Detection of intrusive activity in databases by combining multiple evidences and belief update

Suvasini Panigrahi, Shamik Sural, A.K. Majumdar
2009 2009 IEEE Symposium on Computational Intelligence in Cyber Security  
In this paper, we propose an innovative approach for database intrusion detection which combines evidences from current as well as past behavior of users. It consists of four components, namely, rule-based component, belief combination component, security sensitive history database component and Bayesian learning component. The rule-based component consists of a set of well-defined rules which give independent evidences about a transaction's behavior. An extension of Dempster-Shafer's theory is
more » ... -Shafer's theory is used to combine multiple such evidences and an initial belief is computed. First level inferences are made about the transaction depending on this initial belief. Once the transaction is found to be suspicious, belief is updated according to its similarity with malicious or genuine transaction history using Bayesian learning. Experimental evaluation shows that the proposed intrusion detection system can effectively detect intrusive attacks in databases without raising too many false alarms.
doi:10.1109/cicybs.2009.4925094 dblp:conf/cics/PanigrahiSM09 fatcat:n5jthbnferf5fmgn5l5sfyn2gu