Present-day organizations continue to expose their critical information infrastructures over the Internet for facilitating accessibility; substantially raising concerns about the security of data from both outsiders and insiders. In this paper, we propose a novel approach for detecting intrusive attacks on databases by assessing the risk for incoming transaction based upon the conflation of multiple behavior-based components for the user. In a database intrusion detection system for a role-based access (RBAC) environment, it is not sufficient to focus on role-based features as every user within the same role has a degree of uniqueness. Moreover, traditional database intrusion detection systems classify the incoming transactions into two classes (Malicious or Non-malicious), taking the same action for all transactions that are labeled as malicious irrespective of the damage it can cause to the system. Our approach, Role and User Behavior-based Risk Assessment (RUBRA) uses both role-behavior and user-behavior based features for detecting an intrusive attack. Further, we also quantify the risk associated with the incoming transaction, streamlining the countermeasure process. Experiments on stochastic datasets show promising results on both detection and labeling of malicious transactions.

当今的组织继续通过Internet公开其关键信息基础结构，以促进可访问性。极大地引起了外界和内部人士对数据安全性的担忧。在本文中，我们提出了一种新方法，通过基于多个基于行为的组件对用户的评估来评估传入事务的风险，从而检测数据库上的入侵攻击。在用于基于角色的访问（RBAC）环境的数据库入侵检测系统中，仅关注基于角色的功能是不够的，因为同一角色内的每个用户都有一定程度的唯一性。此外，传统的数据库入侵检测系统将传入的事务分为两类（恶意或非恶意），对于所有标记为恶意的交易，无论其对系统造成的损害如何，均采取相同的措施。我们的方法“基于角色和用户行为的风险评估（RUBRA）”同时使用了基于角色行为和用户行为的功能来检测侵入性攻击。此外，我们还量化了与传入交易相关的风险，从而简化了对策流程。对随机数据集的实验显示，在检测和标记恶意交易方面都取得了令人鼓舞的结果。