Transcript Lee2

Learning Fingerprints for a
database Intrusion
Detection System
Sin Yeung Lee, Wai Lup Low, and
Pei Yuen Wong
Summary
In this paper DIDAFIT (Detecting
Intrusions in Databases through
Fingerprinting Transactions) can detect
illegitimate database accesses in
application level instead of network- or
host- level.
Appreciative Comment
This paper designs an algorithm under
which fingerprints can be automatically
learnt and deduced as much as possible.
1.Automatically summarizing the SQL
statements into different fingerprint
groups. Preventing from oversummarization for the pre-specified fields.
Appreciative Comment Cont’
2.Excluding illegitimate statements from
past intrusion activities
3.Deducing a set of possibly legitimate
fingerprints.
Critical Comments
1.Statistical method’s weakness in
detecting high-risk transactions?
If a hacker maliciously mislead the training
data set by adding illegal SQL statements
through a long time. Finally, illegal
statements will be regarded as legal
because of their higher frequency.
Critical Comments Cont’
2.Code-walkthrough maybe an alternative
to deduce fingerprints.
As the paper mentioned, the SQL
statements are generated in a predictable
manner and this regularity can validate
legal statements more easily.
That is to say, we do not need to generate
hypotheses and then to validate them by
using machine learning algorithms
Critical Comments Cont’
Rather, can we construct a rule-based
system to generate fingerprints instead of
the algorithm presented in this paper?
Question?
Can we use C4.5 decision tree to train the
data set ?
Probably not. C4.5 may applied to the
instance that can be divided by rows and
columns.