A hybrid approach for database intrusion detection at transaction and inter-transaction levels

Nowadays, information plays an important role in the organizations. Sensitive information is often stored within the database. Traditional mechanisms such as encryption, access control, and authentication cannot provide a high level of confidence. Therefore, the existence of Intrusion Detection Systems in the database is a necessity. In this paper, we propose a type of intrusion detection system for detecting attacks in both database transaction level and inter-transaction level (user task level). For this purpose, we propose a detection method at transaction level, which is based on describing the expected transactions within the database applications. Then at inter-transaction level, we propose a detection method that is based on anomaly detection and uses data mining to find dependency and sequence rules. The advantage of this system compared to the previous database intrusion detection systems is that it can detect malicious behaviors in both transaction and inter-transaction levels. Also, it gains advantages of a hybrid method, including specification-based detection and anomaly detection, to minimize both false positive and false negative errors. In order to evaluate the accuracy of the proposed system, some experiments have been done. The experimental evaluation results show high accuracy and effectiveness of the proposed system.