![ISSN: 2278 – 1323
International Journal of Advanced Research in Computer Engineering & Technology
Volume 1, Issue 4, June 2012
Intrusion Detection System for Database with
Dynamic Threshold Value
KHOMLAL SINHA TRIPTI SHARMA
Khomlal_sinha@yahoo.co.in triptisharma@csitdurg.in
to the loss estimated in the previous year. Another significant
ABSTRACT: In this paper, we propose an approach for cause of loss was system penetration by outsiders. Additional
database intrusion detection. Database management system findings in the current year’s survey include the fact that,
are key component in the information field of most 59% of all respondents outlined insider abuse as the most
organization now days so security of DBMS has become prevalent security problem. These figures show the growing
more important several mechanism needed to protect data sophistication and stealth of attacks on databases. In addition
such as Authentication user privileges[1], encryption and to the substantial financial losses, intrusive attacks can also
Auditing have been implemented in commercial DBMS but tarnish reputation of organizations, cause loss of customer
still there are s various ways through which system may be confidence and even litigations. Thus, database intrusion
effected by malicious transaction one of the mechanism to detection is a significant problem which needs to be
these databases is to use an IDS, in every database having addressed urgent Security of Database system is
a some attributes or columns that are more important to be compromised when an intrusion take place .An intrusion can
sensed for malicious as compared to the other attributes in be defined as “ any set of action that attempt to compromise
our work. initially we calculate support and dynamic the integrity, confidentiality or availability of resource
threshold value and create some read and write rules “.Intrusion detection analyzes unauthorized accesses and
among important data item in a database management malicious behaviors and finds intrusion behaviors and
system. . Any transaction that does not follow rules are attempts by detecting the state and activity of an operation
identified as malicious . We also generate report for Audit system to provide an effective means for intrusion defense.
log file to check how much transaction is malicious or non Intrusion Detection Systems (IDSs) are the software or
malicious. hardware products that automate this monitoring and analysis
process[7]. In general, there are two types of attacks (i) inside
KEYWORDS:- Database security , Read and Write rule,
and (ii) outside. Inside attacks are the ones in which an
Threshold value, Intrusion ,Intrusion detection,
intruder has all the privileges to access the application or
system but he performs malicious actions. Outside attacks are
I. INTRODUCTION:
the ones in which the intruder does not have proper rights to
access the system. He attempts to first break in and then
In the last few years, Database systems form an
perform malicious actions. Detecting inside attacks is usually
indispensable component of the information system
more difficult compared to outside attacks. Intrusion
infrastructure in most organizations and are adopted as the
detection systems determine if a set of actions constitute
key data management technology for daily operations and
intrusions on There are mainly two models, namely, anomaly
decision making in businesses. Data constituting such
detection and misuse detection. The anomaly detection
databases may contain invaluable sensitive information and
model bases its decision on the profile of a user's normal
organizations manage access to these data meticulously, with
behavior. It analyzes a user's current session and compares it
respect to both internal as well as external users. Any breach
with the profile representing his normal behavior. An alarm is
of security or intrusion in these databases perturbs not only a
raised if significant deviation is found during the comparison
single user but can have devastating consequences on the
of session data and user's profile. This type of system is well
entire organization [2]. Data Mining is one of the mechanism
suited for the detection of previously unknown attacks. The
which refers to a collection of methods by which large sets of
main disadvantage is that, it may not be able to describe what
stored data are filtered, transformed, and organized into
the attack is and may sometimes have high false positive
meaningful information sets [3][4]. It also applies many
rate[10].
existing computational techniques from statistics, machine
learning and pattern recognition.
According to a computer crime and security survey
conducted by the Computer Security Institute (CSI) [5] in
2005, approximately 45% of the inquired entities have
reported increased unauthorized access to information. The
2007 CSI computer crime and security survey [6]
proclaimed financial application fraud as the leading cause
of financial loss and found it more than doubled as compared
fig1. Anomaly detection system
306
All Rights Reserved © 2012 IJARCET](https://image.slidesharecdn.com/306-310-120630094732-phpapp02/85/306-310-1-320.jpg)
![ISSN: 2278 – 1323
International Journal of Advanced Research in Computer Engineering & Technology
Volume 1, Issue 4, June 2012
rule for an attribute, it cannot be checked. Since high
In contrast, a misuse detection model takes decision based on sensitivity attributes are usually accessed less frequently,
comparison of user's session or commands with the rule or there may not be any rule generated for these attributes. The
signature of attacks previously used by attackers. For motivating factor for dividing database attributes into
example, a signature rule for the guessing password attack different sensitivity groups and assigning suitable weights to
can be "there are more than 6 failed login attempts within 4 each group, is to bring out the read and write rules for
minutes". The main advantage of misuse detection is that it important but possibly less frequent attributes. Once rules are
can accurately and efficiently detect occurrence of known generated for sensitive attributes, it is possible to check
attacks. However, these systems are not capable of detecting against these rules for each transaction. If any transaction
attacks whose signatures are not available[7][8]. does not follow the created rules, it is marked as malicious.
