Basic Informations

C.V

Master Title

Hybrid Computational Intelligence Methods for Database Intrusion Detection

Master Abstract

Automating our life is the most important goal these days for governments, organizations, public service corporations, etc. This includes the automation of our paper transactions. Organizations these days, invest huge amount of money in developing computer applications to automate their daily transactions inside and outside the organization. Computer applications tend to digitize all types of data. Digitizing data facilitates sharing and accessing data. Computer applications use databases to store data. They use DataBase Management Systems (DBMSs) to manage, manipulate and facilitate accessing data for users of the organization. DBMSs are also used to ensure that privacy policies of the organization are committed. This means that DBMSs must restrict the access of users to their authorized resources only and protect data from anomalous behaviors of users. Due to the valuable data stored in databases, an enormous number of attacks on databases has been observed in the last two decades. These attacks come from both internal and external users. Internal users use their authorities to attack databases by issuing Structured Query Language (SQL) injections. External users hack network systems and log in as legitimate users to access unauthorized resources of database. They also use web applications to inject malicious queries to attack back-end database. Traditional DBMSs use authentication and role authorizations to ensure the security of database. These security measures do not guarantee an e?ective protection for databases against SQL injections and internal users’ anomalous activities. The need for an e?ective method to protect databases is increasing. Intrusion Detection Systems (IDSs) are intelligent systems used to detect anomalous behaviors. IDSs proved high reliability in protecting network systems. IDSs can be used to secure databases. They can be embedded into DBMSs to detect malicious queries. Few IDSs were proposed for databases. Our thesis proposes an IDS which is based on computational intelligence methods. Our IDS main idea, is to model the normal access behavior of users and identify users who deviate from this behavior as intruders. Our IDS is tailored for organizations that do not have an architecture of roles assigned to each user. In this case, organizations consider the applications’ authorizations as roles assigned to users. We use the intrusion-free log ?les of database to build our model of the normal access behavior of users. We extract queries committed by users from log ?les. Data mining techniques cannot operate on SQL queries. We propose a simple representation for SQL queries that data mining techniques can work on. We use unsupervised data mining techniques to group users with similar access behavior in pro?les. We map users to their representative pro?les. Each pro?le can be mapped to di?erent users. We use pro?les to represent the normal access behavior of the users mapped to them. New queries issued by users are analyzed by supervised machine learning algorithms against to the mapped pro?les of users to determine authorized queries from malicious ones. When an intrusion is detected, the IDS infers the response policy database to determine the proper action to be triggered. To verify the e?ectiveness of our method, we compare our IDS with another IDS. We use False Positive (FP) and False Negative (FN) rates for comparison. FP stands for the number of genuine queries identi?ed as malicious and FN represents the number of malicious queries identi?ed as genuine ones. Experimental results show that our method reaches very small FP and FN rates which increases database security and prevents malicious attacks.

PHD Title

PHD Abstract