Journal of Research in Engineering and Applied Sciences ISSN (Print): 2456-6411 | ISSN (Online): 2456-6403 386 JREAS, Vol. 07, Issue 03, July 22 A PREVENTIVE APPROACH USING THE DATA MINING OF TRANSACTION AUDIT LOG FOR DATABASE INTRUSION DETECTION 1 Dr. Yagnik A. Rathod 1 Asst. Prof., Computer Department, Government Engineering College, Dahod, India Email: { 1 rathod.yagnik@gmail.com} Abstract Information is a key component in today’s global business environment. An organization, institute, or business firm uses various database management systems for managing its crucial information. The security mechanism provides by DBMS is not enough to prevent intruders or detect anomalous behavior. Unauthorized users and sometimes authorized users to execute malicious commands intentionally or by mistake, cannot be detected and prevented by a typical security mechanism. Intrusion detection system finds intrusive action and attempts by detecting the behavior of user’s action. Security features can be enhanced by adding intrusive detection technology to the Database management system. Data mining is to identify valid, novel, potentially useful, and ultimately understandable patterns in massive data. It is required to apply data mining techniques to detect various intrusions. In this paper mechanism based on data mining is discussed to detect malicious action in DBMS. Key Words: Data Mining, Database Security, Log mining, Intrusion detection 1. Introduction The security mechanism for a Database is the system, processes, and procedures that protect a database from malicious attempts to steal (view) or modify data. Intruder activity can be differentiated as authenticated misuse, malicious attacks, or instinctive actions made by authorized individuals or processes. Information is the greatest precarious resource for numerous establishments [1]. In the present global era, the growth and future of any industry depend on the accessibility of crucial data and the protection of critical data. A system administrator is responsible for applying security policies and monitoring access. Identifying malicious action or intruder is the main challenge for DBA. Security threats need much attention in the information domain due to networked data. Security is a concept that includes the following properties [1]: authenticity (promises that a provision or portion of data is authentic), confidentiality (nonappearance of unlawful discovery of service or piece of information), integrity (protection of service or portion of data against unlawful and/or unnoticed alteration), and availability (security of provision or portion of data against conceivable denials of service instigated by malevolent activities). Identification and authentication are provided by using User ID and Password. DBA is responsible to provide Identification and authentication detail to users. Users can log in to the Database management system with the use of provided details only. DBA can maintain a log of activities performed by users for forensics. The main challenge for a database administrator is to protect data from unauthorized access or miscellaneous behavior. An authorized user can damage the integrity of data intentionally or by mistake. Password can be stolen or some users can use the masquerade technique. The features and techniques provided are not enough to prevent the system from vulnerability. Unfortunately, the threat of intrusion is very crucial and the suggestion of immediate intrusion detection apparatuses for DBMS is a rational and appropriate footstep. Various security attacks can be differentiated as 1) any intruder who does not have access right to the database tries to access or modify crucial data. 2) Legitimate user with sufficient privileges intentionally challenges the integrity of the database (legitimate access to database servers but should not access database data) and 3) Denial of service type of attack where intruder tries to cause delays or block, in accessing services for legitimate users. We are interested in preventing malicious behavior and intrusive action by authorized and unauthorized users that exploit system vulnerability. The database management system can avoid access to the database through identification and authentication but cannot detect malicious actions performed by intruders. In many situations, the execution of intrusive commands can be remaining unnoticed and can compromise with data. DBMS security policies are incorrectly configured and create loopholes for hackers to enter into the system. The DBA does not spend much time on security activation. All security provisions provided by the database security mechanism are not utilized properly (like authentication, encryption, usage rights for users and enabling audit log, etc.), which permits interlopers to catch