RBAC '95 Proceedings of the first ACM Workshop on Role-based access control
DEMIDS: a misuse detection system for database systems
Integrity and internal control information systems
Configuring role-based access control to enforce mandatory and discretionary access control policies
ACM Transactions on Information and System Security (TISSEC)
Machine Learning
Learning Fingerprints for a Database Intrusion Detection System
ESORICS '02 Proceedings of the 7th European Symposium on Research in Computer Security
Intrusion Detection in Real-Time Database Systems via Time Signatures
RTAS '00 Proceedings of the Sixth IEEE Real Time Technology and Applications Symposium (RTAS 2000)
Intrusion Detection in RBAC-administered Databases
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Detecting anomalous access patterns in relational databases
The VLDB Journal — The International Journal on Very Large Data Bases
A learning-based approach to the detection of SQL attacks
DIMVA'05 Proceedings of the Second international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Integrated intrusion detection in databases
LADC'07 Proceedings of the Third Latin-American conference on Dependable Computing
Evolving role definitions through permission invocation patterns
Proceedings of the 18th ACM symposium on Access control models and technologies
| Hi-index | 0.00 |
Insider threats cause the majority of computer system security problems. An anomaly-based intrusion detection system (IDS), which can profile normal behaviors for all users and detect anomalies when a user's behaviors deviate from his/her profiles, can be effective to protect computer systems against insider threats. Although many IDSes have been developed at the network or host level, there are still very few IDSes specifically tailored to database systems. We build our anomaly-based database IDS using two different profiling methods: one is to build profiles for each individual user (user profiling) and the other is to mine profiles for roles (role profiling) when role-based access control (RBAC) is supported by the database management system (DBMS). Detailed comparative evaluations between role profiling and user profiling are conducted, and we also analyze the reasons why role profiling is more effective and efficient than user profiling. Another contribution of our work is that we introduce role hierarchies into database IDS and remarkably reduce the false positive rate without increasing the false negative rate.