As most organizations and companies depend on the database to process confidential information, database security has received considerable attention in recent years. In the database security category, access control is the selective restriction of access to the system or information only by the authorized user. However, access control is difficult to prevent information leakage by structured query language (SQL) statements created by internal attackers. In this paper, we propose a hybrid anomalous query access control system to extract the features of the access behavior by parsing the query log with the assumption that the DBA has role-based access control (RBAC) and to detect the database access anomalies in the features using the particle swarm optimization (PSO)-based CNN-LSTM network. The CNN hierarchy can extract important features for role classification in the vector of elements that have converted the SQL queries, and the LSTM model is suitable for representing the sequential relationship of SQL query statements. The PSO automatically finds the optimal CNN-LSTM hyperparameters for access control. Our CNN-LSTM method achieves nearly perfect access control performance for very similar roles that were previously difficult to classify and explains important variables that influence the role classification. Finally, the PSO-based CNN-LSTM networks outperform other state-of-the-art machine learning techniques in the TPC-E scenario-based virtual query dataset.
|Title of host publication||Hybrid Artificial Intelligent Systems - 14th International Conference, HAIS 2019, Proceedings|
|Editors||Hilde Pérez García, Lidia Sánchez González, Manuel Castejón Limas, Héctor Quintián Pardo, Emilio Corchado Rodríguez|
|Number of pages||10|
|Publication status||Published - 2019|
|Event||14th International Conference on Hybrid Artificial Intelligence Systems, HAIS 2019 - León, Spain|
Duration: 2019 Sept 4 → 2019 Sept 6
|Name||Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)|
|Conference||14th International Conference on Hybrid Artificial Intelligence Systems, HAIS 2019|
|Period||19/9/4 → 19/9/6|
Bibliographical noteFunding Information:
This work was supported by an Electronics and Telecommunications Research Institute (ETRI) grant funded by the Korean government (19ZS1110, Development of self-improving and human augmenting cognitive computing technology).
© 2019, Springer Nature Switzerland AG.
All Science Journal Classification (ASJC) codes
- Theoretical Computer Science
- Computer Science(all)