Detecting intrusion via insider attack in database transactions by learning disentangled representation with deep metric neural network

Abstract

Database management systems based on role-based access control are widely used for information storage and analysis, but they are reportedly vulnerable to insider attacks. From the point of adaptive system, it is possible to perform classification on user queries accessing the database to determine insider attacks when they differ from the predicted values. In order to cope with high similarity of user queries, this paper proposes a deep metric neural network with hierarchical structure that extracts the salient features appropriately and learns the quantitative scale of similarity directly. The proposed model trained with 11,000 queries for 11 roles from the benchmark dataset of TPC-E produces the classification accuracy of 94.17%, which is the highest compared to the previous studies. The quantitative performance is evaluated by 10-fold cross-validation, the feature space embedded in the neural network is visualized by t-SNE, and the qualitative analysis is conducted by clustering the compression vectors among classes.