A Bayesian model for anomaly detection in SQL databases for security systems

M.M. Drugan

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

217 Downloads (Pure)

Abstract

We focus on automatic anomaly detection in SQL databases for security systems.
Many logs of database systems, here the Townhall database, contain detailed information about users, like the SQL queries and the response of the database.
A database is a list of log instances, where each log instance is a Cartesian product of feature values with an attached anomaly score. All log instances with the anomaly score in the top percentile are identified as anomalous. Our contribution is multi-folded. We define a model for anomaly detection of SQL databases that learns the structure of Bayesian networks from data. Our method for automatic feature extraction generates the maximal spanning tree to detect the strongest similarities between features. Novel anomaly scores based on the joint probability distribution of the database features and the log-likelihood of the maximal spanning tree detect both point and contextual anomalies. Multiple anomaly scores are combined within a robust anomaly analysis algorithm. We validate our method on the Townhall database showing the performance of our anomaly detection algorithm.
Original languageEnglish
Title of host publication2016 IEEE Symposium Series on Computational Intelligence (IEEE SSCI 2016) Proceedings, , 6-9 December 2016, Athens, Greece
Place of PublicationRed Hook
PublisherCurran Associates
Number of pages18
ISBN (Electronic) 978-1-5090-4240-1
DOIs
Publication statusPublished - 9 Feb 2017
Event2016 IEEE Symposium on Computational Intelligence (SSCI 2016), December 6-9, 2016, Athens, Greece - Athens, Greece
Duration: 6 Dec 20169 Dec 2016

Conference

Conference2016 IEEE Symposium on Computational Intelligence (SSCI 2016), December 6-9, 2016, Athens, Greece
Abbreviated titleSSCI 2016
CountryGreece
CityAthens
Period6/12/169/12/16

Keywords

  • Anomaly detection
  • Beyesian netwrok classifiers
  • SQL databases
  • Security systems

Fingerprint

Dive into the research topics of 'A Bayesian model for anomaly detection in SQL databases for security systems'. Together they form a unique fingerprint.

Cite this