Browse > Article
http://dx.doi.org/10.3745/KIPSTC.2002.9C.6.831

Anomaly Intrusion Detection based on Association Rule Mining in a Database System  

Park, Jeong-Ho (연세대학교 대학원 컴퓨터과학과)
Oh, Sang-Hyun (연세대학교 대학원 컴퓨터과학과)
Lee, Won-Suk (연세대학교 컴퓨터과학과)
Publication Information
The KIPS Transactions:PartC / v.9C, no.6, 2002 , pp. 831-840 More about this Journal
Abstract
Due to the advance of computer and communication technology, intrusions or crimes using a computer have been increased rapidly while tremendous information has been provided to users conveniently Specially, for the security of a database which stores important information such as the private information of a customer or the secret information of a company, several basic suity methods of a database management system itself or conventional misuse detection methods have been used. However, a problem caused by abusing the authority of an internal user such as the drain of secret information is more serious than the breakdown of a system by an external intruder. Therefore, in order to maintain the sorority of a database effectively, an anomaly defection technique is necessary. This paper proposes a method that generates the normal behavior profile of a user from the database log of the user based on an association mining method. For this purpose, the Information of a database log is structured by a semantically organized pattern tree. Consequently, an online transaction of a user is compared with the profile of the user, so that any anomaly can be effectively detected.
Keywords
Anomaly Detection; Intrusion Detection; Data Mining; Association Rule Mining;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 W. Lee, S. Stolfo and P. K. Chan, 'Learning Patterns from Unix Process Execution Traces for Intrusion Detection,' Proc. AAAI-97 Work. On AI Methods in Fraud and Risk Management, 1997
2 T. D. Garvey and Teresa, F. Lunt, 'Model Based Intrusion Detection,' In Proc. Of the 14th National Computer Security Conference, pp.372-385, October, 1991
3 D. E. Denning, Cryptography and Data Security, Addision-Wesley, 1982
4 William Stallings, Network And Internetwork Security Principles and Practice, Prentice Hall, Inc. 1995
5 Carter and Katz, Computer crime : an emerging challenge for law enforcement, FBI Law Enforcement Bulletin, pp.1-8, December, 1996
6 W. Lee and S. Stolfo, 'Data Mining Approaches for Intrusion Detection,' In Proc. of the 7th USENIX Security Symposium, San Antonio, Texas, January, 1998
7 F. Chin, 'Security in Statistical Databases for Queries with Small Counts,' TODS, 3 : 1, March, 1978   DOI   ScienceOn
8 D. E. Bell, L. J. La Padula, Secure Computer Systems : Mathematical Foundations and Model, Technical Report M74-244, MITRE Corp, 1974
9 S. Stolfo, A. L. Prodromidis, S. Tselepis, W. Lee, D. Fan, P. K. Chan, 'JAM : Java Agents for Meta-Learning over Distributed Databases,' Proc. KDD-97 and AAAI97 Work. On AI Methods in Fraud and Risk Management, 1997
10 Sandeep Kumar, Classification and Detection of Computer Intrusions, Ph.D Dissertation, August, 1995
11 K. J. Biba, Integrity Considerations for Secure Computer Systems, Technical Report 76-372, MITRE Corp., 1977
12 Ming-Syan Chen, Jiawei Han, Philip S. Yu, 'Data Mining : An Overview from Database Perspective,'   DOI   ScienceOn
13 C. Chung, M. Gertz, K. Levitt, 'DEMIDS : A Misuse Detection System for Database Systems,' IFIP WG 11.5, 1999
14 Yon-Wu Huang, Philip S. Yu, 'Adaptive Query Processing for Time-Series Data,' KDD-99, ACM August, 1999   DOI
15 G. M. Landau and U. Vishkin, Fast parallel and serial approximate string matching. Journal of Algorithms, (2), pp.157-169, 1989   DOI
16 Ian H. Witten and Eibe Frand, Data Mining practical machine learning tools and techniques with JAVA implementations, Morgan Kaufmann Publishers, pp.119-156, 1999
17 윤정혁, 오상현, 이원석, '사용자 명령어 분석을 통한 비정상 행위 판정에 관한 연구', 한국정보보호학회논문지, 제10권 제4호, 2000   과학기술학회마을
18 Rakesh Agrawal, Ramakrishnan Srikant, 'Fast Algorithms for Mining Association Rules,' In Proc. Of the 20th VLDB Conference, 1994
19 Computational Mathematics, Online Lecture, http://www.maths.bris.ac.uk/~macpc/lect5
20 H. Mannila, H. Toivonen and I. Verkamo, 'Discovery of frequent episodes in event sequences,' Data Mining and Knowledge Discovery, 1, 3, pp.259-289, 1997   DOI