FALSE ALARM REDUCTION SCHEME FOR DATABASE INTRUSION DETECTION SYSTEM

摘要

Database intrusion detection system is considered a mandatory security layer in recent database applications. The detection of intrusions in database applications is mostly based on anomaly methods like access patterns, association rule mining and mining data dependencies between data items. These countermeasures achieve good results in traditional applications but new forms of attacks on computer systems lead to the depreciation of intrusion detection systems due to the high rates of false positive alarms. The goal of this paper is to improve the accuracy of intrusion detection system by reducing false alarms using alert clustering mechanism and system hibernation capabilities. In this paper, a three-stage access control framework is developed for detecting malicious users in database. This framework is embedded with an alert clustering mechanism for reducing false alarms by correlating low-level alerts into one cluster. A post security countermeasure is developed by merging system hibernation capabilities into the developed application. The hibernation mechanism is used for maintaining the availability of data in case of intrusion detection. The experimental results of the proposed algorithm achieve high detection rate with low false positive and low false negative alarms when compared to recent researches in intrusion detection systems.