On the Optimality of the Simple Bayesian Classifier under Zero-One Loss
Machine Learning - Special issue on learning with probabilistic representations
Machine Learning - Special issue on learning with probabilistic representations
Temporal sequence learning and data reduction for anomaly detection
ACM Transactions on Information and System Security (TISSEC)
DEMIDS: a misuse detection system for database systems
Integrity and internal control information systems
The NIST model for role-based access control: towards a unified standard
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Machine Learning
A Novel Intrusion Detection System Model for Securing Web-based Database Systems
COMPSAC '01 Proceedings of the 25th International Computer Software and Applications Conference on Invigorating Software Development
Learning Fingerprints for a Database Intrusion Detection System
ESORICS '02 Proceedings of the 7th European Symposium on Research in Computer Security
Architectures for Intrusion Tolerant Database Systems
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
Intrusion Detection in Real-Time Database Systems via Time Signatures
RTAS '00 Proceedings of the Sixth IEEE Real Time Technology and Applications Symposium (RTAS 2000)
A Computer Host-Based User Anomaly Detection System Using the Self-Organizing Map
IJCNN '00 Proceedings of the IEEE-INNS-ENNS International Joint Conference on Neural Networks (IJCNN'00)-Volume 5 - Volume 5
NOMAD: Traffic-based Network Monitoring Framework for Anomaly Detection
ISCC '99 Proceedings of the The Fourth IEEE Symposium on Computers and Communications
Anomaly detection of web-based attacks
Proceedings of the 10th ACM conference on Computer and communications security
Intrusion Detection in RBAC-administered Databases
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
A comprehensive approach to anomaly detection in relational databases
DBSec'05 Proceedings of the 19th annual IFIP WG 11.3 working conference on Data and Applications Security
A learning-based approach to the detection of SQL attacks
DIMVA'05 Proceedings of the Second international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Finding and analyzing database user sessions
DASFAA'05 Proceedings of the 10th international conference on Database Systems for Advanced Applications
Mechanisms for database intrusion detection and response
Proceedings of the 2nd SIGMOD PhD workshop on Innovative database research
Responding to Anomalous Database Requests
SDM '08 Proceedings of the 5th VLDB workshop on Secure Data Management
Database Intrusion Detection and Response
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Database Intrusion Detection Using Role Profiling with Role Hierarchy
SDM '09 Proceedings of the 6th VLDB Workshop on Secure Data Management
Data classification process for security and privacy based on a fuzzy logic classifier
International Journal of Electronic Finance
Splash: ad-hoc querying of data and statistical models
Proceedings of the 13th International Conference on Extending Database Technology
HengHa: data harvesting detection on hidden databases
Proceedings of the 2010 ACM workshop on Cloud computing security workshop
Detecting data misuse by applying context-based data linkage
Proceedings of the 2010 ACM workshop on Insider threats
M-score: estimating the potential damage of data leakage incident by assigning misuseability weight
Proceedings of the 2010 ACM workshop on Insider threats
Role-based differentiation for insider detection algorithms
Proceedings of the 2010 ACM workshop on Insider threats
A data-centric approach to insider attack detection in database systems
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Privilege states based access control for fine-grained intrusion response
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Towards mechanisms for detection and prevention of data exfiltration by insiders: keynote talk paper
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Access Control for Databases: Concepts and Systems
Foundations and Trends in Databases
Eliciting domain expert misuseability conceptions
Proceedings of the sixth international conference on Knowledge capture
Poster: applying unsupervised context-based analysis for detecting unauthorized data disclosure
Proceedings of the 18th ACM conference on Computer and communications security
SENTINEL: securing database from logic flaws in web applications
Proceedings of the second ACM conference on Data and Application Security and Privacy
Securing data warehouses from web-based intrusions
WISE'12 Proceedings of the 13th international conference on Web Information Systems Engineering
Two-stage database intrusion detection by combining multiple evidence and belief update
Information Systems Frontiers
PostgreSQL anomalous query detector
Proceedings of the 16th International Conference on Extending Database Technology
A methodology and supporting techniques for the quantitative assessment of insider threats
Proceedings of the 2nd International Workshop on Dependability Issues in Cloud Computing
Hi-index | 0.00 |
A considerable effort has been recently devoted to the development of Database Management Systems (DBMS) which guarantee high assurance and security. An important component of any strong security solution is represented by Intrusion Detection (ID) techniques, able to detect anomalous behavior of applications and users. To date, however, there have been few ID mechanisms proposed which are specifically tailored to function within the DBMS. In this paper, we propose such a mechanism. Our approach is based on mining SQL queries stored in database audit log files. The result of the mining process is used to form profiles that can model normal database access behavior and identify intruders. We consider two different scenarios while addressing the problem. In the first case, we assume that the database has a Role Based Access Control (RBAC) model in place. Under a RBAC system permissions are associated with roles, grouping several users, rather than with single users. Our ID system is able to determine role intruders, that is, individuals while holding a specific role, behave differently than expected. An important advantage of providing an ID technique specifically tailored to RBAC databases is that it can help in protecting against insider threats. Furthermore, the existence of roles makes our approach usable even for databases with large user population. In the second scenario, we assume that there are no roles associated with users of the database. In this case, we look directly at the behavior of the users. We employ clustering algorithms to form concise profiles representing normal user behavior. For detection, we either use these clustered profiles as the roles or employ outlier detection techniques to identify behavior that deviates from the profiles. Our preliminary experimental evaluation on both real and synthetic database traces shows that our methods work well in practical situations.