III. METHEDOLOGY
We divided our approach in three step :
A. Generate frequent Pattern from sensitivity attribute.
B. Check Write operation in frequent pattern.
C. Apply read and write rule .
fig2. Misuse detection system
In this paper, we propose a new approach for database
intrusion detection using a data mining technique which takes
the sensitivity of the attributes into consideration in the form
of weights. Sensitivity of an attribute signifies how important
the attribute is, for tracking against malicious modifications.
This approach dependency among attributes in a database.
The transactions that do not follow these dependencies are
marked as malicious transactions.
The rest of the paper is organized as follows. In Section II, ,
We discussed the Motivation part . In Section III We
described methodology and Section IV. We discussed
results. In Section V. we discussed conclusion.
II. MOTIVATION
In now days ,database system is very important for most of Fig. 3 Data flow diagram
the organization where information play a important role. We have taken a bank database schema and divided their
database size has grown in different ways: the number of different attribute on their uses basis . categories attribute in
records, or objects in the database and the number of fields or different importance level. and assign different weight on
attributes per object. As a result, it is difficult for their importance means Higher importance value attribute
administrators to keep track of whether the attributes are having high weights. We have categorized the attributes in
being accessed only by genuine transactions or not. By three sets : High Sensitivity (HS) attribute set, Medium
categorizing the attributes into different types based on their Sensitivity (MS) attribute set and Low Sensitivity (LS)
relative importance, it becomes comparatively easier to track attribute set. The sensitivity of an attribute is dependent on
only those few attributes whose unintended modification can the particular database application. For the same attribute say
potentially have larger impact on the database application x, if x ∈ HS then W(xw) > W(xr), where W is a weight
security..Categorization of attributes enables the function, xw denotes writing or modifying attribute x and xr
administrator to check only the alarms generated due to denotes reading of attribute x.we also assigned the extra
unusual modification of sensitive data instead of checking all weight for write operation . we have taken bank database
the data attributes. Since the primary aim of a database schema .
intrusion detection system is to minimize the loss suffered by
the database owner, it is important to track high sensitive
attributes more accurately. It should be noted that, for
tracking malicious modifications of sensitive attributes, we
need to obtain some rules for these attributes. If there is no
307
All Rights Reserved © 2012 IJARCET](https://image.slidesharecdn.com/306-310-120630094732-phpapp02/85/306-310-2-320.jpg)
![ISSN: 2278 – 1323
International Journal of Advanced Research in Computer Engineering & Technology
Volume 1, Issue 4, June 2012
Teresa F. Lunt. A survey of intrusion detection techniques.
Computers & Security, 12(4): p.p. 405-418, 1993.
[10] Aurobindo Sundaram , An Introduction to Intrusion Detection,
Crossroads, Volume 2, Issue 4, Pages: 3 – 7, 1996
[8] Sandeep Kumar. Classification and Detection of Computer
Intrusions. Ph.D. Dissertation, August 1995.
[9] E. Biermann, E. Cloete and L. M. Venter, A comparison of
Intrusion Detection systems, Computers & Security, Volume
20, Issue 8, Pages 676-683, December 2001,
[10] Lubomir Nistor, Rules definition for anomaly based intrusion
detection, 4th National Information Systems Security
Conference, 1999.
[11] S.Y. Lee, W.L. Low, P.Y. Wong, Learning Fingerprints for a
Database Intrusion Detection System, Proceedings of the European
Symposium on Research in Computer Security,
[12] www.datarepository.com
Khomlal Sinha, received B.E.
(Information Technology) in year 2005 and
in pursuit for M.Tech. (Computer Sc.) from
Chhatrapati Shivaji Institute of Technology
(CSIT), Durg, Chhattisgarh, India, His
Fig.9 Report of audit log file interests are Digital Image Processing, Operating Systems
In above figure generate a report for how much Transaction and Data Mining. Also he is having Life Membership of
in Audit log file is malicious or non malicious. above report Indian Society of Technical Education, India (ISTE) and
will be updated with every transaction. Institutional Member of Computer Society of India (CSI).
