Application of OPTICS and ensemble learning for Database Intrusion Detection

In this paper, we have proposed a novel approach for detecting intrusive activities in databases by the use of clustering and information fusion through ensemble learning. We have applied OPTICS cluster-ing on the transaction attributes for building user behavioral profiles. A transaction is initially passed through the clustering module for computing its cluster belongingness and an outlier factor that sig-nifies its degree of outlierness. Depending on the outlier factor value, the transaction is classified as genuine or an outlier. Each outlier transaction is further analyzed by passing it onto an Ensemble Learner that applies three different aggregation methods, bagging, boosting and stacking. We have conducted experiments using stochastic models to demonstrate the effectiveness of the proposed sys-tem. The performance of the three different ensembles are evaluated and compared based on various metrics. Moreover, our system is found to exhibit better performance as compared to other approaches taken from the literature.(c) 2019 The Authors. Production and hosting by Elsevier B.V. on behalf of King Saud University. This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/).