Abstract
Organizations today are employing databases on a large scale to store data essential for their functioning. Malicious access and modifications of the databases may lead to adverse financial and legal implications. In recent years, security researchers have focused on detecting abuse of access privileges by employees of an organization. Identifying threats from insiders is hard because they are aware of the organization of the database in addition to having authorised access privileges. To detect insider attacks effectively and efficiently, we present a novel approach to dynamically determine the malicious transactions using historical data. We propose Trust factor-based user behavior analysis using sequential pattern mining for database intrusion detection systems (TFUBID). Since, groups of users access the organizational database for similar purposes, we cluster user behavior vectors using fuzzy clustering and define a class of Integral Data Attributes using sequential pattern mining to model trust factor-based behavioral patterns of employees accessing the database assigning higher weight to critical elements and Directly Correlated Attributes. A comprehensive experimental evaluation on our synthetic dataset adhering to TPC-C standard benchmark revealed that TFUBID achieved an accuracy of 94% for detecting malicious transactions and outperforms competing state-of-the-art techniques on several performance measures.
Similar content being viewed by others
Data availability
The datasets generated and/or analzsed during the current study are available in http://www.tpc.org/tpcc/default.asp.
References
Agrawal R, Srikant R (1994) Fast algorithms for mining association rules in large databases. In: Proceedings of the 20th International Conference on Very Large Data Bases, VLDB ’94. Morgan Kaufmann Publishers Inc, San Francisco, pp 487–499
Agrawal R, Srikant R (1995) Mining sequential patterns. In: Proceedings of the Eleventh International Conference on Data Engineering, ICDE ’95. IEEE Computer Society, pp 3–14
Aljawarneh S, Aldwairi M, Yassein MB (2018) Anomaly-based intrusion detection system through feature selection analysis and building hybrid efficient model. J Comput Sci 25:152–160
Bertino E, Sandhu R (2005) Database security—concepts, approaches, and challenges. IEEE Trans Depend Secure Comput 2(1):2–19
Bertino E, Terzi E, Kamra A, Vakali A (2005) Intrusion detection in RBAC-administered databases. In: 21st Annual Computer Security Applications Conference (ACSAC’05), pp 10–182
Bezdek JC, Ehrlich R, Full W (1984) FCM: the fuzzy c-means clustering algorithm. Comput Geosci 10(2):191–203
Bu SJ, Cho SB (2020) A convolutional neural-based learning classifier system for detecting database intrusion via insider attack. Inf Sci 512:123–136
Bu S-J, Kang H-B, Cho S-B (2022) Ensemble of deep convolutional learning classifier system based on genetic algorithm for database intrusion detection. Electronics 11(5):745
Cappelli D, Moore A, Trzeciak R, Shimeall T (2006) Common sense guide to prevention and detection of insider threats 3rd edition-version 3.1
Chung CY, Gertz M, Levitt K (2000) DEMIDS: a misuse detection system for database systems. Springer, Boston, pp 159–178
Corney M, Mohay GM, Clark AJ (2011) Detection of anomalies from user profiles generated from system logs. In: Proceedings of the Ninth Australasian Information Security Conference, Volume 116 of AISC ’11. Australian Computer Society, Inc., pp 23–32
Denning DE (1987) An intrusion-detection model. IEEE Trans Softw Eng 13(2):222–232
Dunn JC (1973) A fuzzy relative of the ISODATA process and its use in detecting compact well-separated clusters. J Cybern 3(3):32–57
Fuglede B, Topsoe F (2004) Jensen–Shannon divergence and Hilbert space embedding. In: International Symposium on Information Theory, 2004. ISIT 2004. Proceedings, p 31
Furnell S (2004) Enemies within: the problem of insider attacks. Comput Fraud Secur 2004(7):6–11
Hashemi S, Yang Y, Zabihzadeh D, Kangavari M (2008) Detecting intrusion transactions in databases using data item dependencies and anomaly analysis. Expert Syst 25(5):460–473
Hu Y, Panda B (2004) A data mining approach for database intrusion detection. In: Proceedings of the 2004 ACM Symposium on Applied Computing, SAC ’04. Association for Computing Machinery, New York, pp 711–716
Hu Y, Panda B (2005) Design and analysis of techniques for detection of malicious activities in database systems. J Netw Syst Manag 13(3):269–291
Jindal R, Singh I (2022) Detecting malicious transactions in database using hybrid metaheuristic clustering and frequent sequential pattern mining. Cluster Comput 25(6):3937–3959
Kim J, Jung H, Kim W (2022) Sequential pattern mining approach for personalized fraudulent transaction detection in online banking. Sustainability 14(15):9791
Kim T-Y, Cho S-B (2019) CNN-LSTM neural networks for anomalous database intrusion detection in RBAC-administered model. In: Gedeon T, Wong KW, Lee M (eds) Neural information processing. Springer, Cham, pp 131–139
Kim TY, Bae Cho S (2021) Optimizing CNN-LSTM neural networks with PSO for anomalous query access control. Neurocomputing 456:666–677
Kumar S, Mohbey KK (2022) A review on big data based parallel and distributed approaches of pattern mining. J King Saud Univ Comput Inf Sci 34(5):1639–1662
