在資料探勘（data mining）中，異常偵測（anomaly detection）一直以來
都是一項重要的議題，而且在其他不同研究領域裡，異常偵測也常是研究的對
象。異常偵測的意思是想要在資料集當中，找出不符合預期的行為。隨著電腦以
及網路使用率增加，自動化偵測異常的使用者行為也越來越受到重視。
資料庫的資訊安全是一個很重要的問題。公司機關透過網路服務或是應用程
式，將所有資料儲存在資料庫當中，而公司機關內部的員工大多可以毫無限制的
存取內部資料庫。所以內部員工偷取資料的話，將會在公司機關完全不知情的狀
況下，造成大量資料外洩。
在網路遊戲安全中，網路遊戲玩家經常都是特洛伊木馬程式（Trojan horse
programs）盜取帳號密碼的目標，一旦駭客拿到玩家的帳號密碼，就可以登入遊
戲，拿走遊戲中值錢的虛擬寶物。
透過逐次主成份分析之異常偵測方法，我們提出了一個異常偵測的架構，在
資料庫安全的領域中，我們的架構可以有效的偵測出內部員工所造成的威脅。而
在網路遊戲安全中，我們用這個架構來解決帳號被盜取的問題。

Anomaly detection is an import issue in data mining and has been studied in di®erent
research areas. The meaning of anomaly detection is to find patterns in dataset which
do not conform to expected behavior. The automatic identification of anomalies in user
behavior of intrusion detection is a concern that aroused interest since the increasingly
uses of computer and network.
The security of information managed by database systems is a crucial problem.
Database management systems (DBMS) is the fundamental means of data storage and
access in most services or applications. Because insiders can access to the DBMS unfet-
tered, insider threats cause serious leak of information in organizations. In online game
security, online gamers have frequently been the targets of password-stealing Trojan horse
programs, so the data thieves can break into a victim's accounts and steal the victim's
virtual treasure.
We proposed a framework to detect anomalous behavior based on online PCA. We
apply the anomaly detection to find insider threats in database security. And in online
game security, we use the detection method to solve account hijacking problems.

[1] Userjoy technology co., ltd. http://www.uj.com.tw.
[2] Ahmed Awad E. Ahmed and Issa Traore. A new biometric technology based on
mouse dynamics. IEEE Trans. Dependable Sec. Comput, 4(3):165-179, 2007.
[3] Francesco Bergadano, Daniele Gunetti, and Claudia Picardi. User authentication
through keystroke dynamics. ACM Transactions on Information and System Secu-
rity, 5(4):367-397, November 2002.
[4] Elisa Bertino, Ashish Kamra, Evimaria Terzi, and Athena Vakali. Intrusion detection
in rbac-administered databases. In ACSAC, pages 170-182. IEEE Computer Society,
2005.
[5] A. Bradley. The use of the area under the ROC curve in the evaluation of machine
learning algorithms, 1997. hardcopy.
[6] Kuan-Ta Chen and Li-Wen Hong. User identification based on game-play activity
patterns. In Grenville J. Armitage, editor, NETGAMES, pages 7-12. ACM, 2007.
[7] Christina Yip Chung, Michael Gertz, and Karl Levitt. DEMIDS: A misuse detection
system for database systems, October 01 1999.
[8] CERT Microsoft CSO MAgazine, U.S. Secret Service. 2007 e-crime watch survey.
Technical report, 2007.
[9] Daniel Guinier. Identification by biometrics. 1990.
[10] Hisham Haddad, Andrea Omicini, Roger L. Wainwright, Lorie M. Liebrock, Yi Hu,
and Brajendra Panda. A data mining approach for database intrusion detection. In
SAC, pages 711-716. ACM, 2004.
[11] David J. Hand and Robert J. Till. A simple generalisation of the area under the
ROC curve for multiple class classification problems. Machine Learning, 45(2):171-
186, 2001.
[12] I. T. Jolli®e. Principal component analysis. In Principal Component Analysis.