Prof. Tripti Sharma, received B.E.
V. CONCLUSIONS (Computer Sc.) and M.Tech. (Computer
Intrusion detection mechanisms play a crucial role in the Sc.) in the years 2002 and 2010
security landscape of a organization. In this paper we have respectively. Currently working as
focused Intrusion detection system for database . In our Associate Professor and Head in the
work , initially calculate threshold value from audit log file Department of Computer Science &
instead of constant value we checked the given transaction is Engineering at Chhatrapati Shivaji Institute of Technology
a malicious and non malicious types with help of some (CSIT), Durg, Chhattisgarh, India, Her interests are Digital
dependency rule which we have created . we also generate a Image Processing and Data Mining. Also she is having
report of audit log file for how much transaction in audit log Life Membership of Indian Society of Technical
file is malicious or non malicious. After every Transaction Education, India (ISTE), Membership No- LM 74671 and
audit log file will be updated. Institutional Member of Computer Society of India (CSI).
Membership No-N1009279.
REFERENCES
[1] Y. Hu, B. Panda, “A Data Mining Approach for Database
Intrusion Detection”, Proceedings of the ACM Symposium on
Applied Computing, pp. 711-716 (2004)
[2] E. Bertino, R. Sandhu, “Database Security − Concepts,
Approaches, and Challenges”, IEEE Transactions on Dependable
and Secure Computing, Vol. 2, No. 1, Pages 2-19, Jan.-March 2005.
[3] J. Han, M. Kamber, Data Mining: “Concepts and Techniques”,
Morgan Kaufmann Publishers (2001).
[4] U. Fayyad, G. P. Shapiro, P. Smyth, The KDD Process for
Extracting Useful Knowledge from Volumes of Data,
Communications of the ACM, pp. 27-34 (1996).
[5] L. A. Gordon, M. P. Loeb, W. Lucyshyn and R. Richardson,
“2005 CSI/FBI Computer Crime and Security Survey”,
http://i.cmpnet.com/gocsi/db area/pdfs/fbi/FBI2005.pdf.
[6] R. Richardson, “2007 CSI Computer Crime and Security
Survey”,http://i.cmpnet.com/v2.gocsi.com/pdf/CSISurvey2007.pd.
[7]Tripti Sharma , Khomlal Sinha “2011 “IJEAT Journal Intrusion
Detection System Technology”
[8] R. Bace, P. Mell, Intrusion Detection System, NIST Special
Publication on Intrusion Detection System (2001).
[9] Aurobindo Sundaram , An Introduction to Intrusion
Detection,Crossroads, Volume 2, Issue 4, Pages: 3 – 7, 1996
310
All Rights Reserved © 2012 IJARCET](https://image.slidesharecdn.com/306-310-120630094732-phpapp02/85/306-310-5-320.jpg)
306 310
- 1. ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology Volume 1, Issue 4, June 2012 Intrusion Detection System for Database with Dynamic Threshold Value KHOMLAL SINHA TRIPTI SHARMA [email protected] [email protected] to the loss estimated in the previous year. Another significant ABSTRACT: In this paper, we propose an approach for cause of loss was system penetration by outsiders. Additional database intrusion detection. Database management system findings in the current year’s survey include the fact that, are key component in the information field of most 59% of all respondents outlined insider abuse as the most organization now days so security of DBMS has become prevalent security problem. These figures show the growing more important several mechanism needed to protect data sophistication and stealth of attacks on databases. In addition such as Authentication user privileges[1], encryption and to the substantial financial losses, intrusive attacks can also Auditing have been implemented in commercial DBMS but tarnish reputation of organizations, cause loss of customer still there are s various ways through which system may be confidence and even litigations. Thus, database intrusion effected by malicious transaction one of the mechanism to detection is a significant problem which needs to be these databases is to use an IDS, in every database having addressed urgent Security of Database system is a some attributes or columns that are more important to be compromised when an intrusion take place .An intrusion can sensed for malicious as compared to the other attributes in be defined as “ any set of action that attempt to compromise our work. initially we calculate support and dynamic the integrity, confidentiality or availability of resource threshold value and create some read and write rules “.Intrusion detection analyzes unauthorized accesses and among important data item in a database management malicious behaviors and finds intrusion behaviors and system. . Any transaction that does not follow rules are attempts by detecting the state and activity of an operation identified as malicious . We also generate report for Audit system to provide an effective means for intrusion defense. log file to check how much transaction is malicious or non Intrusion Detection Systems (IDSs) are the software or malicious. hardware products that automate this monitoring and analysis process[7]. In general, there are two types of attacks (i) inside KEYWORDS:- Database security , Read and Write rule, and (ii) outside. Inside attacks are the ones in which an Threshold value, Intrusion ,Intrusion detection, intruder has all the privileges to access