Machine Learning
Dynamic Presentation of Phrasally-Based Document Abstractions
HICSS '99 Proceedings of the Thirty-Second Annual Hawaii International Conference on System Sciences-Volume 2 - Volume 2
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Automated text summarization and the SUMMARIST system
TIPSTER '98 Proceedings of a workshop on held at Baltimore, Maryland: October 13-15, 1998
Anomalous system call detection
ACM Transactions on Information and System Security (TISSEC)
Online detection of malicious data access using DBMS auditing
Proceedings of the 2008 ACM symposium on Applied computing
A dubiety-determining based model for database cumulated anomaly intrusion
Proceedings of the 2nd international conference on Scalable information systems
Detecting anomalous access patterns in relational databases
The VLDB Journal — The International Journal on Very Large Data Bases
Mechanisms for database intrusion detection and response
Proceedings of the 2nd SIGMOD PhD workshop on Innovative database research
A data damage tracking quarantine and recovery (DTQR) scheme for mission-critical database systems
Proceedings of the 12th International Conference on Extending Database Technology: Advances in Database Technology
SQLProb: a proxy-based architecture towards preventing SQL injection attacks
Proceedings of the 2009 ACM symposium on Applied Computing
Journal of Computer Security - Best papers of the Sec Track at the 2006 ACM Symposium
Learning SQL for Database Intrusion Detection Using Context-Sensitive Modelling (Extended Abstract)
DIMVA '09 Proceedings of the 6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Detection of Database Intrusion Using a Two-Stage Fuzzy System
ISC '09 Proceedings of the 12th International Conference on Information Security
Database Intrusion Detection Using Role Profiling with Role Hierarchy
SDM '09 Proceedings of the 6th VLDB Workshop on Secure Data Management
Exploiting execution context for the detection of anomalous system calls
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Swaddler: an approach for the anomaly-based detection of state violations in web applications
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Architecture for data collection in database intrusion detection systems
SDM'07 Proceedings of the 4th VLDB conference on Secure data management
Detecting data misuse by applying context-based data linkage
Proceedings of the 2010 ACM workshop on Insider threats
M-score: estimating the potential damage of data leakage incident by assigning misuseability weight
Proceedings of the 2010 ACM workshop on Insider threats
A data-centric approach to insider attack detection in database systems
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
A cryptographic scheme based on neural networks
ICCOM'06 Proceedings of the 10th WSEAS international conference on Communications
Weighted intra-transactional rule mining for database intrusion detection
PAKDD'06 Proceedings of the 10th Pacific-Asia conference on Advances in Knowledge Discovery and Data Mining
SENTINEL: securing database from logic flaws in web applications
Proceedings of the second ACM conference on Data and Application Security and Privacy
A comprehensive approach to anomaly detection in relational databases
DBSec'05 Proceedings of the 19th annual IFIP WG 11.3 working conference on Data and Applications Security
A learning-based approach to the detection of SQL attacks
DIMVA'05 Proceedings of the Second international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
D_DIPS: an intrusion prevention system for database security
ICICS'05 Proceedings of the 7th international conference on Information and Communications Security
TrustBus'07 Proceedings of the 4th international conference on Trust, Privacy and Security in Digital Business
Integrated intrusion detection in databases
LADC'07 Proceedings of the Third Latin-American conference on Dependable Computing
SQL injection detection via program tracing and machine learning
IDCS'12 Proceedings of the 5th international conference on Internet and Distributed Computing Systems
Securing data warehouses from web-based intrusions
WISE'12 Proceedings of the 13th international conference on Web Information Systems Engineering
Two-stage database intrusion detection by combining multiple evidence and belief update
Information Systems Frontiers
PostgreSQL anomalous query detector
Proceedings of the 16th International Conference on Extending Database Technology
Hi-index | 0.00 |
There is a growing security concern on the increasing number of databases that are accessible through the Internet. Such databases may contain sensitive information like credit card numbers and personal medical histories. Many e-service providers are reported to be leaking customers' information through their websites. The hackers exploited poorly coded programs that interface with backend databases using SQL injection techniques. We developed an architectural framework, DIDAFIT (Detecting Intrusions in DAtabases through FIngerprinting Transactions) [1], that can efficiently detect illegitimate database accesses. The system works by matching SQL statements against a known set of legitimate database transaction fingerprints. In this paper, we explore the various issues that arise in the collation, representation and summarization of this potentially huge set of legitimate transaction fingerprints. We describe an algorithm that summarizes the raw transactional SQL queries into compact regular expressions. This representation can be used to match against incoming database transactions efficiently. A set of heuristics is used during the summarization process to ensure that the level of false negatives remains low. This algorithm also takes into consideration incomplete logs and heuristically identifies "high risk" transactions.