Detecting anomalous access patterns in relational databases
The VLDB Journal — The International Journal on Very Large Data Bases
Mechanisms for database intrusion detection and response
Proceedings of the 2nd SIGMOD PhD workshop on Innovative database research
Detecting data misuse by applying context-based data linkage
Proceedings of the 2010 ACM workshop on Insider threats
M-score: estimating the potential damage of data leakage incident by assigning misuseability weight
Proceedings of the 2010 ACM workshop on Insider threats
A data-centric approach to insider attack detection in database systems
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Towards mechanisms for detection and prevention of data exfiltration by insiders: keynote talk paper
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Intrusion detection system for securing geographical information system web servers
W2GIS'04 Proceedings of the 4th international conference on Web and Wireless Geographical Information Systems
D_DIPS: an intrusion prevention system for database security
ICICS'05 Proceedings of the 7th international conference on Information and Communications Security
Two-stage database intrusion detection by combining multiple evidence and belief update
Information Systems Frontiers
| Hi-index | 0.00 |
Intrusion Detection (ID) has become an important technology for protecting information resources and databases from malicious attacks and information leakage. This paper proposes a novel two-layer mechanism to detect intrusions against a web-based database service. Layer one built historical profiles based on audit trails and other log data provided by the web server and database server. Pre-alarms would be triggered if anomalies occurred. Layer two made further analysis on the pre-alarms generated from layer one. Such methods integrated the alarm context with the alarms themselves rather than a simple "analysis in isolation". This would reduce error rates, especially false positives and greatly improve the accuracy of intrusion detection, alarm notification and hence more effective incident handling.