Integrated intrusion detection in databases

Authors:
José Fonseca;Marco Vieira;Henrique Madeira
Affiliations:
CISUC, Department of Informatics Engineering, University of Coimbra, Portugal;CISUC, Department of Informatics Engineering, University of Coimbra, Portugal;CISUC, Department of Informatics Engineering, University of Coimbra, Portugal
Venue:
LADC'07 Proceedings of the Third Latin-American conference on Dependable Computing
Year:
2007

Citing 8
Cited 1

DEMIDS: a misuse detection system for database systems

Integrity and internal control information systems
The Data Warehouse Lifecycle Toolkit: Expert Methods for Designing, Developing and Deploying Data Warehouses with CD Rom

The Data Warehouse Lifecycle Toolkit: Expert Methods for Designing, Developing and Deploying Data Warehouses with CD Rom
Learning Fingerprints for a Database Intrusion Detection System

ESORICS '02 Proceedings of the 7th European Symposium on Research in Computer Security
DAIS: A Real-Time Data Attack Isolation System for Commercial Database Applications

ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Intrusion Detection in RBAC-administered Databases

ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Detection of Malicious Transactions in DBMS

PRDC '05 Proceedings of the 11th Pacific Rim International Symposium on Dependable Computing
A Practical Approach for Automated Test Case Generation using Statecharts

COMPSAC '06 Proceedings of the 30th Annual International Computer Software and Applications Conference - Volume 02
Hippocratic databases

VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases

Database Intrusion Detection Using Role Profiling with Role Hierarchy

SDM '09 Proceedings of the 6th VLDB Workshop on Secure Data Management

Quantified Score

Hi-index	0.00

Visualization

Abstract

Database management systems (DBMS), which are the ultimate layer in preventing malicious data access or corruption, implement several security mechanisms to protect data. However these mechanisms cannot always stop malicious users from accessing the data by exploiting system vulnerabilities. In fact, when a malicious user accesses the database there is no effective way to detect and stop the attack in due time. This practical experience report presents a tool that implements concurrent intrusion detection in DBMS. This tool analyses the transactions the users execute and compares them with the profile of the authorized transactions that were previously learned in order to detect potential deviations. The tool was evaluated using the transactions from a standard database benchmark (TPC-W) and a real database application. Results show that the proposed intrusion detection tool can effectively detect SQL-based attacks with no false positives and no overhead to the server.