1 / 21

Evolving Intrusion Detection System for MLDB

Evolving Intrusion Detection System for MLDB. Muthukumar Narayanan Final Presentation for CS401 11/22/2004. Overview. Motivation MLDB Intrusion Detection Problem Statement EA Implementation Experiments Results Conclusion Future Work. Motivation. Government Info. Medical Info.

acacia
Download Presentation

Evolving Intrusion Detection System for MLDB

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Evolving Intrusion Detection System for MLDB Muthukumar Narayanan Final Presentation for CS401 11/22/2004

  2. Overview • Motivation • MLDB • Intrusion Detection • Problem Statement • EA Implementation • Experiments • Results • Conclusion • Future Work

  3. Motivation • Government Info. • Medical Info. • Bank Account Info.

  4. MLDB • Multi Layered Database • Several layers of information. • Lowest layer corresponding to the primitive and most secure information. • Higher layers store more general and less secure information extracted form one or more lower layers. • Generalization is based on the concept hierarchies

  5. MLDB Example

  6. Intrusion Detection • Anomaly Detection • Detects insider attacks • Uses signature of the normal user activities • Misuse Detection • Detects intrusive activities • Uses signature of the intrusive activities • Types of database intrusions • Inferences, SQL injection, Buffer overflow attack, password attack . . .

  7. Inference Example 1. Select avg(Salary) From Employee_details_noFD; 2. Select count(Salary) From Employee_details_noFD; 3. Select avg(Salary) From Employee_details_noFD Where Name <> "X8” (Result (1)*Result (2)) - (Result (3)*(Result (2)-1))

  8. Problem Statement • Evolve intrusive queries for a given database relation using Genetic Programming approach. • Use them as a rule base for detecting real world intrusions

  9. Representation • SQL query is converted to the corresponding relational algebraic expression. • Select Name from table_1 where Grade=‘A’ or Grade=‘B’; • Relational Algebraic expression is • ПName(σ(Grade=‘A’ or Grade=‘B’)(table_1)) • The tree is represented based on the Relational Algebraic expression

  10. Sample Individual

  11. Fitness Evaluation • Secured attribute in the Projection Operation (5-10) • Statistical information excluding one tuple (8-10) • Statistical information based on the attributes involved in functional dependency(8-10) • Using sensitive attributes in the selection operation(1-5) • Using Statistical operation on sensitive data (1-5) • Secured attribute involved in a value constraint(5-10)

  12. Recombination

  13. Mutation

  14. Mutation

  15. Experimental Setup • Relation {Emp_id, Name, Designation, Status, Projects, Deductions, Salary, Net} • Functional Dependency • Designation -> Salary • Value constraints • Salary-Deductions = Net • Protected attributes • Net and Projects

  16. Initial Queries • Select status, salary from MLDB_table where Name = constants; (9) • Select Net, Name, Deductions, Emp_id from MLDB_tab;e where Deductions > constants; (22)

  17. Results

  18. Evolved Queries • Select avg(Net), deductions, designation, avg(salary), Net, count (salary), Projects, avg(deductions), avg(salary) from MLDB_table where (Emp_id <> constants OR Salary <> constant) AND deductions <> constant AND Emp_id <> constant. (104) • Select Net, Net, Net, Net, Net, Net, Net from MLDB_table where . . . (184)

  19. Evolved Queries • Select Salary, Max(Net), Projects, Emp_id, Name, avg(Salary), Net, count(Deductions) form MLDB_table where Name = constant AND Emp_id <> constants; (74) • selectavg(Net), Emp_id, Emp_id from MLDB_table where Designation = constant; (22)

  20. Conclusion & Future Work • Results are NOT complete but satisfactory at this stage • Modified Fitness Evaluation • Allow only LEGAL Queries to evolve • Use of various other large database relations • Use of more Stochastic based parent and survivor selection

  21. Comments?Questions?

More Related