DEMIDS: a misuse detection system for database systems
Integrity and internal control information systems
Detecting masquerades in intrusion detection based on unpopular commands
Information Processing Letters
Database Management Systems
Learning Fingerprints for a Database Intrusion Detection System
ESORICS '02 Proceedings of the 7th European Symposium on Research in Computer Security
Masquerade Detection Using Truncated Command Lines
DSN '02 Proceedings of the 2002 International Conference on Dependable Systems and Networks
DAIS: A Real-Time Data Attack Isolation System for Commercial Database Applications
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Intrusion Detection in RBAC-administered Databases
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Detection of Malicious Transactions in DBMS
PRDC '05 Proceedings of the 11th Pacific Rim International Symposium on Dependable Computing
VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
Improving classification based off-topic search detection via category relationships
Proceedings of the 2009 ACM symposium on Applied Computing
Detecting data misuse by applying context-based data linkage
Proceedings of the 2010 ACM workshop on Insider threats
M-score: estimating the potential damage of data leakage incident by assigning misuseability weight
Proceedings of the 2010 ACM workshop on Insider threats
A data-centric approach to insider attack detection in database systems
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Securing data warehouses from web-based intrusions
WISE'12 Proceedings of the 13th international conference on Web Information Systems Engineering
Hi-index | 0.00 |
This paper proposes a mechanism that allows concurrent detection of malicious data access through the online analysis of the Database Management Systems (DBMS) audit trail. The proposed mechanism uses a directed graph representing the profile of valid transactions to detect illegal accesses to data, which are seen as unauthorized sequences of Structured Query Language (SQL) commands. The paper proposes a generic algorithm that learns the graph representing the profile of the transactions executed by the users. This mechanism can be used to protect traditional database applications from data attacks as well as web based applications from SQL injection types of attacks. The proposed mechanism is generic and can be used in most commercial DBMS, adding concurrent detection of malicious data access to classical database security mechanisms. The paper presents a practical example of the implementation of the proposed mechanism using Oracle 10g. The Transaction Processing Performance Council benchmark C (TPC-C) and a real database installation were used to assess the detection mechanism and learning algorithm.