A Bayesian model for anomaly detection in SQL databases for security systems

M.M. Drugan

Onderzoeksoutput: Hoofdstuk in Boek/Rapport/CongresprocedureConferentiebijdrageAcademicpeer review

212 Downloads (Pure)

Samenvatting

We focus on automatic anomaly detection in SQL databases for security systems.
Many logs of database systems, here the Townhall database, contain detailed information about users, like the SQL queries and the response of the database.
A database is a list of log instances, where each log instance is a Cartesian product of feature values with an attached anomaly score. All log instances with the anomaly score in the top percentile are identified as anomalous. Our contribution is multi-folded. We define a model for anomaly detection of SQL databases that learns the structure of Bayesian networks from data. Our method for automatic feature extraction generates the maximal spanning tree to detect the strongest similarities between features. Novel anomaly scores based on the joint probability distribution of the database features and the log-likelihood of the maximal spanning tree detect both point and contextual anomalies. Multiple anomaly scores are combined within a robust anomaly analysis algorithm. We validate our method on the Townhall database showing the performance of our anomaly detection algorithm.
Originele taal-2Engels
Titel2016 IEEE Symposium Series on Computational Intelligence (IEEE SSCI 2016) Proceedings, , 6-9 December 2016, Athens, Greece
Plaats van productieRed Hook
UitgeverijCurran Associates
Aantal pagina's18
ISBN van elektronische versie 978-1-5090-4240-1
DOI's
StatusGepubliceerd - 9 feb 2017
Evenement2016 IEEE Symposium on Computational Intelligence (SSCI 2016), December 6-9, 2016, Athens, Greece - Athens, Griekenland
Duur: 6 dec 20169 dec 2016

Congres

Congres2016 IEEE Symposium on Computational Intelligence (SSCI 2016), December 6-9, 2016, Athens, Greece
Verkorte titelSSCI 2016
LandGriekenland
StadAthens
Periode6/12/169/12/16

Vingerafdruk Duik in de onderzoeksthema's van 'A Bayesian model for anomaly detection in SQL databases for security systems'. Samen vormen ze een unieke vingerafdruk.

Citeer dit