DEMIDS: a misuse detection system for database systems
Integrity and internal control information systems
ACM Transactions on Computer Systems (TOCS)
Simple, state-based approaches to program-based anomaly detection
ACM Transactions on Information and System Security (TISSEC)
Learning Fingerprints for a Database Intrusion Detection System
ESORICS '02 Proceedings of the 7th European Symposium on Research in Computer Security
Intrusion Detection in Real-Time Database Systems via Time Signatures
RTAS '00 Proceedings of the Sixth IEEE Real Time Technology and Applications Symposium (RTAS 2000)
Gray-box extraction of execution graphs for anomaly detection
Proceedings of the 11th ACM conference on Computer and communications security
Detecting anomalous access patterns in relational databases
The VLDB Journal — The International Journal on Very Large Data Bases
Mechanisms for database intrusion detection and response
Proceedings of the 2nd SIGMOD PhD workshop on Innovative database research
Data classification process for security and privacy based on a fuzzy logic classifier
International Journal of Electronic Finance
Splash: ad-hoc querying of data and statistical models
Proceedings of the 13th International Conference on Extending Database Technology
Architecture for data collection in database intrusion detection systems
SDM'07 Proceedings of the 4th VLDB conference on Secure data management
Detecting data misuse by applying context-based data linkage
Proceedings of the 2010 ACM workshop on Insider threats
M-score: estimating the potential damage of data leakage incident by assigning misuseability weight
Proceedings of the 2010 ACM workshop on Insider threats
A data-centric approach to insider attack detection in database systems
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
PostgreSQL anomalous query detector
Proceedings of the 16th International Conference on Extending Database Technology
Hi-index | 0.00 |
Anomaly detection systems assume that a certain deviation from the regular behaviour of a system can be an indicator for a security violation. They proved their usefulness to networks and operating systems for a long time, but are much less prominent in the field of databases. Relational databases operate on attributes within relations, ie, on data with a very uniform structure, which makes them a prime target for anomaly detection systems. This work presents such a system for the database extension and the user interaction with a DBMS; it also proposes a misuse detection system for the database scheme. In a comprehensive investigation we compare two approaches to deal with the database extension, one based on reference values and one based on Δ-relations, and show that already standard statistical functions yield good detection results. We then apply our methods to the user interaction, which is split into user input and DBMS behaviour. All methods have been implemented in a semi-automatic anomaly detection tool for the MS SQL Server 2000.