The relational database is designed to store and process large amount of information such as business records and personal data. There are many policies and access control techniques for database security, but they are not sufficient for detecting insider attacks. In order to detect threats for the database application, it is necessary to adopt role-based access control (RBAC) and classify the roles according to the authority of each user. In this paper, we propose a method of classifying user’s role and authority using the CNN-LSTM neural networks by extracting features from SQL queries. In the anomaly detection method, CNN automatically extracts important features from database query and LSTM models the temporal information of the SQL sequence. The class activation map also identifies the SQL query features that affect the classification. Experiments with the TPC-E scenario-based benchmark query dataset show that the CNN-LSTM neural networks surpass other state-of-the-art machine learning methods, achieving an overall accuracy of 93.3% and recall of 88.7%. We also identify the characteristics of misclassification data through statistical analysis.
|Title of host publication||Neural Information Processing - 26th International Conference, ICONIP 2019, Proceedings|
|Editors||Tom Gedeon, Kok Wai Wong, Minho Lee|
|Number of pages||9|
|Publication status||Published - 2019|
|Event||26th International Conference on Neural Information Processing, ICONIP 2019 - Sydney, Australia|
Duration: 2019 Dec 12 → 2019 Dec 15
|Name||Communications in Computer and Information Science|
|Conference||26th International Conference on Neural Information Processing, ICONIP 2019|
|Period||19/12/12 → 19/12/15|
Bibliographical noteFunding Information:
Acknowledgements. This work was supported by the grant funded by 2019 IT promotion fund (Development of AI based Precision Medicine Emergency System) of the Korea government (Ministry of Science and ICT).
All Science Journal Classification (ASJC) codes
- Computer Science(all)