{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,25]],"date-time":"2025-09-25T17:15:36Z","timestamp":1758820536330},"reference-count":29,"publisher":"Oxford University Press (OUP)","issue":"6","license":[{"start":{"date-parts":[[2022,2,15]],"date-time":"2022-02-15T00:00:00Z","timestamp":1644883200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/academic.oup.com\/journals\/pages\/open_access\/funder_policies\/chorus\/standard_publication_model"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022,11,23]]},"abstract":"<jats:title>Abstract<\/jats:title>\n               <jats:p>Role-based database management systems are most widely used for information storage and analysis but are known as vulnerable to insider attacks. The core of intrusion detection lies in an adaptive system, where an insider attack can be judged if it is different from the predicted role by performing classification on the user\u2019s queries accessing the database and comparing it with the authorized role. In order to handle the high similarity of user queries for misclassified roles, this paper proposes a deep metric neural network with strategic sampling algorithm that properly extracts salient features and directly learns a quantitative measure of similarity. A strategic sampling method of heuristically generating and learning training pairs through Monte Carlo search is proposed to select a training pair that can represent the entire dataset. With the TPC-E\u2013based benchmark data trained with 11,000 queries for 11 roles, the proposed model produces the classification accuracy of 95.41%, which is the highest compared with the previous models. The results are verified through comparison of quantitative and qualitative evaluations, and the feature space modelled in the neural network is analysed by t-SNE algorithm.<\/jats:p>","DOI":"10.1093\/jigpal\/jzac007","type":"journal-article","created":{"date-parts":[[2022,1,28]],"date-time":"2022-01-28T12:12:04Z","timestamp":1643371924000},"page":"979-992","source":"Crossref","is-referenced-by-count":7,"title":["Insider attack detection in database with deep metric neural network with Monte Carlo sampling"],"prefix":"10.1093","volume":"30","author":[{"given":"Gwang-Myong","family":"Go","sequence":"first","affiliation":[{"name":"Yonsei University Department of Computer Science, , Seoul 03722, South Korea and Samsung Electronics, Co., Ltd., Suwon 16706, South Korea"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Seok-Jun","family":"Bu","sequence":"additional","affiliation":[{"name":"Yonsei University Department of Computer Science, , Seoul 03722, South Korea"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sung-Bae","family":"Cho","sequence":"additional","affiliation":[{"name":"Yonsei University Department of Computer Science, , Seoul 03722, South Korea"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"286","published-online":{"date-parts":[[2022,2,15]]},"reference":[{"key":"2022112012385010900_ref1","doi-asserted-by":"crossref","first-page":"382","DOI":"10.1007\/978-3-642-15512-3_20","article-title":"A data-centric approach to insider attack detection in database systems","author":"Mathew","year":"2010","journal-title":"International Workshop on Recent Advances in Intrusion Detection"},{"key":"2022112012385010900_ref2","first-page":"44","article-title":"Database security: what students need to know","volume":"9","author":"Murray","year":"2010","journal-title":"Journal of Information Technology Education: Innovates in Practice"},{"key":"2022112012385010900_ref3","doi-asserted-by":"crossref","first-page":"96","DOI":"10.1007\/978-3-540-75248-6_7","volume-title":"Workshop on Secure Data Management","author":"Jin","year":"2007"},{"key":"2022112012385010900_ref4","doi-asserted-by":"crossref","first-page":"2","DOI":"10.1109\/TDSC.2005.9","article-title":"Database security: concepts, approaches and challenges","volume":"2","author":"Bertino","year":"2005","journal-title":"IEEE Transactions on Dependable and Secure Computing"},{"key":"2022112012385010900_ref5","first-page":"224","article-title":"Proposed NIST standard for role-based access control","volume":"4","author":"Ferraiolo","year":"2001","journal-title":"Security"},{"key":"2022112012385010900_ref6","first-page":"378","volume-title":"International Conference on Pattern Recognition","author":"Melekhov","year":"2016"},{"key":"2022112012385010900_ref7","doi-asserted-by":"crossref","first-page":"84","DOI":"10.1007\/978-3-319-24261-3_7","volume-title":"International Workshop on Similarity-based Pattern Recognition","author":"Hoffer","year":"2015"},{"key":"2022112012385010900_ref8","first-page":"264","volume-title":"European Symposium on Research in Computer Security","author":"Lee","year":"2002"},{"key":"2022112012385010900_ref9","first-page":"711","article-title":"A data mining approach for database intrusion detection","author":"Hu","year":"2004","journal-title":"ACM Symposium on Applied Computing"},{"key":"2022112012385010900_ref10","doi-asserted-by":"crossref","first-page":"238","DOI":"10.1016\/j.ins.2016.06.038","article-title":"Anomalous query access detection in RBAC-administered database with random forest and PCA","volume":"369","author":"Ronao","year":"2016","journal-title":"Information Science"},{"key":"2022112012385010900_ref11","doi-asserted-by":"crossref","first-page":"175","DOI":"10.1007\/978-0-387-35697-6_14","volume-title":"Research Directions in Data and Applications Security","author":"Barbara","year":"2003"},{"key":"2022112012385010900_ref12","first-page":"1140","volume-title":"IEEE