DIDAFIT: Detecting Intrusions in Databases Through Fingerprinting Transactions

The most valuable information assets of an organization are often stored in databases and it is pertinent for such organizations to ensure the integrity and confidentiality of their databases. With the proliferation of ecommerce sites that are backed by database systems, databases that are available online 24 7 are ubiquitous. Data in these databases ranges from credit card numbers to personal medical records. Failing to protect these databases from intrusions will result in loss of customers’ confidence and might even result in lawsuits. Database intrusion refers to the unauthorized access and misuse of database systems. Database intrusion detection systems identify suspicious, abnormal or downright malicious accesses to the database system. However, there is little existing work on detecting intrusions in databases. We present a technique that can efficiently identify anomalous accesses to the database. Our technique charaterizes legitimate accesses through fingerprinting their constituent SQL statements. These fingerprints are then used to detect illegitimate accesses. We illustrate how this technique can be used in a typical client-server database system setup. Experimental results show that the technique is efficient and scales up well. Our contributions include introducing a novel process for fingerprinting SQL statements and developing an efficient technique to detect anomalous database accesses.