Multi-Agent based Quickprop Neural Network Short-term Forecasting Framework for Database Intrusion Prediction System Ramasubramanian P and Kannan A Department of Computer Science and Engineering Anna University Chennai - 25, INDIA Abstract— This paper describes a framework for a statisti- cal anomaly prediction system using Multi-Agents. We have developed a Quickprop neural network forecasting model, which predicts unauthorized invasions of user based on pre- vious observations and takes further action before intrusion occurs. The experimental study is performed using real data provided by a major Corporate Bank. A comparative evalua- tion of the Quickprop neural network over the traditional neu- ral network models was carried out using mean absolute per- centage error on a prediction data set and a better prediction accuracy has been observed. In order to reduce single point of failures in centralized security system, a dynamic distributed system has been designed in which the security management task is distributed across the network using Multi-Agents. Keywords: Multi-Agents - Database Security - Neural Net- works - Database Anomaly Intrusion Prediction. 1. I NTRODUCTION In today’s business world, information is the most valuable asset of organizations and thus requires appropriate manage- ment and protection. As organizations are increasing their reliance on the distributed computing environment are be- coming more vulnerable to security breaches. Any breach of security to these databases can result in tarnished reputation for the organization, loss of customer’s confidence and might even result in lawsuits [6]. In database systems, the primary security threat comes from insider abuse and from intrusion. Security policies do not sufficiently guard data stored in a database system against “privileged users”. Many intrusions into information systems manifest through the significantly increased or decreased intensity of transac- tions occurring in information systems. For example, intrud- ers who have gained super-user privileges can perform ma- licious transactions and disable many resources in the infor- mation system, resulting in the abruptly decreased intensity of transactions. In typical denial-of-service attacks, an over- whelming number of service requests can be sent to a server, e.g., a web server, of an information system over a short period of time to deplete the computational resource in the server and thus deny the server’s ability to respond to user’s service requests. Such denial-of-service attacks increase the intensity of events on the server. Therefore, the early de- tection of significant changes in the transaction intensity can help stop many intrusions early to protect information sys- tems and assure reliability of information systems [2]. This reinforces the point that intrusion detection systems should not only be employed at the network and hosts, but also at the database systems where the critical information assets lie. Many other mechanisms and technologies like firewalls, en- cryption, authentication, vulnerability checking, access con- trol policies can offer security but it is still susceptible for at- tacks from hackers who takes advantage of system flaws and social engineering tricks. In addition, computer systems with no connection to public networks remain vulnerable to dis- gruntled employees or other insiders who misuse their priv- ileges. This observation results in the fact that much more emphasis has to be placed on internal control mechanisms of systems like audit log analysis. So, it is essential to establish a second line of defense for a distributed database environment in the form of an intrusion detection system(IDS). In our work, a statistical anomaly prediction system that in- cludes Quickprop prediction algorithm is used to predict the future on-line behavior of the user, based on previous obser- vations. The trained model is then used to detect future at- tacks against the system. Our Database Intrusion Forbidden system is based on Multi-Agents, which supports communi- cation facilities among several agents and coordinate agent activities for auditing and detecting unauthorized transactions within an organization over the distributed environments such as the Internet and Intranets. 2. RELATED WORKS The existing intrusion detection systems [1][6] operate in real time, capturing the intruder when or after intrusion occurs. From the existing methods of detecting the intrusion, we ob- served that all intrusion detection systems were lacking a vital component: that they take action, after an intrusion has been detected [4]. This serious weakness has led to the research on forecasting models. However, though the intrusion detection system is real-time, it can detect the intrusion after the action, but never before. To address the problem of detecting intru- sions after they take place, we utilize a Quickprop prediction algorithm, which takes into account user behavior and gener- ates a predicted profile to foresee the future user actions. Intrusion detection research is not new and has been on go- ing for many years. However, previous works were focused largely on network-based intrusion detection [8] and host-