Multilayered database intrusion detection system for detecting malicious behaviors in big data transaction

Nowadays, information plays a significant role in the enterprise organizations. Sensitive and vital data have a key character in organizing and storing within the database. Traditional mechanisms such as encryption, access control, and authentication cannot provide a high level of confidence. The existence of Intrusion Detection Systems in the Data-Base (DB-IDS) is a necessity because enterprises awash in data often struggle to answer basic question about detecting or preventing all facet of their threat. In this paper, we propose a novel type of intrusion detection system for detecting attacks in both database transaction level and inter-transaction level (user task level) in a high-rate transaction processing. For simplicity, our model is divided into two parts; detection method at transaction level and inter-transaction level (detection with learning method, concurrently in both level). Detection method at transaction level is based on describing the expected (normal) transactions within the database applications. This is also focused on anomaly detection and used data mining to find dependency and sequence rules (the effect of spatial and temporal heterogeneity) in where inter-transaction level is used. Also, it gains advantages of a hybrid method, including specification-based detection and anomaly detection, to minimize both false positive and false negative errors. Simulation and implementation experiments in Mobile Telecommunication Company of Iran (MCI) revealed the accuracy of our models. The experiment results demonstrated the true positive detection rate is higher than 0.8, and the false positive detection rate is lower than 0.1 choosing appropriate ranges for support and confidence thresholds. The experimental evaluation results show high accuracy and effectiveness of the proposed system.