An Anomaly Based Approach for Intrusion Detection by Authorized Users in Database Systems

This paper is an attempt to introduce a new approach on increasing the security of database systems. Securing databases involves external as well as internal misuse detection and prevention. SQL injection handling and access control mechanism prevents misuse through unauthorized access to the database. This allows only those users to access database contents who are meant to use it. However, if there is an intentional or unintentional misuse by some authorized user, then it becomes very difficult to identify and prevent that misuse then and there only. Such misuse scenarios can be detected later by auditing the transaction log. Therefore the need for a robust query intrusion detection model for database system arises. The model proposed in this paper detects such types of misuses by authorized users and classifies them as legitimate or anomalous by analyzing the nature of queries they fire and tuning itself based on the responses to the alarms raised.

[1]  Richard T. Snodgrass,et al.  Forensic analysis of database tampering , 2008, TODS.

[2]  Iyatiti Mokube,et al.  Honeypots: concepts, approaches, and challenges , 2007, ACM-SE 45.

[3]  Joohan Lee,et al.  A dynamic data mining technique for intrusion detection systems , 2005, ACM Southeast Regional Conference.

[4]  Elisa Bertino,et al.  Intrusion detection in RBAC-administered databases , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[5]  Sin Yeung Lee,et al.  Learning Fingerprints for a Database Intrusion Detection System , 2002, ESORICS.

[6]  Yi Hu,et al.  Identification of malicious transactions in database systems , 2003, Seventh International Database Engineering and Applications Symposium, 2003. Proceedings..

[7]  Frank S. Rietta Application layer intrusion detection for SQL injection , 2006, ACM-SE 44.

[8]  Paulo B. Góes,et al.  Interval Protection of Confidential Information in a Database , 1998, INFORMS J. Comput..

[9]  Pier Luca Lanzi,et al.  Mining constraint violations , 2007, TODS.

[10]  Dieter Gollmann,et al.  Computer Security — ESORICS 2002 , 2002, Lecture Notes in Computer Science.

[11]  Zhen Zhu,et al.  A clustering method based on data queries and its application in database intrusion detection , 2005, 2005 International Conference on Machine Learning and Cybernetics.

[12]  Jianying Zhou,et al.  Theoretical basis for intrusion detection , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.