Abstract
In Databases, the most prevalent cause of data breaches comes from insiders who misuse their account privileges. Due to the difficulty of discovering such breaches, an adaptive, accurate, and proactive database security strategy is required. Intrusion detection systems are utilized to detect, as fast as possible, user's account privilege misuse when a prevention mechanism has failed to address such breaches. In order to address the foremost deficiencies of intrusion detection systems, artificial immune systems are used to tackle these defects. The dynamic and more complex nature of cybersecurity, as well as the high false positive rate and high false negative percentage in current intrusion detection systems, are examples of such deficiency. In this paper, we propose an adaptable efficient database intrusion detection algorithm based on a combination of the Danger Theory model and the Negative Selection algorithm from artificial immune system mechanisms. Experimental results for the implementation of the proposed algorithm provide a self-learning mechanism for achieving high detection coverage with a low false positive rate by using the signature of previously detected intrusions as detectors for the future detection process. The proposed algorithm can enhance detecting insider threats and eliminate data breaches by protecting confidentiality, ensuring integrity, and maintaining availability. To give an integrated picture, a comprehensive and informative survey for the different research directions that are related to the proposed algorithm is performed.
Highlights
Artificial Immune System (AIS) is a subfield of computational intelligence derived from the Biological Immune System (BIS) to solve some certain problems
The Danger Theory (DT)-database IDS (DIDS) can address some challenges and obstacles for traditional database intrusion detections. These challenges include the ability to determine a strong discriminatory measurement for identifying intruders with a low false alarm rate, the ability to manage various alarms and determine the appropriate alarm threshold level, the ability to self- learning from the False Positive (FP) and False Negative (FN) alarms for improving the efficiency by searching the antigen log which is considered to be the memory of previously detected intrusions, and the ability to detect and prevent insider intrusions in real-time
We use synthetic data to evaluate the efficiency of the proposed DT-based Intrusion Detection (DT-ID) algorithm by measuring the overall Detection Rate (DR) according to different danger zone value (DZV) inflammations, FN alarm rate, FP alarm rates, and Correctness Rate (CR)
Summary
Artificial Immune System (AIS) is a subfield of computational intelligence derived from the Biological Immune System (BIS) to solve some certain problems. A DT-based Database Intrusion System (DT-DIDS) is proposed for identifying abnormal insider user behaviors to prevent and mitigate data breach. It consists of a multilayered preprocessing mechanism and a DT-based Intrusion Detection (DT-ID) algorithm that is based on the combination of R-contiguous bit matching parameter and the danger value parameters. These challenges include the ability to determine a strong discriminatory measurement for identifying intruders with a low false alarm rate, the ability to manage various alarms and determine the appropriate alarm threshold level, the ability to self- learning from the False Positive (FP) and False Negative (FN) alarms for improving the efficiency by searching the antigen log which is considered to be the memory of previously detected intrusions, and the ability to detect and prevent insider intrusions in real-time It tackles another important challenge for IDSs with immunity features.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
