A convolutional neural-based learning classifier system for detecting database intrusion via insider attack

Seok Jun Bu, Sung Bae Cho

Research output: Contribution to journalArticlepeer-review

52 Citations (Scopus)


Role-based access control (RBAC) in databases provides a valuable level of abstraction to promote security administration at the business enterprise level. With the capacity for adaptation and learning, machine learning algorithms are suitable for modeling normal data access patterns based on large amounts of data and presenting robust statistical models that are not sensitive to user changes. We propose a convolutional neural-based learning classifier system (CN-LCS) that models the role of queries by combining conventional learning classifier system (LCS) with convolutional neural network (CNN) for a database intrusion detection system based on the RBAC mechanism. The combination of modified Pittsburgh-style LCSs for the optimization of feature selection rules and one-dimensional CNNs for modeling and classification in place of traditional rule generation outperforms other machine learning classifiers on a synthetic query dataset. In order to quantitatively compare the inclusion of rule generation and modeling processes in the CN-LCS, we have conducted 10-fold cross-validation tests and analysis through a paired sampled t-test.

Original languageEnglish
Pages (from-to)123-136
Number of pages14
JournalInformation sciences
Publication statusPublished - 2020 Feb

Bibliographical note

Funding Information:
This work was supported by Defense Acquisition Program Administration and Agency for Defense Development under the contract ( UD190016ED ).

Publisher Copyright:
© 2019

All Science Journal Classification (ASJC) codes

  • Software
  • Control and Systems Engineering
  • Theoretical Computer Science
  • Computer Science Applications
  • Information Systems and Management
  • Artificial Intelligence


Dive into the research topics of 'A convolutional neural-based learning classifier system for detecting database intrusion via insider attack'. Together they form a unique fingerprint.

Cite this