论文信息 - A Semantic Approach to Frequency Based Anomaly Detection of Insider Access in Database Management Systems

A Semantic Approach to Frequency Based Anomaly Detection of Insider Access in Database Management Systems

Timely detection of an insider attack is prevalent among challenges in database security. Research on anomaly-based database intrusion detection systems has received significant attention because of its potential to detect zero-day insider attacks. Such approaches differ mainly in their construction of normative behavior of (insider) role/user. In this paper, a different perspective on the construction of normative behavior is presented, whereby normative behavior is captured instead from the perspective of the DBMS itself. Using techniques from Statistical Process Control, a model of DBMS-oriented normal behavior is described that can be used to detect frequency based anomalies in database access. The approach is evaluated using a synthetic dataset and we also demonstrate this DBMS-oriented profile can be transformed into the more traditional role-oriented profiles.

Simon N. Foley | Barry O'Sullivan | Muhammad Imran Khan

[1] Stephanie Forrest,et al. A sense of self for Unix processes , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[2] Sin Yeung Lee,et al. Learning Fingerprints for a Database Intrusion Detection System , 2002, ESORICS.

[3] Hung Q. Ngo,et al. A Data-Centric Approach to Insider Attack Detection in Database Systems , 2010, RAID.

[4] Elisa Bertino,et al. Responding to Anomalous Database Requests , 2008, Secure Data Management.

[5] Simon N. Foley,et al. Runtime Detection of Zero-Day Vulnerability Exploits in Contemporary Software Systems , 2016, DBSec.

[6] Elisa Bertino,et al. Data and syntax centric anomaly detection for relational databases , 2016, WIREs Data Mining Knowl. Discov..

[7] Jerry den Hartog,et al. A white-box anomaly-based framework for database leakage detection , 2017, J. Inf. Secur. Appl..

[8] Elisa Bertino,et al. DetAnom: Detecting Anomalous Database Transactions by Insiders , 2015, CODASPY.

[9] Simon N. Foley,et al. Detecting Anomalous Behavior in DBMS Logs , 2016, CRiSIS.

[10] Giovanni Vigna,et al. Intrusion detection: a brief history and overview , 2002 .