A novel machine learning approach for database exploitation detection and privilege control

Despite protected by firewalls and network security systems, databases are vulnerable to attacks especially when the perpetrators are from within the organization and have authorized access to these systems. Detecting their malicious activities is difficult as each database has its own set of unique...

Full description

Saved in:
Bibliographic Details
Published in:Journal of information and telecommunication (Print) 2019-07, Vol.3 (3), p.308-325
Main Authors: Wee, Chee Keong, Nayak, Richi
Format: Article
Language:English
Subjects:
anomaly detection
association rules
Empirical analysis
Exploitation
Firewalls
Machine learning
privilege control
reinforcement learning
Security systems
self-healing
Uniqueness
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Despite protected by firewalls and network security systems, databases are vulnerable to attacks especially when the perpetrators are from within the organization and have authorized access to these systems. Detecting their malicious activities is difficult as each database has its own set of unique usage activities and the generic exploitation avoidance rules are usually not applicable. This paper proposes a novel method to improve the security of a database by using machine learning to learn the user behaviour unique to a database environment and apply that learning to detect anomalous user activities through the analysis of sequences of user session data. Once these suspicious users are detected, their privileges are systematically suppressed. The empirical analysis shows that the proposed approach can intuitively adapt to any database that supports a wide variety of clients and enforce stringent control customized to the specific IT systems.
ISSN:2475-1839
2475-1847
DOI:10.1080/24751839.2019.1570454