MINIMIZE THE FALSE POSITIVE RATE IN A DATABASE INTRUSION DETECTION SYSTEM

A database intrusion detection system (DIDS) is used to detect potential violations in database security. DIDS follows other traditional database security mechanisms and network security mechanisms such as firewall and network intrusion detection. Therefore, it faces the intrusion from internal users or the intrusion that can be passed through other security layers. This means that the number of intrusion event is rare compared to the number of the normal event. Therefore, it is not efficient to raise a large number of false alarms to achieve a high detection rate. This paper introduces an enhancement for the data dependency model and integrates it with access control to override the high rate of false alarm and increase the detection rate.

[1]  Sin Yeung Lee,et al.  Learning Fingerprints for a Database Intrusion Detection System , 2002, ESORICS.

[2]  Javier Bajo,et al.  CBRid4SQL: A CBR Intrusion Detector for SQL Injection Attacks , 2010, HAIS.

[3]  Michael G. Solomon,et al.  Information Security Illuminated , 2004 .

[4]  Justin Clarke,et al.  SQL Injection Attacks and Defense , 2009 .

[5]  Bharat Gupta,et al.  An Anomaly Based Approach for Intrusion Detection by Authorized Users in Database Systems , 2010, ICISTM.

[6]  Abhinav Srivastava,et al.  Database Intrusion Detection using Weighted Sequence Mining , 2006, J. Comput..

[7]  Shamik Sural,et al.  Two-stage database intrusion detection by combining multiple evidence and belief update , 2013, Inf. Syst. Frontiers.

[8]  Sattar Hashemi,et al.  Detecting intrusion transactions in databases using data item dependencies and anomaly analysis , 2008, Expert Syst. J. Knowl. Eng..

[9]  Yi Hu,et al.  Insider Threat in Database Systems: Preventing Malicious Users' Activities in Databases , 2009, 2009 Sixth International Conference on Information Technology: New Generations.

[10]  Marco Vieira,et al.  Integrated Intrusion Detection in Databases , 2007, LADC.

[11]  Yi Hu,et al.  Mining Inter-transaction Data Dependencies for Database Intrusion Detection , 2008, SCSS.

[12]  Xin Jin,et al.  Architecture for Data Collection in Database Intrusion Detection Systems , 2007, Secure Data Management.

[13]  Michael Meier,et al.  Learning SQL for Database Intrusion Detection Using Context-Sensitive Modelling (Extended Abstract) , 2009, DIMVA.

[14]  Guofei Gu,et al.  Measuring intrusion detection capability: an information-theoretic approach , 2006, ASIACCS '06.

[15]  Cristian Pinzón,et al.  Classification Agent-Based Techniques for Detecting Intrusions in Databases , 2008, HAIS.

[16]  Marco Vieira,et al.  Online detection of malicious data access using DBMS auditing , 2008, SAC '08.

[17]  Yi Hu,et al.  A data mining approach for database intrusion detection , 2004, SAC '04.

[18]  Peng Liu Architectures for intrusion tolerant database systems , 2003, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[19]  Elisa Bertino,et al.  Detecting anomalous access patterns in relational databases , 2008, The VLDB Journal.

[20]  Hung Q. Ngo,et al.  A Data-Centric Approach to Insider Attack Detection in Database Systems , 2010, RAID.