Database Security Protection based on a New Mechanism

The database security is one of the important issues that should take a complete attention from researchers. Although applying the traditional security mechanisms, the database still violate from both of external and internal users. So, the researchers develop a Database Intrusion Detection System (DBIDS) to detect intrusion as soon as it occurs and override its malicious affects. The previous work developed a DBIDS as a third party product which is isolated from the DBMS security functions especially access controls. The lack of coordination and inter-operation between these two components prevent detecting and responding to ongoing attacks in real time, and, it causes high false alarm rate. On the other hand, one of the directions that are followed to build a profile is the data dependency model. Although this model is sufficient and related to the natural of database, it suffers from high false alarm rate. This means that it needs an enhancement to get its benefits and eliminate its drawbacks. This Paper aims to strengthen the database security via applying a DBID. To achieve this goal it develops an efficient IDS for DB and integrates it with DBMS for cooperation and completeness between the different parts in the security system. The experiments declare that the proposed model is an efficient DBIDS with a minimum false positive rate (nearly zero %) and maximum true positive rate (nearly 100%). Moreover, it is based on a novel method to build an accurate normal user profile and integrate it with access control.

[1]  Xin Jin,et al.  Architecture for Data Collection in Database Intrusion Detection Systems , 2007, Secure Data Management.

[2]  Abhinav Srivastava,et al.  Database Intrusion Detection using Weighted Sequence Mining , 2006, J. Comput..

[3]  Elisa Bertino,et al.  Detecting anomalous access patterns in relational databases , 2008, The VLDB Journal.

[4]  Marco Vieira,et al.  Detection of malicious transactions in DBMS , 2005, 11th Pacific Rim International Symposium on Dependable Computing (PRDC'05).

[5]  Yi Hu,et al.  Insider Threat in Database Systems: Preventing Malicious Users' Activities in Databases , 2009, 2009 Sixth International Conference on Information Technology: New Generations.

[6]  Sattar Hashemi,et al.  Detecting intrusion transactions in databases using data item dependencies and anomaly analysis , 2008, Expert Syst. J. Knowl. Eng..

[7]  Jiong Yang,et al.  Mining Sequential Patterns from Large Data Sets , 2005, Advances in Database Systems.

[8]  Justin Clarke,et al.  SQL Injection Attacks and Defense , 2009 .

[9]  Hung Q. Ngo,et al.  A Data-Centric Approach to Insider Attack Detection in Database Systems , 2010, RAID.

[10]  Peng Liu Architectures for intrusion tolerant database systems , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[11]  Hesham A. Ali,et al.  MINIMIZE THE FALSE POSITIVE RATE IN A DATABASE INTRUSION DETECTION SYSTEM , 2011 .

[12]  Morris Lewis SQL Server Security Distilled , 2004, Apress.

[13]  Sin Yeung Lee,et al.  Learning Fingerprints for a Database Intrusion Detection System , 2002, ESORICS.

[14]  Guofei Gu,et al.  Measuring intrusion detection capability: an information-theoretic approach , 2006, ASIACCS '06.

[15]  Ramez Elmasri,et al.  Fundamentals of Database Systems, 5th Edition , 2006 .

[16]  Marco Vieira,et al.  Integrated Intrusion Detection in Databases , 2007, LADC.

[17]  Marco Vieira,et al.  Online detection of malicious data access using DBMS auditing , 2008, SAC '08.

[18]  Yi Hu,et al.  A data mining approach for database intrusion detection , 2004, SAC '04.