CNN-LSTM neural networks for anomalous database intrusion detection in RBAC-administered model

Tae Young Kim; Sung Bae Cho

doi:10.1007/978-3-030-36808-1_15

CNN-LSTM neural networks for anomalous database intrusion detection in RBAC-administered model

Tae Young Kim, Sung Bae Cho

College of Computing

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

7 Citations (Scopus)

Abstract

The relational database is designed to store and process large amount of information such as business records and personal data. There are many policies and access control techniques for database security, but they are not sufficient for detecting insider attacks. In order to detect threats for the database application, it is necessary to adopt role-based access control (RBAC) and classify the roles according to the authority of each user. In this paper, we propose a method of classifying user’s role and authority using the CNN-LSTM neural networks by extracting features from SQL queries. In the anomaly detection method, CNN automatically extracts important features from database query and LSTM models the temporal information of the SQL sequence. The class activation map also identifies the SQL query features that affect the classification. Experiments with the TPC-E scenario-based benchmark query dataset show that the CNN-LSTM neural networks surpass other state-of-the-art machine learning methods, achieving an overall accuracy of 93.3% and recall of 88.7%. We also identify the characteristics of misclassification data through statistical analysis.

Original language	English
Title of host publication	Neural Information Processing - 26th International Conference, ICONIP 2019, Proceedings
Editors	Tom Gedeon, Kok Wai Wong, Minho Lee
Publisher	Springer
Pages	131-139
Number of pages	9
ISBN (Print)	9783030368074
DOIs	https://doi.org/10.1007/978-3-030-36808-1_15
Publication status	Published - 2019
Event	26th International Conference on Neural Information Processing, ICONIP 2019 - Sydney, Australia Duration: 2019 Dec 12 → 2019 Dec 15

Publication series

Name	Communications in Computer and Information Science
Volume	1142 CCIS
ISSN (Print)	1865-0929
ISSN (Electronic)	1865-0937

Conference

Conference	26th International Conference on Neural Information Processing, ICONIP 2019
Country/Territory	Australia
City	Sydney
Period	19/12/12 → 19/12/15

Bibliographical note

Funding Information:
This work was supported by the grant funded by 2019 IT promotion fund (Development of AI based Precision Medicine Emergency System) of the Korea government (Ministry of Science and ICT).

Funding Information:
Acknowledgements. This work was supported by the grant funded by 2019 IT promotion fund (Development of AI based Precision Medicine Emergency System) of the Korea government (Ministry of Science and ICT).

Publisher Copyright:
© Springer Nature Switzerland AG 2019.

All Science Journal Classification (ASJC) codes

Computer Science(all)
Mathematics(all)

Access to Document

10.1007/978-3-030-36808-1_15

Cite this

Kim, T. Y., & Cho, S. B. (2019). CNN-LSTM neural networks for anomalous database intrusion detection in RBAC-administered model. In T. Gedeon, K. W. Wong, & M. Lee (Eds.), Neural Information Processing - 26th International Conference, ICONIP 2019, Proceedings (pp. 131-139). (Communications in Computer and Information Science; Vol. 1142 CCIS). Springer. https://doi.org/10.1007/978-3-030-36808-1_15

@inproceedings{66b4ba1c75164ad3ba7a37e0736ead8e,

title = "CNN-LSTM neural networks for anomalous database intrusion detection in RBAC-administered model",

abstract = "The relational database is designed to store and process large amount of information such as business records and personal data. There are many policies and access control techniques for database security, but they are not sufficient for detecting insider attacks. In order to detect threats for the database application, it is necessary to adopt role-based access control (RBAC) and classify the roles according to the authority of each user. In this paper, we propose a method of classifying user{\textquoteright}s role and authority using the CNN-LSTM neural networks by extracting features from SQL queries. In the anomaly detection method, CNN automatically extracts important features from database query and LSTM models the temporal information of the SQL sequence. The class activation map also identifies the SQL query features that affect the classification. Experiments with the TPC-E scenario-based benchmark query dataset show that the CNN-LSTM neural networks surpass other state-of-the-art machine learning methods, achieving an overall accuracy of 93.3% and recall of 88.7%. We also identify the characteristics of misclassification data through statistical analysis.",

author = "Kim, {Tae Young} and Cho, {Sung Bae}",

note = "Funding Information: This work was supported by the grant funded by 2019 IT promotion fund (Development of AI based Precision Medicine Emergency System) of the Korea government (Ministry of Science and ICT). Funding Information: Acknowledgements. This work was supported by the grant funded by 2019 IT promotion fund (Development of AI based Precision Medicine Emergency System) of the Korea government (Ministry of Science and ICT). Publisher Copyright: {\textcopyright} Springer Nature Switzerland AG 2019.; 26th International Conference on Neural Information Processing, ICONIP 2019 ; Conference date: 12-12-2019 Through 15-12-2019",

year = "2019",

doi = "10.1007/978-3-030-36808-1_15",

language = "English",

isbn = "9783030368074",

series = "Communications in Computer and Information Science",

publisher = "Springer",

pages = "131--139",

editor = "Tom Gedeon and Wong, {Kok Wai} and Minho Lee",

booktitle = "Neural Information Processing - 26th International Conference, ICONIP 2019, Proceedings",

