Detection of Denial-of-Service Attacks in DBMSs from Internal Logs Using Supervised and Unsupervised Approaches
Denial-of-Service; DBMS; Supervised ML; Unsupervised ML
Denial-of-Service (DoS) attacks impose threats to the accomplishment of an organization’s purposes once they result in serious issues related to the availability of information systems. DoS attacks have been extensively studied in the literature, especially in their most dangerous form, the Distributed Denialof-Service (DDoS). However, existing works usually focus on the network and transport layers or protocols like HTTP. Database, a critical infrastructure for service provision, has mechanisms for recording information (logs) of SQL queries and sessions, which generates large volumes of data. Although databases are vulnerable to DDoS, they are not entirely covered by commercial tools or research on detecting such attacks. Machine Learning (ML) techniques are highly effective in identifying patterns in large amounts of data, such as database SQL logs. Thus, this work developed the application of ML to detect DDoS attacks on a database from the logs of queries executed on it. It makes use of two complimentary approaches of ML: supervised and unsupervised. As a result, the classification of records obtained an F1-score of 94.44\% and the Anomaly Detection achieved an F1- score of 75.75\%, which indicates the effectiveness of the developed approaches.