A Multi-Leveled Approach to Intrusion Detection and the Insider Threat

When considering Intrusion Detection and the Insider Threat, most researchers tend to focus on the network architecture rather than the database which is the primary target of data theft. It is understood that the network level is adequate for many intrusions where entry into the system is being sought however it is grossly inadequate when considering the database and the authorized insider. Recent writings suggest that there have been many attempts to address the insider threat phenomena in regards to database technologies by the utilization of detection methodologies, policy management systems and behavior analysis methods however, there appears to be a lacking in the development of adequate solutions that will achieve the level of detection that is required. While it is true that Authorization is the cornerstone to the security of the database implementation, authorization alone is not enough to prevent the authorized entity from initiating malicious activities in regards to the data stored within the database. Behavior of the authorized entity must also be considered along with current data access control policies. Each of the previously mentioned approaches to intrusion detection at the database level has been considered individually, however, there has been limited research in producing a multileveled approach to achieve a robust solution. The research presented outlines the development of a detection framework by introducing a process that is to be implemented in conjunction with information requests. By utilizing this approach, an effective and robust methodology has been achieved that can be used to determine the probability of an intrusion by the authorized entity, which ultimately address the insider threat phenomena at its most basic level.

[1]  Gang Lu,et al.  A dubiety-determining based model for database cumulated anomaly intrusion , 2007 .

[2]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1986, 1986 IEEE Symposium on Security and Privacy.

[3]  Thomas Weigert,et al.  An adaptive automatically tuning intrusion detection system , 2008, TAAS.

[4]  Jan H. P. Eloff,et al.  PIDS: a privacy intrusion detection system , 2004, Internet Res..

[5]  Ulrich Güntzer,et al.  Algorithms for association rule mining — a general survey and comparison , 2000, SKDD.

[6]  Jacques Feldens Intrusion Detection Systems: A Survey , 2013 .

[7]  Marco Vieira,et al.  Online detection of malicious data access using DBMS auditing , 2008, SAC '08.

[8]  Yi Hu,et al.  A data mining approach for database intrusion detection , 2004, SAC '04.

[9]  P. A. Comella Computer software documentation , 1973 .

[10]  Elisa Bertino,et al.  Mechanisms for database intrusion detection and response , 2008, IDAR '08.

[11]  Nick Cercone,et al.  A Bayesian Network Approach to Detecting Privacy Intrusion , 2006, 2006 IEEE/WIC/ACM International Conference on Web Intelligence and Intelligent Agent Technology Workshops.

[12]  Das Amrita,et al.  Mining Association Rules between Sets of Items in Large Databases , 2013 .

[13]  Hervé Debar,et al.  A neural network component for an intrusion detection system , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[14]  Stefan Axelsson,et al.  Combining a bayesian classifier with visualisation: understanding the IDS , 2004, VizSEC/DMSEC '04.

[15]  Stefan Axelsson,et al.  Intrusion Detection Systems: A Survey and Taxonomy , 2002 .

[16]  Phillip J. Windley Digital identity , 2005 .

[17]  Richard P. Lippmann,et al.  An Overview of Issues in Testing Intrusion Detection Systems , 2003 .

[18]  Ramakrishnan Srikant,et al.  Fast algorithms for mining association rules , 1998, VLDB 1998.

[19]  Elisa Bertino,et al.  Detecting anomalous access patterns in relational databases , 2008, The VLDB Journal.

[20]  William L. Fithen,et al.  State of the Practice of Intrusion Detection Technologies , 2000 .

[21]  Silvana Castano,et al.  Database Security , 1997, IFIP Advances in Information and Communication Technology.

[22]  Yuval Elovici,et al.  Database encryption: an overview of contemporary challenges and design considerations , 2010, SGMD.

[23]  Ramakrishnan Srikant,et al.  Fast Algorithms for Mining Association Rules in Large Databases , 1994, VLDB.

[24]  Joseph Petito Computer Software Documentation , 1974 .

[25]  R. M. A. P. Rajatheva,et al.  An efficient collaborative intrusion detection system for MANET using Bayesian Approach , 2006, MSWiM '06.

[26]  Eugene H. Spafford,et al.  An Application of Pattern Matching in Intrusion Detection , 1994 .

[27]  Richard A. Kemmerer,et al.  State Transition Analysis: A Rule-Based Intrusion Detection Approach , 1995, IEEE Trans. Software Eng..