Transcript Lee2
Learning Fingerprints for a
database Intrusion
Detection System
Sin Yeung Lee, Wai Lup Low, and
Pei Yuen Wong
Summary
In this paper DIDAFIT (Detecting
Intrusions in Databases through
Fingerprinting Transactions) can detect
illegitimate database accesses in
application level instead of network- or
host- level.
Appreciative Comment
This paper designs an algorithm under
which fingerprints can be automatically
learnt and deduced as much as possible.
1.Automatically summarizing the SQL
statements into different fingerprint
groups. Preventing from oversummarization for the pre-specified fields.
Appreciative Comment Cont’
2.Excluding illegitimate statements from
past intrusion activities
3.Deducing a set of possibly legitimate
fingerprints.
Critical Comments
1.Statistical method’s weakness in
detecting high-risk transactions?
If a hacker maliciously mislead the training
data set by adding illegal SQL statements
through a long time. Finally, illegal
statements will be regarded as legal
because of their higher frequency.
Critical Comments Cont’
2.Code-walkthrough maybe an alternative
to deduce fingerprints.
As the paper mentioned, the SQL
statements are generated in a predictable
manner and this regularity can validate
legal statements more easily.
That is to say, we do not need to generate
hypotheses and then to validate them by
using machine learning algorithms
Critical Comments Cont’
Rather, can we construct a rule-based
system to generate fingerprints instead of
the algorithm presented in this paper?
Question?
Can we use C4.5 decision tree to train the
data set ?
Probably not. C4.5 may applied to the
instance that can be divided by rows and
columns.