Mining SQL queries to detect anomalous database access using random forest and PCA

Charissa Ann Ronao, Sung Bae Cho

Research output: Chapter in Book/Report/Conference proceedingConference contribution

7 Citations (Scopus)

Abstract

Data have become a very important asset to many organizations, companies, and individuals, and thus, the security of relational databases that encapsulate these data has become a major concern. Standard database security mechanisms, as well as network-based and host-based intrusion detection systems, have been rendered inept in detecting malicious attacks directed specifically to databases. Therefore, there is an imminent need in developing an intrusion detection system (IDS) specifically for the database. In this paper, we propose the use of the random forest (RF) algorithm as the anomaly detection core mechanism, in conjunction with principal components analysis (PCA) for the task of dimension reduction. Experiments show that PCA produces a very compact, meaningful set of features, while RF, a graphical method that is most likely to exploit the inherent tree-structure characteristic of SQL queries, exhibits a consistently good performance in terms of false positive rate, false negative rate, and time complexity, even with varying number of features.

Original languageEnglish
Title of host publicationCurrent Approaches in Applied Artificial Intelligence - 28th International Conference on Industrial, Engineering and Other Applications of Applied Intelligent Systems, IEA/AIE 2015, Proceedings
EditorsChang-Hwan Lee, Yongdai Kim, Young Sig Kwon, Juntae Kim, Moonis Ali
PublisherSpringer Verlag
Pages151-160
Number of pages10
ISBN (Print)9783319190655
DOIs
Publication statusPublished - 2015 Jan 1
Event28th International Conference on Industrial, Engineering and Other Applications of Applied Intelligent Systems, IEA/AIE 2015 - Seoul, Korea, Republic of
Duration: 2015 Jun 102015 Jun 12

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume9101
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other28th International Conference on Industrial, Engineering and Other Applications of Applied Intelligent Systems, IEA/AIE 2015
CountryKorea, Republic of
CitySeoul
Period15/6/1015/6/12

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint Dive into the research topics of 'Mining SQL queries to detect anomalous database access using random forest and PCA'. Together they form a unique fingerprint.

  • Cite this

    Ronao, C. A., & Cho, S. B. (2015). Mining SQL queries to detect anomalous database access using random forest and PCA. In C-H. Lee, Y. Kim, Y. S. Kwon, J. Kim, & M. Ali (Eds.), Current Approaches in Applied Artificial Intelligence - 28th International Conference on Industrial, Engineering and Other Applications of Applied Intelligent Systems, IEA/AIE 2015, Proceedings (pp. 151-160). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9101). Springer Verlag. https://doi.org/10.1007/978-3-319-19066-2_15