Malicious Users' Transactions: Tackling Insider Threat

This paper investigates the issues of malicious transactions by insiders in database systems. It establishes a number of rule sets to constrain the relationship between data items and transactions. A type of graph, called Predictive Dependency Graph, has been developed to determine data flow patterns among data items. This helps in foretelling which operation of a transaction has the ability to subsequently affect a sensitive data item. In addition, the paper proposes a mechanism to monitor suspicious insiders’ activities and potential harm to the database. With the help of the Predictive DependencyGraphs, the presented model predicts and prevents potential damage caused by malicious transactions.

[1]  Robert F. Mills,et al.  Insider Threat Prevention, Detection and Mitigation , 2009 .

[2]  Stephen H. Conrad,et al.  A behavioral theory of insider-threat risks: A system dynamics approach , 2008, TOMC.

[3]  Salvatore J. Stolfo,et al.  A framework for constructing features and models for intrusion detection systems , 2000, TSEC.

[4]  Indrajit Ray,et al.  Using Attack Trees to Identify Malicious Attacks from Authorized Insiders , 2005, ESORICS.

[5]  Michael Gertz,et al.  DEMIDS: A Misuse Detection System for Database Systems , 2000, IICIS.

[6]  BertinoElisa,et al.  Detecting anomalous access patterns in relational databases , 2008, VLDB 2008.

[7]  Abhinav Srivastava,et al.  Weighted Intra-transactional Rule Mining for Database Intrusion Detection , 2006, PAKDD.

[8]  David D. Clark,et al.  A Comparison of Commercial and Military Computer Security Policies , 1987, 1987 IEEE Symposium on Security and Privacy.

[9]  Sin Yeung Lee,et al.  Learning Fingerprints for a Database Intrusion Detection System , 2002, ESORICS.

[10]  Brajendra Panda,et al.  Predicting and Preventing Insider Threat in Relational Database Systems , 2010, WISTP.

[11]  Yi Hu,et al.  Design and Analysis of Techniques for Detection of Malicious Activities in Database Systems , 2005, Journal of Network and Systems Management.

[12]  Wanyu Zang,et al.  Multi-version attack recovery for workflow systems , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[13]  Brajendra Panda,et al.  Malicious Modification Attacks by Insiders in Relational Databases: Prediction and Prevention , 2010, 2010 IEEE Second International Conference on Social Computing.