Intelligent Anomaly Detection in Database Security: A Triple-Loop Learning Framework

Relational Database Management Systems (RDBMSs) are foundational to operations across finance, healthcare, and government sectors. However, they remain susceptible to advanced threats such as polymorphic SQL injection, insider misuse, and timing-based data exfiltration.Traditional intrusion detectio...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:2025 5th Intelligent Cybersecurity Conference (ICSC) s. 420 - 426
Hlavní autor: Kandolo, William
Médium: Konferenční příspěvek
Jazyk:angličtina
Vydáno: IEEE 19.05.2025
Témata:
Adaptation models
Anomaly detection
Autoencoders
Database Security
Deep Q-Networks (DQN)
Low latency communication
Medical services
Meta-Learning
Metalearning
Model-Agnostic Meta-Learning (MAML)
RDBMS
Reinforcement learning
Relational databases
SQL injection
Supervised learning
Triple Loop Learning
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:Relational Database Management Systems (RDBMSs) are foundational to operations across finance, healthcare, and government sectors. However, they remain susceptible to advanced threats such as polymorphic SQL injection, insider misuse, and timing-based data exfiltration.Traditional intrusion detection systems (IDSs), including signature-based and static machine learning models, often struggle to detect evolving and obfuscated attacks, resulting in high false-positive rates and limited adaptability.This paper presents the Triple Loop Learning (TLL) framework-a recursive, multi-tiered architecture that integrates supervised learning, reinforcement learning (RL), and meta-learning for real-time anomaly detection in SQL-based environments. To the best of our knowledge, TLL is the first framework to unify these three learning paradigms into a recursive, explainable, and low-latency anomaly detection system specifically tailored for structured SQL workloads.TLL comprises three interdependent loops: (i) an operational loop utilizing SQL-aware autoencoders for fine-grained anomaly detection, (ii) a tactical loop leveraging Deep Q-Networks (DQN) for adaptive threshold calibration, and (iii) a strategic loop based on Model-Agnostic Meta-Learning (MAML) for rapid cross-domain adaptation.TLL was evaluated on a composite dataset comprising the UNSW-NB15 benchmark, anonymized SQL logs from financial and healthcare institutions, and adversarial samples generated with MAD-GAN. The framework achieved an F1 score of 0.94, an AUC of 0.976, and an average inference latency of 84 ms.The results demonstrate that TLL enables robust, low-latency detection of zero-day and obfuscated SQL threats. Its explain-ability is enhanced through SHAP-based attributions, and its deployment is version-controlled and reproducible, ensuring traceability, compliance, and production readiness.
DOI:10.1109/ICSC65596.2025.11140396