Mitigating Malicious Updates: Prevention of Insider Threat to Databases

Insider threats cause serious damage to data in any organization and is considered as a grave issue. In spite of the presence of threat prevention mechanisms, insiders can continue to attack a database by figuring out the dependency relationships among data items. Thus, examining write operations performed by an insider by taking advantage of dependencies aids in mitigating insider threats. We have developed two attack prevention models, which involve logs and dependency graphs respectively, to monitor data items and prevent malicious operations on them. The developed algorithms have been implemented on a simulated database and the results show that the models effectively mitigate insider threats arising from write operations.

[1]  Robert H. Anderson,et al.  Understanding the Insider Threat , 2004 .

[2]  Csilla Farkas,et al.  The Inference Problem and Updates in Relational Databases , 2001, DBSec.

[3]  Pascal van Eck,et al.  Defense against Insider Threat: a Framework for Gathering Goal-based Requirements , 2006, EMMSAD.

[4]  Hung Q. Ngo,et al.  Towards a theory of insider threat assessment , 2005, 2005 International Conference on Dependable Systems and Networks (DSN'05).

[5]  Sushil Jajodia,et al.  Secure Databases: Constraints, Inference Channels, and Monitoring Disclosures , 2000, IEEE Trans. Knowl. Data Eng..

[6]  B. Panda,et al.  A Knowledge-Base Model for Insider Threat Prediction , 2007, 2007 IEEE SMC Information Assurance and Security Workshop.

[7]  Sushil Jajodia,et al.  The inference problem: a survey , 2002, SKDD.

[8]  Brajendra Panda,et al.  Mitigation of Malicious Modifications by Insiders in Databases , 2011, ICISS.

[9]  Karl N. Levitt,et al.  Data level inference detection in database systems , 1998, Proceedings. 11th IEEE Computer Security Foundations Workshop (Cat. No.98TB100238).

[10]  Sara Matzner,et al.  Analysis and Detection of Malicious Insiders , 2005 .

[11]  Lance Spitzner,et al.  Honeypots: catching the insider threat , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[12]  Brajendra Panda,et al.  Enhanced Insider Threat Detection Model that Increases Data Availability , 2011, ICDCIT.

[13]  Hung Q. Ngo,et al.  Insider abuse comprehension through capability acquisition graphs , 2008, 2008 11th International Conference on Information Fusion.

[14]  Indrajit Ray,et al.  Using Attack Trees to Identify Malicious Attacks from Authorized Insiders , 2005, ESORICS.

[15]  Ning Hu,et al.  A Layered Approach to Insider Threat Detection and Proactive Forensics , 2005 .

[16]  Shari Lawrence Pfleeger,et al.  Insiders Behaving Badly , 2008, IEEE Security & Privacy.

[17]  Carrie Gates,et al.  Defining the insider threat , 2008, CSIIRW '08.