the application or system but he performs malicious actions. Outside attacks are I. INTRODUCTION: the ones in which the intruder does not have proper rights to access the system. He attempts to first break in and then In the last few years, Database systems form an perform malicious actions. Detecting inside attacks is usually indispensable component of the information system more difficult compared to outside attacks. Intrusion infrastructure in most organizations and are adopted as the detection systems determine if a set of actions constitute key data management technology for daily operations and intrusions on There are mainly two models, namely, anomaly decision making in businesses. Data constituting such detection and misuse detection. The anomaly detection databases may contain invaluable sensitive information and model bases its decision on the profile of a user's normal organizations manage access to these data meticulously, with behavior. It analyzes a user's current session and compares it respect to both internal as well as external users. Any breach with the profile representing his normal behavior. An alarm is of security or intrusion in these databases perturbs not only a raised if significant deviation is found during the comparison single user but can have devastating consequences on the of session data and user's profile. This type of system is well entire organization [2]. Data Mining is one of the mechanism suited for the detection of previously unknown attacks. The which refers to a collection of methods by which large sets of main disadvantage is that, it may not be able to describe what stored data are filtered, transformed, and organized into the attack is and may sometimes have high false positive meaningful information sets [3][4]. It also applies many rate[10]. existing computational techniques from statistics, machine learning and pattern recognition. According to a computer crime and security survey conducted by the Computer Security Institute (CSI) [5] in 2005, approximately 45% of the inquired entities have reported increased unauthorized access to information. The 2007 CSI computer crime and security survey [6] proclaimed financial application fraud as the leading cause of financial loss and found it more than doubled as compared fig1. Anomaly detection system 306 All Rights Reserved © 2012 IJARCET
- 2. ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology Volume 1, Issue 4, June 2012 rule for an attribute, it cannot be checked. Since high In contrast, a misuse detection model takes decision based on sensitivity attributes are usually accessed less frequently, comparison of user's session or commands with the rule or there may not be any rule generated for these attributes. The signature of attacks previously used by attackers. For motivating factor for dividing database attributes into example, a signature rule for the guessing password attack different sensitivity groups and assigning suitable weights to can be "there are more than 6 failed login attempts within 4 each group, is to bring out the read and write rules for minutes". The main advantage of misuse detection is that it important but possibly less frequent attributes. Once rules are can accurately and efficiently detect occurrence of known generated for sensitive attributes, it is possible to check attacks. However, these systems are not capable of detecting against these rules for each transaction. If any transaction attacks whose signatures are not available[7][8]. does not follow the created rules, it is marked as malicious. III. METHEDOLOGY We divided our approach in three step : A. Generate frequent Pattern from sensitivity attribute. B. Check Write operation in frequent pattern. C. Apply read and write rule . fig2. Misuse detection system In this paper, we propose a new approach for database intrusion detection using a data mining technique which takes the sensitivity of the attributes into consideration in the form of weights. Sensitivity of an attribute signifies how important the attribute is, for tracking against malicious modifications. This approach dependency among attributes in a database. The transactions that do not follow these dependencies are marked as malicious transactions. The rest of the paper is organized as follows. In Section II, , We discussed the Motivation part . In Section III We described methodology and Section IV. We discussed results. In Section V. we discussed conclusion. II. MOTIVATION In now days ,database system is very important for most of Fig. 3 Data flow diagram the organization where information play a important role. We have taken a bank database schema and divided their database size has grown in different ways: the number of different attribute on their uses basis . categories attribute in records, or objects in the database and the number of fields or different importance level. and assign different weight on attributes per object. As a result, it is difficult for their importance means Higher importance value attribute administrators to keep track of whether the attributes are having high weights. We have categorized the attributes in being