Springer Verlag, New York, 1986.
[13] Sparck K. Jones. A statistical interpretation of term specificity and its application
in retrieval. Journal of Documentation, 28:11-21, 1972.
[14] Rick Joyce and Gopal K. Gupta. Identity authentication based on keystroke latencies.
Commun. ACM, 33(2):168-176, 1990.
[15] Ashish Kamra, Evimaria Terzi, and Elisa Bertino. Detecting anomalous access pat-
terns in relational databases. VLDB J, 17(5):1063-1077, 2008.
[16] Charles J. Kolodgy, Brian E. Burke, Christian A. Christiansen, Sally Hudson, and
Laurie A. Seymour. Idc's 2008 enterprise security survey. Technical report, 2008.
[17] C. Kruegel and G. Vigna. Anomaly detection of web-based attacks. In Proceedings
of the 10th ACM Conference on Computer and Communication Security (CCS '03),
pages 251-261, Washington, DC, October 2003. ACM Press.
[18] V. Lee, J. Stankovic, and S. Son. Intrusion detection in real-time database systems
via time signatures. In Proceedings of the Sixth IEEE Real-Time Technology and
Applications Symposium (RTAS '00), pages 124-133. IEEE, Washington - Brussels -
Tokyo, June 2000.
[19] Charles X. Ling, Jin Huang, and Harry Zhang. A statistically consistent and more
discriminating measure than accuracy. In Georg Gottlob and Toby Walsh, editors,
IJCIA, pages 519-526. Morgan Kaufmann, 2003.
[20] Peng Liu. Architectures for intrusion tolerant database systems. In ACSAC, pages
311-320. IEEE Computer Society, 2002.
[21] Sunu Mathew, Michalis Petropoulosand Hung Ngo, and Shambhu Upadhyaya. A
data-centric approach to insider attack detection in database systems. 2009.
[22] MATLAB. User's Guide. The MathWorks, Inc. , Natick, MA 1760, 1994-2001.
http://www.mathworks.com.
[23] Arslan Br Omme. A classification of biometric signatures, September 04 2003.
[24] Mark Servilla Arthur Maccabe Richard Heady, George Lugar. The architecture of a
network level intrusion detection system. Technical report, University of New Mexico,
Albuquerque, NM, August 1990.
[25] G. Salton and M. J. McGill. Introduction to Modern Information Retrieval. McGraw
Hill, 1983.
[26] Adrian Spalka and Jan Lehnhardt. A comprehensive approach to anomaly detection
in relational databases. In Sushil Jajodia and Duminda Wijesekera, editors, DBSec,
volume 3654 of Lecture Notes in Computer Science, pages 207-221. Springer, 2005.
[27] Fredrik Valeur, Darren Mutz, and Giovanni Vigna. A learning-based approach to the
detection of SQL attacks. In Klaus Julisch and Christopher KrÄugel, editors, DIMVA,
volume 3548 of Lecture Notes in Computer Science, pages 123-140. Springer, 2005.
[28] Eoin Ward. 44 million stolen gaming credentials uncovered. http://www.symantec.
com/connect/blogs/44-million-stolen-gaming-credentials-uncovered, 2010.
[29] Shu Wenhui and Daniel Tan. A novel intrusion detection system model for securing
web-based database systems. In COMPSAC, page 249. IEEE Computer Society,
2001.
[30] Garfield Zhiping Wu, Sylvia L. Osborn, and Xin Jin. Database intrusion detection
using role profiling with role hierarchy. In Willem Jonker and Milan Petkovic, editors,
Secure Data Management, volume 5776 of Lecture Notes in Computer Science, pages
33-48. Springer, 2009.
[31] Qingsong Yao, Aijun An, and Xiangji Huang. Finding and analyzing database user
sessions. In Lizhu Zhou, Beng Chin Ooi, and Xiaofeng Meng, editors, DASFAA,
volume 3453 of Lecture Notes in Computer Science, pages 851-862. Springer, 2005.