive transactions in databases using partially-ordered sequential rule mining and fractional-distance based anomaly detection. Int J Intell Eng Inform 8(2):138–171

    Google Scholar 

  38. Singh I, Mehraj B, Gupta N (2022) Intrusion detection system for databases: a hybrid metaheuristic clustering and closed sequential pattern mining approach. In: 2022 8th International Conference on Advanced Computing and Communication Systems (ICACCS), vol 1, pp 38–45

  39. Srikant R, Agrawal R (1996) Mining sequential patterns: generalizations and performance improvements. In: Advances in Database Technology—EDBT ’96. Springer, Berlin, pp 1–17

  40. Srivastava A, Sural S, Majumdar AK (2006) Weighted intra-transactional rule mining for database intrusion detection. In: Ng W-K, Kitsuregawa M, Li J, Chang K (eds) Advances in knowledge discovery and data mining. Springer, Berlin, pp 611–620

    Chapter  Google Scholar 

  41. Srivastava A, Sural S, Majumdar A (2006) Database intrusion detection using weighted sequence mining. JCP 1:8–17

    Google Scholar 

  42. Subudhi S, Panigrahi S (2019) Application of optics and ensemble learning for database intrusion detection. J King Saud Univ Comput Inf Sci 34:972–981

    Google Scholar 

  43. Sun Y, Haoran X, Bertino E, Sun C (2016) A data-driven evaluation for insider threats. Data Sci Eng 1(2):73–85

    Article  Google Scholar 

  44. Transaction Processing Performance Council (1996) TPC benchmark C standard specification revision 5.2. http://www.tpc.org/tpcc/spec/tpcc_current.pdf

  45. Yang Y (2010) Web user behavioral profiling for user identification. Decis Support Syst 49:261–271

    Article  Google Scholar 

  46. Yun U, Leggett JJ (2005) WFIM: weighted frequent itemset mining with a weight range and a minimum weight. In: Proceedings of the 2005 SIAM International Conference on Data Mining. SIAM, pp 636–640

  47. Zamanian Z, Feizollah A, Anuar NB, Kiah LBM, Srikanth K, Kumar S (2019) User profiling in anomaly detection of authorization logs. In: Alfred R, Lim Y, Ibrahim AAA, Anthony P (eds) Computational science and technology. Springer, Singapore, pp 59–65

    Chapter  Google Scholar 

Download references

Funding

The authors declare that no funds, grants, or other support were received during the preparation of this manuscript.

Author information

Authors and Affiliations

  1. Department of Computer Science Engineering, Delhi Technological University, New Delhi, Delhi, 110042, India

    Indu Singh & Rajni Jindal

Authors
  1. Indu Singh
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rajni Jindal
    View author publications

    You can also search for this author in PubMed Google Scholar

Contributions

IS: Conceptualization, Methodology, Writing, Validation, Review and Editing. RJ: Conceptualization, Supervision, Methodology, Validation, Review and Editing.

Corresponding author

Correspondence to Indu Singh.

Ethics declarations

Conflict of interest

The authors declare that they have no conflict of interest.

Ethical approval

This article does not contain any studies with human participants performed by any of the authors.

Informed consent

This article does not contain any studies with human participants or animals performed by any of the authors.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Singh, I., Jindal, R. Trust factor-based analysis of user behavior using sequential pattern mining for detecting intrusive transactions in databases. J Supercomput 79, 11101–11133 (2023). https://doi.org/10.1007/s11227-023-05090-w

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-023-05090-w

Keywords

Search

Navigation