UDAD:An Accurate Unsupervised Database Anomaly Detection Method

被引：1

作者：

Zhong, Huazhen ^{[1
,3
]}

Zhang, Fan ^{[2
]}

Zhao, Yining ^{[2
]}

Zhang, Weifang ^{[2
]}

Xiao, Wenjie ^{[1
]}

Tang, Xuehai ^{[1
,3
]}

Zang, Liangjun ^{[1
]}

机构：

[1] Chinese Acad Sci, Inst Informat Engn, Beijing, Peoples R China

[2] China Mobile Informat Technol Ctr, Beijing, Peoples R China

[3] Univ Chinese Acad Sci, Sch Cyber Secur, Beijing, Peoples R China

来源：

2023 IEEE INTERNATIONAL PERFORMANCE, COMPUTING, AND COMMUNICATIONS CONFERENCE, IPCCC | 2023年

关键词：

Database Security; Anomaly Detection; Unsupervised learning;

D O I：

10.1109/IPCCC59175.2023.10253824

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

Database systems are widely employed to store crucial data across domains. However, an increasing emergence of stealthy abnormal database access behaviors, such as reidentification and differential attacks, has been observed. These behaviors exhibit short durations and similarities to normal actions, challenging existing detection methods. Moreover, current approaches lack granularity in pinpointing anomalies at the operational level. They treat entire sequences of operations as anomalies, though the majority likely represent normal behavior, with only a few as anomalies. This paper presents UDAD, a novel method for precisely detecting stealthy abnormal database access behaviors. By transforming SQL statements into semantic vectors, we enhance the learning of embedded semantic information. Through the integration of an attention-based BiLSTM model and an autoencoder, UDAD achieves accurate detection and precise localization of abnormal operations. We evaluate UDAD on publicly available datasets, demonstrating its superiority over state-of-the-art methods.

引用

页数：7

共 32 条

[1] Behavior Analysis in the Medical Sector: Theory and Practice [J].

Alizadeh, Mahdi ;

Peters, Sander ;

Etalle, Sandro ;

Zannone, Nicola .

33RD ANNUAL ACM SYMPOSIUM ON APPLIED COMPUTING, 2018, :1637-1646

[2]

Amer M., 2013, P ACM SIGKDD WORKSHO, P8, DOI DOI 10.1145/2500853.2500857

[3] USAD : UnSupervised Anomaly Detection on Multivariate Time Series [J].

Audibert, Julien ;

Michiardi, Pietro ;

Guyard, Frederic ;

Marti, Sebastien ;

Zuluaga, Maria A. .

KDD '20: PROCEEDINGS OF THE 26TH ACM SIGKDD INTERNATIONAL CONFERENCE ON KNOWLEDGE DISCOVERY & DATA MINING, 2020, :3395-3404

[4]

datafountain, 2022, Big data platform security event detection and classification identification

[5] DeepLog: Anomaly Detection and Diagnosis from System Logs through Deep Learning [J].

Du, Min ;

Li, Feifei ;

Zheng, Guineng ;

Srikumar, Vivek .

CCS'17: PROCEEDINGS OF THE 2017 ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, 2017, :1285-1298

[6]

Du M, 2016, IEEE DATA MINING, P859, DOI [10.1109/ICDM.2016.0103, 10.1109/ICDM.2016.160]

[7]

Gafny M, 2011, PROCEEDINGS OF THE 18TH ACM CONFERENCE ON COMPUTER & COMMUNICATIONS SECURITY (CCS 11), P765

[8] Drain: An Online Log Parsing Approach with Fixed Depth Tree [J].

He, Pinjia ;

Zhu, Jieming ;

Zheng, Zibin ;

Lyu, Michael R. .

2017 IEEE 24TH INTERNATIONAL CONFERENCE ON WEB SERVICES (ICWS 2017), 2017, :33-40

[9]

Hussain S.R., 2015, Proceedings of the 5th ACM Conference on Data and Application Security and Privacy, CODASPY '15, P25, DOI DOI 10.1145/2699026.2699111

[10]

Khan MI, 2020, Arxiv, DOI [arXiv:2011.02308, DOI 10.1007/978-3-030-93956]

← 1 2 3 4 →