International Conference on Data Engineering","author":"Mazzawi","year":"2017"},{"key":"2022112012385010900_ref13","doi-asserted-by":"crossref","first-page":"699","DOI":"10.1007\/s00500-005-0513-9","article-title":"A genetic-algorithm based neural network short-term forecasting framework for database intrusion prediction system","volume":"10","author":"Ramasubramanian","year":"2006","journal-title":"Soft Computing"},{"key":"2022112012385010900_ref14","first-page":"318","volume-title":"International Conference on Security of Information and Networks","author":"Sheykhkanloo","year":"2014"},{"key":"2022112012385010900_ref15","doi-asserted-by":"crossref","first-page":"123","DOI":"10.1007\/11506881_8","volume-title":"International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment","author":"Valeur","year":"2005"},{"key":"2022112012385010900_ref16","doi-asserted-by":"crossref","first-page":"15","DOI":"10.1016\/j.ins.2011.06.020","article-title":"idMAS-SQL: intrusion detection based on MAS to detect and block SQL injection through data mining","volume":"231","author":"Pinzon","year":"2013","journal-title":"Information Science"},{"key":"2022112012385010900_ref17","first-page":"51","article-title":"A distributed hierarchical multi-agent architecture for detecting injections in SQL queries","volume":"85","author":"Pinzon","year":"2010","journal-title":"Computational Intelligence in Security for Information Systems"},{"key":"2022112012385010900_ref18","first-page":"53","article-title":"Survey of machine learning methods for database security","volume":"3","author":"Kamra","year":"2009","journal-title":"Machine Learning in Cyber Trust"},{"key":"2022112012385010900_ref19","first-page":"35","volume-title":"IEEE International Conference on Information Assurance and Security","author":"Makiou","year":"2014"},{"key":"2022112012385010900_ref20","first-page":"151","volume-title":"International Conference on Industrial, Engineering and other Applications of Applied Intelligent Systems","author":"Ronao","year":"2015"},{"key":"2022112012385010900_ref21","doi-asserted-by":"crossref","first-page":"449","DOI":"10.1093\/jigpal\/jzz053","article-title":"Evolutionary reinforcement learning for adaptively detecting database intrusions","volume":"28","author":"Choi","year":"2020","journal-title":"Logic Journal of the IGPL"},{"key":"2022112012385010900_ref22","doi-asserted-by":"crossref","first-page":"123","DOI":"10.1016\/j.ins.2019.09.055","article-title":"A convolutional neural-based learning classifier system for detecting database intrusion via insider attack","volume":"512","author":"Bu","year":"2019","journal-title":"Information Sciences"},{"key":"2022112012385010900_ref23","doi-asserted-by":"crossref","first-page":"1488","DOI":"10.1109\/TIP.2011.2173206","article-title":"On the mathematical properties of the structural similarity index","volume":"21","author":"Brunet","year":"2011","journal-title":"IEEE Transactions on Image Processing"},{"key":"2022112012385010900_ref24","doi-asserted-by":"crossref","first-page":"2385","DOI":"10.1109\/TIP.2009.2025923","article-title":"Complex wavelet structural similarity: a new image similarity index","volume":"18","author":"Sampat","year":"2009","journal-title":"IEEE Transactions on Image Processing"},{"key":"2022112012385010900_ref25","doi-asserted-by":"crossref","first-page":"281","DOI":"10.1007\/s11554-010-0170-9","article-title":"Fast structural similarity index algorithm","volume":"6","author":"Chen","year":"2011","journal-title":"Journal of Real-Time Image Processing"},{"key":"2022112012385010900_ref26","doi-asserted-by":"crossref","first-page":"354","DOI":"10.1038\/nature24270","article-title":"Mastering the game of go without human knowledge","volume":"550","author":"Silver","year":"2017","journal-title":"Nature"},{"key":"2022112012385010900_ref27","first-page":"10","volume-title":"Computer Security Applications Conference","author":"Bertino","year":"2005"},{"key":"2022112012385010900_ref28","first-page":"460","article-title":"Detecting intrusion via insider attack in database transactions by learning disentangled representation with deep metric neural network","author":"Go","year":"2020","journal-title":"Int. Conf. on Complex, Intelligent, and Software Intensive Systems"},{"author":"Transaction Process Performance Council (TPC)","key":"2022112012385010900_ref29","article-title":"TPC benchmark E, Standard Specification Ver. 1.0, 2014"}],"container-title":["Logic Journal of the IGPL"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/academic.oup.com\/jigpal\/article-pdf\/30\/6\/979\/47058127\/jzac007.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/academic.oup.com\/jigpal\/article-pdf\/30\/6\/979\/47058127\/jzac007.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,11,20]],"date-time":"2022-11-20T12:39:14Z","timestamp":1668947954000},"score":1,"resource":{"primary":{"URL":"https:\/\/academic.oup.com\/jigpal\/article\/30\/6\/979\/6528505"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,2,15]]},"references-count":29,"journal-issue":{"issue":"6","published-online":{"date-parts":[[2022,2,15]]},"published-print":{"date-parts":[[2022,11,23]]}},"URL":"https:\/\/doi.org\/10.1093\/jigpal\/jzac007","relation":{},"ISSN":["1367-0751","1368-9894"],"issn-type":[{"type":"print","value":"1367-0751"},{"type":"electronic","value":"1368-9894"}],"subject":[],"published-other":{"date-parts":[[2022,12]]},"published":{"date-parts":[[2022,2,15]]}}}