Database intrusion detection system for detecting malicious behaviors in transaction and inter-transaction levels

Database management systems containing the most valuable assets of enterprises, i.e., data. Ordinary intrusion detection systems usually deal with network or OS attacks and could not detect database specific attacks. Therefore, the existence of Intrusion Detection Systems in the database is a necessity. In this paper, we propose a type of intrusion detection system for detecting attacks in both database transaction level and inter-transaction level (user task level). For this purpose, we propose a detection method at transaction level, which is based on describing the expected transactions within the database applications. Then at inter-transaction level, we propose a detection method that is based on anomaly detection and uses data mining to find temporal patterns and rules. The advantage of this system compared to the previous database intrusion detection systems is that it can detect malicious behaviors in both transaction and inter-transaction levels using a hybrid approach, including specification-based detection and anomaly detection. In order to evaluate the accuracy of the proposed system, some experiments have been done. The experimental evaluation results show high accuracy and effectiveness of the proposed system.