}

Kim, TY & Cho, SB 2019, CNN-LSTM neural networks for anomalous database intrusion detection in RBAC-administered model. in T Gedeon, KW Wong & M Lee (eds), Neural Information Processing - 26th International Conference, ICONIP 2019, Proceedings. Communications in Computer and Information Science, vol. 1142 CCIS, Springer, pp. 131-139, 26th International Conference on Neural Information Processing, ICONIP 2019, Sydney, Australia, 19/12/12. https://doi.org/10.1007/978-3-030-36808-1_15

CNN-LSTM neural networks for anomalous database intrusion detection in RBAC-administered model. / Kim, Tae Young; Cho, Sung Bae.
Neural Information Processing - 26th International Conference, ICONIP 2019, Proceedings. ed. / Tom Gedeon; Kok Wai Wong; Minho Lee. Springer, 2019. p. 131-139 (Communications in Computer and Information Science; Vol. 1142 CCIS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - CNN-LSTM neural networks for anomalous database intrusion detection in RBAC-administered model

AU - Kim, Tae Young

AU - Cho, Sung Bae

N1 - Funding Information: This work was supported by the grant funded by 2019 IT promotion fund (Development of AI based Precision Medicine Emergency System) of the Korea government (Ministry of Science and ICT). Funding Information: Acknowledgements. This work was supported by the grant funded by 2019 IT promotion fund (Development of AI based Precision Medicine Emergency System) of the Korea government (Ministry of Science and ICT). Publisher Copyright: © Springer Nature Switzerland AG 2019.

PY - 2019

Y1 - 2019

N2 - The relational database is designed to store and process large amount of information such as business records and personal data. There are many policies and access control techniques for database security, but they are not sufficient for detecting insider attacks. In order to detect threats for the database application, it is necessary to adopt role-based access control (RBAC) and classify the roles according to the authority of each user. In this paper, we propose a method of classifying user’s role and authority using the CNN-LSTM neural networks by extracting features from SQL queries. In the anomaly detection method, CNN automatically extracts important features from database query and LSTM models the temporal information of the SQL sequence. The class activation map also identifies the SQL query features that affect the classification. Experiments with the TPC-E scenario-based benchmark query dataset show that the CNN-LSTM neural networks surpass other state-of-the-art machine learning methods, achieving an overall accuracy of 93.3% and recall of 88.7%. We also identify the characteristics of misclassification data through statistical analysis.

AB - The relational database is designed to store and process large amount of information such as business records and personal data. There are many policies and access control techniques for database security, but they are not sufficient for detecting insider attacks. In order to detect threats for the database application, it is necessary to adopt role-based access control (RBAC) and classify the roles according to the authority of each user. In this paper, we propose a method of classifying user’s role and authority using the CNN-LSTM neural networks by extracting features from SQL queries. In the anomaly detection method, CNN automatically extracts important features from database query and LSTM models the temporal information of the SQL sequence. The class activation map also identifies the SQL query features that affect the classification. Experiments with the TPC-E scenario-based benchmark query dataset show that the CNN-LSTM neural networks surpass other state-of-the-art machine learning methods, achieving an overall accuracy of 93.3% and recall of 88.7%. We also identify the characteristics of misclassification data through statistical analysis.

UR - http://www.scopus.com/inward/record.url?scp=85089609208&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85089609208&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-36808-1_15

DO - 10.1007/978-3-030-36808-1_15

M3 - Conference contribution

AN - SCOPUS:85089609208

SN - 9783030368074

T3 - Communications in Computer and Information Science

SP - 131

EP - 139

BT - Neural Information Processing - 26th International Conference, ICONIP 2019, Proceedings

A2 - Gedeon, Tom

A2 - Wong, Kok Wai

A2 - Lee, Minho

PB - Springer

T2 - 26th International Conference on Neural Information Processing, ICONIP 2019

Y2 - 12 December 2019 through 15 December 2019

ER -

CNN-LSTM neural networks for anomalous database intrusion detection in RBAC-administered model

Abstract

Publication series

Conference

Bibliographical note

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this