accessed only by genuine transactions or not. By three sets : High Sensitivity (HS) attribute set, Medium categorizing the attributes into different types based on their Sensitivity (MS) attribute set and Low Sensitivity (LS) relative importance, it becomes comparatively easier to track attribute set. The sensitivity of an attribute is dependent on only those few attributes whose unintended modification can the particular database application. For the same attribute say potentially have larger impact on the database application x, if x ∈ HS then W(xw) > W(xr), where W is a weight security..Categorization of attributes enables the function, xw denotes writing or modifying attribute x and xr administrator to check only the alarms generated due to denotes reading of attribute x.we also assigned the extra unusual modification of sensitive data instead of checking all weight for write operation . we have taken bank database the data attributes. Since the primary aim of a database schema . intrusion detection system is to minimize the loss suffered by the database owner, it is important to track high sensitive attributes more accurately. It should be noted that, for tracking malicious modifications of sensitive attributes, we need to obtain some rules for these attributes. If there is no 307 All Rights Reserved © 2012 IJARCET
- 3. ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology Volume 1, Issue 4, June 2012 TABLE I. BANK DATABASE SCHEMA // do start decrementing then decrementing the threshold Table Name Attribute Name value Customer Name(9),Customer_id(10),address( } now we generate frequent pattern, If support value is 4),Phone_no(1) minimum to dynamic threshold value means it is a normal Account Account_id(2),Customer_id(3),Stat transaction and do not need to go next step. but support value is maximum to the Dynamic Threshold value then us(7),Opening_dt(5),closeing_dt(6), given pattern is a frequent pattern and forward it to next amount(8) step . B. Check Write Attribute in frequent pattern Account_type Account_type(11),Max-tran_per_m frequent pattern must contain at least one write operation. All onth(12), the pattern that do not have any attribute with write operation, are not used for next pattern generation. A pattern that contains a single attribute does not contribute to the TABLE II –Different sensitivity of attributes generation of dependency rules and hence will be ignored Sensitivity Attribute Weights too. LS 1,2,3,4,9,10,11 1 C. Applied Dependency rule There are two types of rules, namely, read rules and write MS 5,6 2 rules.A read rule of the form ajw a1r, a2r ..., akr implies that attributes a1 to ak are read in order to write attribute aj . HS 7,8,12 3 Write rule of the form ajw a1w, a2w, ....akw implies that after writing attribute ajw, attributes a1w, a2w, ...akw are modified. we create some rule on their use basis . A. Generate frequent Pattern . TABLE III - Read and Write Rules in this step , we assign weights to each pattern based on the Name(w)customer_id(r),amount(w)status(r),status(r), sensitivity groups of the attributes present in the pattern . The account_id(r),address(w)balance(r),address(w)status( weight assigned to pattern the same as the weight of the most w),name(w)status(w) sensitive attribute present in that pattern. The weight assigned to each sequence also depends on the operation applied on the attributes. after assigned weight we calculate The generated rules are used to verify whether an incoming the support value for given pattern by following formula. transaction is malicious or not. If an incoming transaction has a write operation, it is checked if there are any corresponding support value for current transaction = (n * wp) / N read or write rules. If the new write operation does not satisfy any of these rules, it is marked as malicious . where wp is a weight of pattern IV. EXPERIMENTAL RESULTS n is a no. of same pattern in N Our work focused on the development of a database N is a total transaction in audit log file intrusion detection system keeping sensitivity of the attributes into consideration. The system has been developed To calculate Dynamic Threshold value from the audit log file using . Dynamic threshold value depends the size of audit log file Java(JDK 1.6.0-040) as front end and MYSQL Server 5.0 as . we have design an algorithms for it . algorithm is given the backend database. we have used dynamic threshold below value from audit log file so that our result is more flexible and Algorithms for dynamic threshold value: accurate . every time threshold value changed and compare with support value. We defined some dependency rules if call DynamicThreasholdValue() any transaction not follow this rule mark as malicious { //check the size of log file ,if it is initial transaction. We also generate a report of audit log file to do size = 0 check how much transaction is malicious or non malicious //otherwise calculate the size and initilize into variable size after every transaction . if(size = = 0 ) // do start incrementing the value then do threshold value low If (size > 0 && size < normal) //if this condition satisfy make this variable constant //the check the threshold value if it is more then 50% then make a value final if(size> normal) 308 All Rights Reserved © 2012 IJARCET
