Two-stage database intrusion detection by combining multiple evidence and belief update

摘要

Insider threats have gained prominence and pose the most challenging threats to a database system. In this paper, we have proposed a new approach for detecting intrusive attacks in databases by fusion of information sources and use of belief update. In database intrusion detection, only intra-transactional features are not sufficient for detecting attackers within the organization as they are potentially familiar with the day-to-day work. Thus, the proposed system uses inter-transactional as well as intra-transactional features for intrusion detection. Moreover, we have also considered three different sensitivity levels of table attributes for keeping track of the malicious modification of the highly sensitive attributes more carefully. We have analyzed the performance of the proposed database intrusion detection system using stochastic models. Our system performs significantly better compared to two intrusion detection systems recently proposed in the literature.