Active Database Systems: Triggers and Rules for Advanced Database Processing
Active Database Systems: Triggers and Rules for Advanced Database Processing
Recovery from Malicious Transactions
IEEE Transactions on Knowledge and Data Engineering
Architectures for Intrusion Tolerant Database Systems
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
The Cyber Enemy Within ... Countering the Threat from Malicious Insiders
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
The Database Hacker's Handbook: Defending Database Servers
The Database Hacker's Handbook: Defending Database Servers
Intrusion Detection in RBAC-administered Databases
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Implementing Database Security and Auditing: Includes Examples for Oracle, SQL Server, DB2 UDB, Sybase
Information Assurance: Dependability and Security in Networked Systems
Information Assurance: Dependability and Security in Networked Systems
A taxonomy of intrusion response systems
International Journal of Information and Computer Security
Detecting anomalous access patterns in relational databases
The VLDB Journal — The International Journal on Very Large Data Bases
Auth-SL: a system for the specification and enforcement of quality-based authentication policies
ICICS'07 Proceedings of the 9th international conference on Information and communications security
Database Intrusion Detection and Response
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
| Hi-index | 0.00 |
Organizations have recently shown increased interest in database activity monitoring and anomaly detection techniques to safeguard their internal databases. Once an anomaly is detected, a response from the database is needed to contain the effects of the anomaly. However, the problem of issuing an appropriate response to a detected database anomaly has received little attention so far. In this paper, we propose a framework and policy language for issuing a response to a database anomaly based on the characteristics of the anomaly. We also propose a novel approach to dynamically change the state of the access control system in order to contain the damage that may be caused by the anomalous request. We have implemented our mechanisms in PostgreSQL and in the paper we discuss relevant implementation issues. We have also carried out an experimental evaluation to assess the performance overhead introduced by our response mechanism. The experimental results show that the techniques are very efficient.