Kumar S, Mohbey KK (2022) A utility-based distributed pattern mining algorithm with reduced shuffle overhead. IEEE Trans Parallel Distrib Syst 34(1):416–428
Lan G-C, Hong T-P, Lee H-Y (2014) An efficient approach for finding weighted sequential patterns from sequence databases. Appl Intell 41(2):439–452
Lee VCS, Stankovic JA, Son SH (2000) Intrusion detection in real-time database systems via time signatures. In: Proceedings Sixth IEEE Real-Time Technology and Applications Symposium. RTAS 2000, pp 124–133
Lunt T, Tamaru A, Gilham F, Jagannathan R, Jalali C, Neumann P, Javitz H, Garvey T (1992) A real-time intrusion-detection expert system
Mangalampalli A, Pudi V (2009) Fuzzy association rule mining algorithm for fast and efficient performance on very large datasets, pp 1163–1168
Pannell G, Ashman H (2010) Anomaly detection over user profiles for intrusion detection. In: 8th Australian Information Security Management Conference
Pei J, Han J, Mortazavi-Asl B, Wang J, Pinto H, Chen Q, Dayal U, Hsu MC (2004) Mining sequential patterns by pattern-growth: the prefixspan approach. IEEE Trans Knowl Data Eng 16(11):1424–1440
Rahman MM, Ahmed CF, Leung CK, Pazdor AGM (2018) Frequent sequence mining with weight constraints in uncertain databases. In: Proceedings of the 12th International Conference on Ubiquitous Information Management and Communication, IMCOM ’18. Association for Computing Machinery, New York
Rahman MM, Ahmed CF, Leung CK-S (2019) Mining weighted frequent sequences in uncertain databases. Inf Sci 479:76–100
Roesch M (1999) Snort: lightweight intrusion detection for networks. In: Proceedings of the 13th USENIX Conference on System Administration, LISA ’99. USENIX Association, New York, pp 229–238
Ronao CA, Cho S-B (2016) Anomalous query access detection in RBAC-administered databases with random forest and PCA. Inf Sci 369:238–250
Ruijuan Z, Jing C, Mingchuan Z, Junlong Z, Qingtao W (2016) User abnormal behavior analysis based on neural network clustering. J China Univ Posts Telecommun 23(3):29–44
Singh I, Jindal R (2021) Expectation maximization clustering and sequential pattern mining based approach for detecting intrusive transactions in databases. Multim Tools Appl 80(18):27649–27681
Singh I, Manuja M, Mathur R, Goswami M (2020) Detecting intrusive transactions in databases using partially-ordered sequential rule mining and fractional-distance based anomaly detection. Int J Intell Eng Inform 8(2):138–171
Singh I, Mehraj B, Gupta N (2022) Intrusion detection system for databases: a hybrid metaheuristic clustering and closed sequential pattern mining approach. In: 2022 8th International Conference on Advanced Computing and Communication Systems (ICACCS), vol 1, pp 38–45
Srikant R, Agrawal R (1996) Mining sequential patterns: generalizations and performance improvements. In: Advances in Database Technology—EDBT ’96. Springer, Berlin, pp 1–17
Srivastava A, Sural S, Majumdar AK (2006) Weighted intra-transactional rule mining for database intrusion detection. In: Ng W-K, Kitsuregawa M, Li J, Chang K (eds) Advances in knowledge discovery and data mining. Springer, Berlin, pp 611–620
Srivastava A, Sural S, Majumdar A (2006) Database intrusion detection using weighted sequence mining. JCP 1:8–17
Subudhi S, Panigrahi S (2019) Application of optics and ensemble learning for database intrusion detection. J King Saud Univ Comput Inf Sci 34:972–981
Sun Y, Haoran X, Bertino E, Sun C (2016) A data-driven evaluation for insider threats. Data Sci Eng 1(2):73–85
Transaction Processing Performance Council (1996) TPC benchmark C standard specification revision 5.2. http://www.tpc.org/tpcc/spec/tpcc_current.pdf
Yang Y (2010) Web user behavioral profiling for user identification. Decis Support Syst 49:261–271
Yun U, Leggett JJ (2005) WFIM: weighted frequent itemset mining with a weight range and a minimum weight. In: Proceedings of the 2005 SIAM International Conference on Data Mining. SIAM, pp 636–640
Zamanian Z, Feizollah A, Anuar NB, Kiah LBM, Srikanth K, Kumar S (2019) User profiling in anomaly detection of authorization logs. In: Alfred R, Lim Y, Ibrahim AAA, Anthony P (eds) Computational science and technology. Springer, Singapore, pp 59–65
Funding
The authors declare that no funds, grants, or other support were received during the preparation of this manuscript.
Author information
Authors and Affiliations
Contributions
IS: Conceptualization, Methodology, Writing, Validation, Review and Editing. RJ: Conceptualization, Supervision, Methodology, Validation, Review and Editing.
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that they have no conflict of interest.
Ethical approval
This article does not contain any studies with human participants performed by any of the authors.
Informed consent
This article does not contain any studies with human participants or animals performed by any of the authors.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Singh, I., Jindal, R. Trust factor-based analysis of user behavior using sequential pattern mining for detecting intrusive transactions in databases. J Supercomput 79, 11101–11133 (2023). https://doi.org/10.1007/s11227-023-05090-w
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11227-023-05090-w