A Bayesian Network Approach to Detecting Privacy Intrusion
WI-IATW '06 Proceedings of the 2006 IEEE/WIC/ACM international conference on Web Intelligence and Intelligent Agent Technology
Online detection of malicious data access using DBMS auditing
Proceedings of the 2008 ACM symposium on Applied computing
Detecting anomalous access patterns in relational databases
The VLDB Journal — The International Journal on Very Large Data Bases
DIWeDa - Detecting Intrusions in Web Databases
Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security
Responding to Anomalous Database Requests
SDM '08 Proceedings of the 5th VLDB workshop on Secure Data Management
Preventing conflict situations during authorization
WSEAS Transactions on Computers
A data damage tracking quarantine and recovery (DTQR) scheme for mission-critical database systems
Proceedings of the 12th International Conference on Extending Database Technology: Advances in Database Technology
Analysis of Data Dependency Based Intrusion Detection System
Proceedings of the 23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security XXIII
Detection of Database Intrusion Using a Two-Stage Fuzzy System
ISC '09 Proceedings of the 12th International Conference on Information Security
Database Intrusion Detection Using Role Profiling with Role Hierarchy
SDM '09 Proceedings of the 6th VLDB Workshop on Secure Data Management
Architecture for data collection in database intrusion detection systems
SDM'07 Proceedings of the 4th VLDB conference on Secure data management
Managing risks in RBAC employed distributed environments
OTM'07 Proceedings of the 2007 OTM confederated international conference on On the move to meaningful internet systems: CoopIS, DOA, ODBASE, GADA, and IS - Volume Part II
Role-based differentiation for insider detection algorithms
Proceedings of the 2010 ACM workshop on Insider threats
Privilege states based access control for fine-grained intrusion response
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
A trust-and-risk aware RBAC framework: tackling insider threat
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
A proposed model for data warehouse user behaviour using intrusion detection system
ACM SIGSOFT Software Engineering Notes
TrustBus'07 Proceedings of the 4th international conference on Trust, Privacy and Security in Digital Business
Integrated intrusion detection in databases
LADC'07 Proceedings of the Third Latin-American conference on Dependable Computing
PostgreSQL anomalous query detector
Proceedings of the 16th International Conference on Extending Database Technology
Evolving role definitions through permission invocation patterns
Proceedings of the 18th ACM symposium on Access control models and technologies
Self-protecting and self-optimizing database systems: implementation and experimental evaluation
Proceedings of the 2013 ACM Cloud and Autonomic Computing Conference
| Hi-index | 0.00 |
A considerable effort has been recently devoted to the development of Database Management Systems (DBMS) which guarantee high assurance security and privacy. An important component of any strong security solution is represented by intrusion detection (ID) systems, able to detect anomalous behavior by applications and users. To date, however, there have been very few ID mechanisms specifically tailored to database systems. In this paper, we propose such a mechanism. The approach we propose to ID is based on mining database traces stored in log files. The result of the mining process is used to form user profiles that can model normal behavior and identify intruders. An additional feature of our approach is that we couple our mechanism with Role Based Access Control (RBAC). Under a RBAC system permissions are associated with roles, usually grouping several users, rather than with single users. Our ID system is able to determine role intruders, that is, individuals that while holding a specific role, have a behavior different from the normal behavior of the role. An important advantage of providing an ID mechanism specifi- cally tailored to databases is that it can also be used to protect against insider threats. Furthermore, the use of roles makes our approach usable even for databases with large user population. Our preliminary experimental evaluation on both real and synthetic database traces show that our methods work well in practical situations.