A Method of Internal Intrusion Detection of Database in RBAC Mode

doi:10.3969/j.issn.1671-1122.2020.02.011

Abstract

Abstract:

In view of the current intrusion detection method of RBAC mode database, the user behavior is not sufficient, the use of user role tag information is lacking, and the detection ability of the detection model in the specific environment is insufficient, these lead to the problem that the internal intrusion detection method of the database is not effective. An integrated intrusion detection method IID_WRF based on s-triplet, LDA dimension reduction method and weighted random forest algorithm is proposed. The method first optimizes the existing user behavior representation method, refines the numerical features, and fully represents the user behavior; then uses the LDA method that can use the user role label information to reduce the dimension; finally, the weighted random forest is used for classification detection. The experimental results show that IID_WRF has the lowest false positive rate and false negative rate on X and Y data sets, can effectively improve the internal intrusion detection effect of the database.

Key words: database security, internal intrusion, access control, RBAC

CLC Number:

TP309

YU Lu, LUO Senlin. A Method of Internal Intrusion Detection of Database in RBAC Mode[J]. Netinfo Security, 2020, 20(2): 83-90.

Figures/Tables 13

References 15

[1]	LI Yong, YANG Huafen.Simulation and Analysis of ACCESS Control List in Simulator[J]. Research and Exploration in Laboratory, 2018, 37(12): 144-147.
	李勇,杨华芬.访问控制列表在模拟器中的实验仿真与分析[J]. 实验室研究与探索,2018,37(12):144-147.
[2]	XIONG Houren, CHEN Xingyuan, DU Xuehui, et al.Survey of Security Analysis for Role-based Access Control[J]. Application Research of Computers, 2015, 32(11): 3201-3208.
	熊厚仁,陈性元,杜学绘,等.基于角色的访问控制模型安全性分析研究综述[J]. 计算机应用研究,2015,32(11):3201-3208.
[3]	QI Jianhuai, SONG Jing, WANG Yang, et al.Application of Mandatory Access Control Technology in Database Security Access[J]. Communications Technology, 2018, 51(3): 692-695.
	戚建淮,宋晶,汪暘,等.强制访问控制技术在数据库安全访问中的应用[J]. 通信技术,2018,51(3):692-695.
[4]	DARWISH S M, GUIRGUIS S K, GHOZLAN M M.Intrusion Detection in Role Administrated Database: Transaction-based Approach[C]//IEEE. International Conference on Computer Engineering & Systems, November 26-28, 2013, Cairo, Egypt. New Jersey: IEEE, 2013: 73-79.
[5]	ISLAM M S, KUZU M, KANTARCIOGLU M.A Dynamic Approach to Detect Anomalous Queries on Relational Databases[C]//ACM. 5th ACM Conference on Data and Application Security and Privacy, March 1, 2015, San Antonio, USA. New York: ACM, 2015: 245-252.
[6]	BERTINO E, KAMRA A, TERZI E, et al.Intrusion Detection in RBAC-administered Databases[C]//IEEE. Annual Computer Security Applications Conference, December 5-9, 2005, Tucson, AZ, USA. New York: IEEE, 2005: 173-182.
[7]	KAMRA A, TERZI E, BERTINO E.Detecting Anomalous Access Patterns in Relational Databases[J]. VLDB Journal, 2008, 17(5): 1063-1077.
[8]	RONAO C A, CHO S B.Mining SQL Queries to Detect Anomalous Database Access Using Random Forest and PCA[C]//IEA. Current Approaches in Applied Artificial Intelligence, June 10-12, 2015, Seoul, South Korea. Heidelberg: Springer, 2015: 151-160.
[9]	BU S J, CHO S B.A Hybrid System of Deep Learning and Learning Classifier System for Database Intrusion Detection[C]//HAIS. International Conference on Hybrid Artificial Intelligence Systems, June 21-23, 2017, La Rioja, Spain. Heidelberg: Springer, 2017: 615-625.
[10]	LIU Jianping. Summary of the Principle of Linear Discriminant Analysis[EB/OL]. , 2017-1-3.
	刘建平.线性判别分析LDA原理总结[EB/OL]. ,2017-1-3.
[11]	DAHO M E H, SETTOUTI N, LAZOUNI M E A, et al. Weighted Vote for Trees Aggregation in Random Forest[C]//IEEE. International Conference on Multimedia Computing & Systems, April 14-16, 2014, Marrakech, Morocco. New Jersey: IEEE, 2014: 438-443.
[12]	TPC. TPC benchmark E, Standard specification, Version 1.13.0[EB/OL]. , 2007-2-11.
[13]	YANG chao. Design and Implementation of TPC-E[D]. Wuhan: Huazhong University of Science and Technology, 2011.
	杨超. TPC-E测试系统的设计与实现[D].武汉:华中科技大学,2011.
[14]	LIU Shengjiu, LI Tianrui, ZHU Jie.Zipf’s Law and Webometrics[J]. Journal of Chinese Information Processing, 2015, 29(4): 89-94.
	刘胜久,李天瑞,珠杰. Zipf定律与网络信息计量学[J]. 中文信息学报,2015,29(4):89-94.
[15]	RONAO C A, CHO SB. A Comparison of Data Mining Techniques for Anomaly Detection in Relational Databases[EB/OL]. , 2015-2-22.

