Approaches and Challenges in Database Intrusion Detection

Databases often support enterprise business and store its secrets. This means that securing them from data damage and information leakage is critical. In order to deal with intrusions against database systems, Database Intrusion Detection Systems (DIDS) are frequently used. This paper presents a survey on the main database intrusion detection techniques currently available and discusses the issues concerning their application at the database server layer. The identified weak spots show that most DIDS inadequately deal with many characteristics of specific database systems, such as ad hoc workloads and alert management issues in data warehousing environments, for example. Based on this analysis, research challenges are presented, and requirements and guidelines for the design of new or improved DIDS are proposed. The main finding is that the development and benchmarking of specifically tailored DIDS for the context in which they operate is a relevant issue, and remains a challenge. We trust this work provides a strong incentive to open the discussion between both the security and database research communities.

[1]  Marco Vieira,et al.  Online detection of malicious data access using DBMS auditing , 2008, SAC '08.

[2]  Yi Hu,et al.  A data mining approach for database intrusion detection , 2004, SAC '04.

[3]  Michael Meier,et al.  Learning SQL for Database Intrusion Detection Using Context-Sensitive Modelling (Extended Abstract) , 2009, DIMVA.

[4]  Abhinav Srivastava,et al.  Database Intrusion Detection using Weighted Sequence Mining , 2006, J. Comput..

[5]  Al-Sakib Khan Pathan,et al.  A Detailed Survey on Various Aspects of SQL Injection in Web Applications: Vulnerabilities, Innovative Attacks, and Remedies , 2013, Int. J. Commun. Networks Inf. Secur..

[6]  Huaikou Miao,et al.  D_DIPS: An Intrusion Prevention System for Database Security , 2005, ICICS.

[7]  Tadeusz Pietraszek,et al.  Using Adaptive Alert Classification to Reduce False Positives in Intrusion Detection , 2004, RAID.

[8]  Venu Govindaraju,et al.  Data mining for intrusion detection: techniques, applications and systems , 2004, Proceedings. 20th International Conference on Data Engineering.

[9]  Elisa Bertino,et al.  Detecting anomalous access patterns in relational databases , 2008, The VLDB Journal.

[10]  Tadeusz Pietraszek,et al.  Data mining and machine learning - Towards reducing false positives in intrusion detection , 2005, Inf. Secur. Tech. Rep..

[11]  Hung Q. Ngo,et al.  A Data-Centric Approach to Insider Attack Detection in Database Systems , 2010, RAID.

[12]  Peng Ning,et al.  Analyzing Intensive Intrusion Alerts via Correlation , 2002, RAID.

[13]  Klaus Julisch,et al.  Data Mining for Intrusion Detection , 2002, Applications of Data Mining in Computer Security.

[14]  Dong Xiang,et al.  Information-theoretic measures for anomaly detection , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[15]  Ramakrishna Thurimella,et al.  A Framework for the Application of Association Rule Mining in Large Intrusion Detection Infrastructures , 2006, RAID.

[16]  Shamik Sural,et al.  A column dependency-based approach for static and dynamic recovery of databases from malicious transactions , 2009, International Journal of Information Security.

[17]  Elisa Bertino,et al.  Intrusion detection in RBAC-administered databases , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[18]  Rajeev Motwani,et al.  Auditing SQL Queries , 2008, 2008 IEEE 24th International Conference on Data Engineering.

[19]  Adrian Spalka,et al.  A Comprehensive Approach to Anomaly Detection in Relational Databases , 2005, DBSec.

[20]  Alfonso Valdes,et al.  Probabilistic Alert Correlation , 2001, Recent Advances in Intrusion Detection.

[21]  Michael Gertz,et al.  DEMIDS: A Misuse Detection System for Database Systems , 2000, IICIS.

[22]  Al-Sakib Khan Pathan,et al.  A Detailed Survey on Various Aspects of SQL Injection: Vulnerabilities, Innovative Attacks, and Remedies , 2012, ArXiv.

[23]  Victor C. S. Lee,et al.  Intrusion detection in real-time database systems via time signatures , 2000, Proceedings Sixth IEEE Real-Time Technology and Applications Symposium. RTAS 2000.

[24]  Yong Zhong,et al.  Database intrusion detection based on user query frequent itemsets mining with item constraints , 2004, InfoSecu '04.

[25]  Hervé Debar,et al.  Aggregation and Correlation of Intrusion-Detection Alerts , 2001, Recent Advances in Intrusion Detection.

[26]  Aikaterini Mitrokotsa,et al.  DDoS attacks and defense mechanisms: classification and state-of-the-art , 2004, Comput. Networks.

[27]  Shamik Sural,et al.  Database intrusion detection using sequence alignment , 2010, International Journal of Information Security.

[28]  T. Pham-Gia,et al.  The mean and median absolute deviations , 2001 .

[29]  Abhinav Srivastava,et al.  Weighted Intra-transactional Rule Mining for Database Intrusion Detection , 2006, PAKDD.

[30]  Michael Meier,et al.  Learning SQL for Database Intrusion Detection using Context-Sensitive Modelling , 2009, LWA.

[31]  Sin Yeung Lee,et al.  Learning Fingerprints for a Database Intrusion Detection System , 2002, ESORICS.

[32]  Elisa Bertino,et al.  Design and Implementation of an Intrusion Response System for Relational Databases , 2011, IEEE Transactions on Knowledge and Data Engineering.