A proposed model for data warehouse user behaviour using intrusion detection system

Data Warehouse (DW) systems maintain sensitive and crucial information, which is integrated from various heterogenous sources of organization. With the ever increasing deployment and usage of networks, these systems are becoming more vulnerable to malicious attacks. With the increased number of attacks, intrusion detection has become vital part of Information Security. In this paper, we have proposed a model for analyzing and detecting anomalous events based on user behavior analysis through usage patterns, user profiles and session management. After monitoring the events in the system, if any intrusion activity occurs, then alerts are issued to system administrators. Since a user profile is not necessarily fixed but rather it evolves with changing time, so a dynamic user behavior modeling is represented as a sequence of events and combination of fact and dimension tables accessed by the users. In this way, DW systems may be protected by the malicious attacks.

[1]  Jan Jürjens,et al.  Towards the Secure Modelling of OLAP Users' Behaviour , 2010, Secure Data Management.

[2]  Stephen R. Gardner Building the data warehouse , 1998, CACM.

[3]  Matt Bishop,et al.  Computer Security: Art and Science , 2002 .

[4]  G. Nazer Current Intrusion Detection Techniques in Information Technology-A Detailed Analysis , 2011 .

[5]  Eric B. Cole,et al.  Network Security Bible , 2005 .

[6]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[7]  Yi Hu,et al.  A data mining approach for database intrusion detection , 2004, SAC '04.

[8]  Kenneth Revett A bioinformatics based approach to user authentication via keystroke dynamics , 2009 .

[9]  Elisa Bertino,et al.  Intrusion detection in RBAC-administered databases , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[10]  Harley Kozushko,et al.  Intrusion Detection : Host-Based and Network-Based Intrusion Detection Systems , 2003 .

[11]  George M. Mohay,et al.  Detection of Anomalies from User Profiles Generated from System Logs , 2011, AISC.

[12]  Robert Rinnan Benefits of centralized log file correlation , 2005 .

[13]  Andrew Sears,et al.  Automated stress detection using keystroke and linguistic features: An exploratory study , 2009, Int. J. Hum. Comput. Stud..

[14]  Aurobindo Sundaram,et al.  An introduction to intrusion detection , 1996, CROS.

[15]  Naji Habra,et al.  ASAX: Software Architecture and Rule-Based Language for Universal Audit Trail Analysis , 1992, ESORICS.

[16]  Dhinaharan Nagamalai,et al.  Analysis of Web Logs and Web User in Web Mining , 2011, ArXiv.

[17]  Eugene H. Spafford James P. Anderson: An Information Security Pioneer , 2008, IEEE Security & Privacy Magazine.

[18]  Victor C. S. Lee,et al.  Intrusion detection in real-time database systems via time signatures , 2000, Proceedings Sixth IEEE Real-Time Technology and Applications Symposium. RTAS 2000.

[19]  Jude W. Shavlik,et al.  Selection, combination, and evaluation of effective software sensors for detecting abnormal computer usage , 2004, KDD.

[20]  Nikhil Kumar Singh,et al.  An Approach to Understand the End User Behavior through Log Analysis , 2010 .

[21]  Carla E. Brodley,et al.  User re-authentication via mouse movements , 2004, VizSEC/DMSEC '04.

[22]  Yong Peng,et al.  A Practical Database Intrusion Detection System Framework , 2009, 2009 Ninth IEEE International Conference on Computer and Information Technology.

[23]  Michael Gertz,et al.  DEMIDS: A Misuse Detection System for Database Systems , 2000, IICIS.