语法结构	解析结果
PA	[r1.a1,r1.b1,r2.c2,r2.d2]
PR	[r1,r2]
SA	[r1.a1 = 1 and r2.c2 = 'test']
G	[r2.c2]
O	[r1.a1]

子特征	描述	f-triplet特征元素	s-triplet特征元素
SQL-CMD	命令特征	C	C
SQL-CMD	命令特征	Q_L（包含空格）	Q_L（SQL语句词组数目）
PR-DEC	PR特征	P_R	P_R
PR-DEC	PR特征	P_RID	P_RID
PA-DEC	PA特征	(P_A、P_AC、P_AID)	(P_A、P_AC、P_AID、S_PAV、N_PAV)
SA-DEC	SA特征	(S_A、S_AC、S_AID)	(S_A、S_AC、S_AID、S_SAV、N_SAV)
G-DEC	G特征	(G_A、G_AC、G_AID)	(G_A、G_AC、G_AID、S_GV、N_GV)
O-DEC	O特征	(O_A、O_AC、O_AID)	(O_A、O_AC、O_AID、S_OV、N_OV)
VAL-DEC	数值特征	S_V（字符串数目）	S_V（字符串数目）
		S_L（字符串拼接长度）	S_Lmax（字符串最大长度）
		S_L（字符串拼接长度）	S_Lmin（字符串最小长度）
		N_V（数字数目）	N_V（数字数目）
			N_max（最大数值）
			N_min（最小数值）
		J（JOIN数目）	J（JOIN数目）
		AO（AND、OR数目）	AO（AND、OR数目）

概率p	定义
p(c\|r)	角色r使用命令c
p(P_t\|c,r)	角色r使用命令c,PR包含表单P_t
p(S_t\|P_T,c,r)	角色r使用命令c,PR集合中选择表单S_t（过滤条件SA）
p(P_a\|P_t,c,r)	角色r使用命令c,选择P_t中的属性a
p(S_a\|S_t,c,r)	角色r使用命令c,选择表单S_t（过滤条件SA）中的属性a
p(V_sn\|c,r)	角色r使用命令c,过滤条件SA中包含字符串或数字
p(J \|c,r)	角色r使用命令c,包含JOIN关键词
p(AO\|c,r)	角色r使用命令c,包含AND或OR关键词

符号	含义
c	操作命令,c∈C
r	用户角色
t	表单,t∈T（角色可操作表单）
a	属性,a∈A（表单中的列）

预测值真实值	1	2	…	10	11
1	K_1,1	K_1,2	…	K_1,10	K_1,11
2	K_2,1	K_2,2	…	K_2,10	K_2,11
…	…	…	…	…	…
10	K_10,1	K_10,2	…	K_10,10	K_10,11
11	K_11,1	K_11,2	…	K_11,10	K_11,11