Learning SQL for Database Intrusion Detection Using Context-Sensitive Modelling (Extended Abstract)

Authors:
Christian Bockermann;Martin Apel;Michael Meier
Affiliations:
Artificial Intelligence Group, Department of Computer Science, Technische Universität Dortmund,;Information Systems and Security Group, Department of Computer Science, Technische Universität Dortmund,;Information Systems and Security Group, Department of Computer Science, Technische Universität Dortmund,
Venue:
DIMVA '09 Proceedings of the 6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Year:
2009

Citing 12
Cited 4

Naive (Bayes) at Forty: The Independence Assumption in Information Retrieval

ECML '98 Proceedings of the 10th European Conference on Machine Learning
Learning Fingerprints for a Database Intrusion Detection System

ESORICS '02 Proceedings of the 7th European Symposium on Research in Computer Security
Anomaly detection of web-based attacks

Proceedings of the 10th ACM conference on Computer and communications security
A data mining approach for database intrusion detection

Proceedings of the 2004 ACM symposium on Applied computing
Snort - Lightweight Intrusion Detection for Networks

LISA '99 Proceedings of the 13th USENIX conference on System administration
Using parse tree validation to prevent SQL injection attacks

SEM '05 Proceedings of the 5th international workshop on Software engineering and middleware
An anomaly-driven reverse proxy for web applications

Proceedings of the 2006 ACM symposium on Applied computing
On the Automated Creation of Understandable Positive Security Models for Web Applications

PERCOM '08 Proceedings of the 2008 Sixth Annual IEEE International Conference on Pervasive Computing and Communications
DIWeDa - Detecting Intrusions in Web Databases

Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security
Learning and Classification of Malware Behavior

DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Incorporation of Application Layer Protocol Syntax into Anomaly Detection

ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
A multi-model approach to the detection of web-based attacks

Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security

Towards adjusting mobile devices to user's behaviour

MSM'10/MUSE'10 Proceedings of the 2010 international conference on Analysis of social media and ubiquitous data
CBRid4SQL: a CBR intrusion detector for SQL injection attacks

HAIS'10 Proceedings of the 5th international conference on Hybrid Artificial Intelligence Systems - Volume Part II
SQL injection attack mechanisms and prevention techniques

ADCONS'11 Proceedings of the 2011 international conference on Advanced Computing, Networking and Security
SQL injection detection via program tracing and machine learning

IDCS'12 Proceedings of the 5th international conference on Internet and Distributed Computing Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

Modern multi-tier application systems are generally based on high performance database systems in order to process and store business information. Containing valuable business information, these systems are highly interesting to attackers and special care needs to be taken to prevent any malicious access to this database layer. In this work we propose a novel approach for modelling SQL statements to apply machine learning techniques, such as clustering or outlier detection, in order to detect malicious behaviour at the database transaction level. The approach incorporates the parse tree structure of SQL queries as characteristic e.g. for correlating SQL queries with applications and distinguishing benign and malicious queries. We demonstrate the usefulness of our approach on real-world data.