- 4. ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology Volume 1, Issue 4, June 2012 Fig 6. Snapshot of malicious transaction above transaction is a malicious types of transaction because when we read status attribute we cannot update address . when we put a such type of query on text box after submission we will get a message your transaction is malicious type transaction not proceed. Query:-update account set balance =balance +1000 where account_id=49027; Fig 4. Snapshot of customer table Fig 7. Snapshot of non malicious transaction Above transaction is a non malicious type transaction because it follow read and write rules .we can see that after read account id and current balance we can update the balance.when we put query on text box and press submit button we will get one message that your query does nort have any intrusion click here to proceed when we click a button we will get update database record. Fig 5. Snapshot of Account table Query:-update account set address =gayanagar durg whrere status =true; Fig8. Updated database 309 All Rights Reserved © 2012 IJARCET
- 5. ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology Volume 1, Issue 4, June 2012 Teresa F. Lunt. A survey of intrusion detection techniques. Computers & Security, 12(4): p.p. 405-418, 1993. [10] Aurobindo Sundaram , An Introduction to Intrusion Detection, Crossroads, Volume 2, Issue 4, Pages: 3 – 7, 1996 [8] Sandeep Kumar. Classification and Detection of Computer Intrusions. Ph.D. Dissertation, August 1995. [9] E. Biermann, E. Cloete and L. M. Venter, A comparison of Intrusion Detection systems, Computers & Security, Volume 20, Issue 8, Pages 676-683, December 2001, [10] Lubomir Nistor, Rules definition for anomaly based intrusion detection, 4th National Information Systems Security Conference, 1999. [11] S.Y. Lee, W.L. Low, P.Y. Wong, Learning Fingerprints for a Database Intrusion Detection System, Proceedings of the European Symposium on Research in Computer Security, [12] www.datarepository.com Khomlal Sinha, received B.E. (Information Technology) in year 2005 and in pursuit for M.Tech. (Computer Sc.) from Chhatrapati Shivaji Institute of Technology (CSIT), Durg, Chhattisgarh, India, His Fig.9 Report of audit log file interests are Digital Image Processing, Operating Systems In above figure generate a report for how much Transaction and Data Mining. Also he is having Life Membership of in Audit log file is malicious or non malicious. above report Indian Society of Technical Education, India (ISTE) and will be updated with every transaction. Institutional Member of Computer Society of India (CSI). Prof. Tripti Sharma, received B.E. V. CONCLUSIONS (Computer Sc.) and M.Tech. (Computer Intrusion detection mechanisms play a crucial role in the Sc.) in the years 2002 and 2010 security landscape of a organization. In this paper we have respectively. Currently working as focused Intrusion detection system for database . In our Associate Professor and Head in the work , initially calculate threshold value from audit log file Department of Computer Science & instead of constant value we checked the given transaction is Engineering at Chhatrapati Shivaji Institute of Technology a malicious and non malicious types with help of some (CSIT), Durg, Chhattisgarh, India, Her interests are Digital dependency rule which we have created . we also generate a Image Processing and Data Mining. Also she is having report of audit log file for how much transaction in audit log Life Membership of Indian Society of Technical file is malicious or non malicious. After every Transaction Education, India (ISTE), Membership No- LM 74671 and audit log file will be updated. Institutional Member of Computer Society of India (CSI). Membership No-N1009279. REFERENCES [1] Y. Hu, B. Panda, “A Data Mining Approach for Database Intrusion Detection”, Proceedings of the ACM Symposium on Applied Computing, pp. 711-716 (2004) [2] E. Bertino, R. Sandhu, “Database Security − Concepts, Approaches, and Challenges”, IEEE Transactions on Dependable and Secure Computing, Vol. 2, No. 1, Pages 2-19, Jan.-March 2005. [3] J. Han, M. Kamber, Data Mining: “Concepts and Techniques”, Morgan Kaufmann Publishers (2001). [4] U. Fayyad, G. P. Shapiro, P. Smyth, The KDD Process for Extracting Useful Knowledge from Volumes of Data, Communications of the ACM, pp. 27-34 (1996). [5] L. A. Gordon, M. P. Loeb, W. Lucyshyn and R. Richardson, “2005 CSI/FBI Computer Crime and Security Survey”, http://i.cmpnet.com/gocsi/db area/pdfs/fbi/FBI2005.pdf. [6] R. Richardson, “2007 CSI Computer Crime and Security Survey”,http://i.cmpnet.com/v2.gocsi.com/pdf/CSISurvey2007.pd. [7]Tripti Sharma , Khomlal Sinha “2011 “IJEAT Journal Intrusion Detection System Technology” [8] R. Bace, P. Mell, Intrusion Detection System, NIST Special Publication on Intrusion Detection System (2001). [9] Aurobindo Sundaram , An Introduction to Intrusion Detection,Crossroads, Volume 2, Issue 4, Pages: 3 – 7, 1996 310 All Rights Reserved © 2012 IJARCET