An approach for database intrusion detection based on the event sequence clustering

Li Yinzhao; Yang Dongxu; Ren Jiadong; Hu Changzhen

doi:10.1109/NCM.2009.30

An approach for database intrusion detection based on the event sequence clustering

Li Yinzhao^*, Yang Dongxu, Ren Jiadong, Hu Changzhen

^*Corresponding author for this work

School of Cyberspace Science and Technology

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

2 Citations (Scopus)

Abstract

Database intrusion detection technology is an important part of the database security. The paper presents a new database intrusion detection method based on the event sequence clustering. Firstly, aiming at computing the similarity of two SQL statement sequences, an improved edit distance function is defined. The corresponding clustering results are obtained by the computed similarity. Secondly, the attack sequences are detected by calculating the similarity between user's operation sequences and cluster center. The association between two operation sequences is analyzed. At last, the experimental results show that our approach has lower false alarm rate and higher accuracy rate.

Original language	English
Title of host publication	NCM 2009 - 5th International Joint Conference on INC, IMS, and IDC
Pages	584-588
Number of pages	5
DOIs	https://doi.org/10.1109/NCM.2009.30
Publication status	Published - 2009
Event	NCM 2009 - 5th International Joint Conference on Int. Conf. on Networked Computing, Int. Conf. on Advanced Information Management and Service, and Int. Conf. on Digital Content, Multimedia Technology and its Applications - Seoul, Korea, Republic of Duration: 25 Aug 2009 → 27 Aug 2009

Publication series

Name	NCM 2009 - 5th International Joint Conference on INC, IMS, and IDC

Conference

Conference	NCM 2009 - 5th International Joint Conference on Int. Conf. on Networked Computing, Int. Conf. on Advanced Information Management and Service, and Int. Conf. on Digital Content, Multimedia Technology and its Applications
Country/Territory	Korea, Republic of
City	Seoul
Period	25/08/09 → 27/08/09

Keywords

Clustering
Database intrusion detection
Event sequence

Access to Document

10.1109/NCM.2009.30

Cite this

@inproceedings{7755f9ef31cc4e28a9faef06d926851b,

title = "An approach for database intrusion detection based on the event sequence clustering",

abstract = "Database intrusion detection technology is an important part of the database security. The paper presents a new database intrusion detection method based on the event sequence clustering. Firstly, aiming at computing the similarity of two SQL statement sequences, an improved edit distance function is defined. The corresponding clustering results are obtained by the computed similarity. Secondly, the attack sequences are detected by calculating the similarity between user's operation sequences and cluster center. The association between two operation sequences is analyzed. At last, the experimental results show that our approach has lower false alarm rate and higher accuracy rate.",

keywords = "Clustering, Database intrusion detection, Event sequence",

author = "Li Yinzhao and Yang Dongxu and Ren Jiadong and Hu Changzhen",

year = "2009",

doi = "10.1109/NCM.2009.30",

language = "English",

isbn = "9780769537696",

series = "NCM 2009 - 5th International Joint Conference on INC, IMS, and IDC",

pages = "584--588",

booktitle = "NCM 2009 - 5th International Joint Conference on INC, IMS, and IDC",

note = "NCM 2009 - 5th International Joint Conference on Int. Conf. on Networked Computing, Int. Conf. on Advanced Information Management and Service, and Int. Conf. on Digital Content, Multimedia Technology and its Applications ; Conference date: 25-08-2009 Through 27-08-2009",

}

Yinzhao, L, Dongxu, Y, Jiadong, R & Changzhen, H 2009, An approach for database intrusion detection based on the event sequence clustering. in NCM 2009 - 5th International Joint Conference on INC, IMS, and IDC., 5331785, NCM 2009 - 5th International Joint Conference on INC, IMS, and IDC, pp. 584-588, NCM 2009 - 5th International Joint Conference on Int. Conf. on Networked Computing, Int. Conf. on Advanced Information Management and Service, and Int. Conf. on Digital Content, Multimedia Technology and its Applications, Seoul, Korea, Republic of, 25/08/09. https://doi.org/10.1109/NCM.2009.30

An approach for database intrusion detection based on the event sequence clustering. / Yinzhao, Li; Dongxu, Yang; Jiadong, Ren et al.
NCM 2009 - 5th International Joint Conference on INC, IMS, and IDC. 2009. p. 584-588 5331785 (NCM 2009 - 5th International Joint Conference on INC, IMS, and IDC).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - An approach for database intrusion detection based on the event sequence clustering

AU - Yinzhao, Li

AU - Dongxu, Yang

AU - Jiadong, Ren

AU - Changzhen, Hu

PY - 2009

Y1 - 2009

N2 - Database intrusion detection technology is an important part of the database security. The paper presents a new database intrusion detection method based on the event sequence clustering. Firstly, aiming at computing the similarity of two SQL statement sequences, an improved edit distance function is defined. The corresponding clustering results are obtained by the computed similarity. Secondly, the attack sequences are detected by calculating the similarity between user's operation sequences and cluster center. The association between two operation sequences is analyzed. At last, the experimental results show that our approach has lower false alarm rate and higher accuracy rate.

AB - Database intrusion detection technology is an important part of the database security. The paper presents a new database intrusion detection method based on the event sequence clustering. Firstly, aiming at computing the similarity of two SQL statement sequences, an improved edit distance function is defined. The corresponding clustering results are obtained by the computed similarity. Secondly, the attack sequences are detected by calculating the similarity between user's operation sequences and cluster center. The association between two operation sequences is analyzed. At last, the experimental results show that our approach has lower false alarm rate and higher accuracy rate.

KW - Clustering

KW - Database intrusion detection

KW - Event sequence

UR - http://www.scopus.com/inward/record.url?scp=73549121089&partnerID=8YFLogxK

U2 - 10.1109/NCM.2009.30

DO - 10.1109/NCM.2009.30

M3 - Conference contribution

AN - SCOPUS:73549121089

SN - 9780769537696

T3 - NCM 2009 - 5th International Joint Conference on INC, IMS, and IDC

SP - 584

EP - 588

BT - NCM 2009 - 5th International Joint Conference on INC, IMS, and IDC

T2 - NCM 2009 - 5th International Joint Conference on Int. Conf. on Networked Computing, Int. Conf. on Advanced Information Management and Service, and Int. Conf. on Digital Content, Multimedia Technology and its Applications

Y2 - 25 August 2009 through 27 August 2009

ER -

An approach for database intrusion detection based on the event sequence clustering

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this