Fuzzy ARM and cluster analysis for database intrusion detection and prevention

Designing and implementation of an intrusion detection system in any database environment has emerged as an absolute necessity in the recent years. Detection of both, the outsider attack and privilege abuse from within the organisation, has become a fundamental need for maintenance of dynamic, scalable and reinforced databases. Proposed advanced approach, malicious query detection using fuzzy and cluster analysis (MQDFCA) operates in a seamless manner and efficaciously performs detection and prevention of transactions that are intrusive in nature, within a database environment, thus shielding the vital data stored in a database from any unauthorised/malicious access or modifications. The method utilises concepts of machine learning like fuzzy logic, association rule mining and clustering algorithms at various stages to validate a newly generated transaction at role segment, profile segment and the rule validation segment. The degree of adherence of user supplied queries within a transaction to the previously generated user roles, transaction profiles and extracted rules is used to categorise the transaction as non-malicious or malicious. The efficaciousness of proposed methodology in detection of intrusions is exemplified from the results of the experiments conducted on the synthetic dataset yielding recall and precision values of 93% and 98% respectively. Copyright © 2020 Inderscience Enterprises Ltd.