A novel machine learning approach for database exploitation detection and privilege control
|
Published Version
(PDF 2MB)
127456.pdf. Available under License Creative Commons Attribution 2.5. |
Open access copy at publisher website
Description
Despite protected by firewalls and network security systems, databases are vulnerable to attacks especially when the perpetrators are from within the organization and have authorized access to these systems. Detecting their malicious activities is difficult as each database has its own set of unique usage activities and the generic exploitation avoidance rules are usually not applicable. This paper proposes a novel method to improve the security of a database by using machine learning to learn the user behaviour unique to a database environment and apply that learning to detect anomalous user activities through the analysis of sequences of user session data. Once these suspicious users are detected, their privileges are systematically suppressed. The empirical analysis shows that the proposed approach can intuitively adapt to any database that supports a wide variety of clients and enforce stringent control customized to the specific ITsystems.
Impact and interest:
Citation counts are sourced monthly from Scopus and Web of Science® citation databases.
These databases contain citations from different subsets of available publications and different time periods and thus the citation count from each is usually different. Some works are not in either database and no count is displayed. Scopus includes citations from articles published in 1996 onwards, and Web of Science® generally from 1980 onwards.
Citations counts from the Google Scholar™ indexing service can be viewed at the linked Google Scholar™ search.
Full-text downloads:
Full-text downloads displays the total number of times this work’s files (e.g., a PDF) have been downloaded from QUT ePrints as well as the number of downloads in the previous 365 days. The count includes downloads for all files if a work has more than one.
| ID Code: | 127456 | ||||
|---|---|---|---|---|---|
| Item Type: | Contribution to Journal (Journal Article) | ||||
| Refereed: | Yes | ||||
| ORCID iD: |
|
||||
| Measurements or Duration: | 18 pages | ||||
| Keywords: | Database, anomaly detection, association rules, privilege control, reinforcement learning, self-healing | ||||
| DOI: | 10.1080/24751839.2019.1570454 | ||||
| ISSN: | 2475-1847 | ||||
| Pure ID: | 33452436 | ||||
| Divisions: | Past > Institutes > Institute for Future Environments Past > QUT Faculties & Divisions > Science & Engineering Faculty |
||||
| Copyright Owner: | Consult author(s) regarding copyright matters | ||||
| Copyright Statement: | This work is covered by copyright. Unless the document is being made available under a Creative Commons Licence, you must assume that re-use is limited to personal use and that permission from the copyright owner must be obtained for all other uses. If the document is available under a Creative Commons License (or other specified license) then refer to the Licence for details of permitted re-use. It is a condition of access that users recognise and abide by the legal requirements associated with these rights. If you believe that this work infringes copyright please provide details by email to qut.copyright@qut.edu.au | ||||
| Deposited On: | 13 Mar 2019 00:51 | ||||
| Last Modified: | 01 Mar 2024 19:25 |
Export: EndNote | Dublin Core | BibTeX
Repository Staff Only: item control page
CORE (COnnecting REpositories)
CORE (COnnecting REpositories)