77 / 2015-12-21 14:21:37
Anomaly Detection of User Behavior for Database Security Audit Based on OCSVM
Security audit, user behavior, OCSVM, log preprocessing, anomaly detection
Draft Accepted
Yong Li / State Grid Smart Grid Research Institute
Tao Zhang / State Grid Smart Grid Research Institute
YuanYuan Ma / State Grid Smart Grid Research Institute
Cheng Zhou / State Grid Smart Grid Research Institute
In view of the defects of Safety monitoring and comprehensive audit in information network boundaries of State Grid Corporation of China(SGCC), a kind of security audit technology based on One-Class support vector machine(OCSVM) is proposed for the security audit of user access behavior. Firstly, feature selection, syntax parsing of SQL statements and numerical processing of audit log are first completed to obtain the feature vector of user behavior, which can be trained and identified by OCSVM. Then the audit log that reflect the rules of normal behavior in the long-term operation of the database is used as the OCSVM's training input. After training, the OCSVM classifier is trained to build the pattern library of user behavior. Finally, the OCSVM classifier is used to detect the abnormal behavior of database operation, and to realize the security audit of database user access behavior.
Important Date
  • Conference Date

    May 21

    2016

    to

    May 22

    2016

  • Oct 30 2015

    Early Bird Registration

  • Mar 21 2016

    Draft paper submission deadline

  • Apr 01 2016

    Draft Paper Acceptance Notification

  • Apr 10 2016

    Final Paper Deadline

  • May 22 2016

    Registration deadline

Sponsored By
亚利桑那州立大学
查尔斯特大学
重庆环球联合科学技术研究院
韦洛尔理工大学
阿尔托大学
Contact Information