Intrusion detection in RBAC-administered databases

Proceedings - Annual Computer Security Applications Conference, ACSAC

Volumn 2005, Issue , 2005, Pages 170-179

  Bertino, Elisa ^a   Kamra, Ashish ^a   Terzi, Evimaria ^b   Vakali, Athena ^c  

^a PURDUE UNIVERSITY   (United States)

^b UNIVERSITY OF HELSINKI   (Finland)

^c ARISTOTLE UNIVERSITY OF THESSALONIKI   (Greece)

Author keywords

[No Author keywords available]

Indexed keywords

ID MECHANISMS; ROLE BASED ACCESS CONTROL (RBAC); SYNTHETIC DATABASE TRACES;

DATA MINING; DATA PRIVACY; PUBLIC KEY CRYPTOGRAPHY; SECURITY OF DATA;

DATABASE SYSTEMS;

EID: 33846299959     PISSN: 10639527     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/CSAC.2005.33     Document Type: Conference Paper

References (25)

1. K. H. A. Hoglund and A. Sorvari. A computer host-based user anomaly detection using the self-organizing map. In Proceedings of the IEEE-INNS-ENNS International Joint Conference on Neural Networks (IJCNN), 2000.
2. R. Agrawal, R. J. B. Jr., C. Faloutsos, J. Kiernan, R. Rantzau, and R. Srikant. Auditing compliance with a hippocratic database. In Proceedings of the 30th international conference on Very Large Data Bases (VIDE), pages 516-527, 2004.
3. R. Agrawal, J. Kiernan, R. Srikant, and Y. Xu. Hippocratic databases. In Proceedings of the 28th international conference on Very Large Data Bases (VLDB), pages 143-154. Morgan-Kaufmann, 2002.
4. A. Anton, E.Bertino, N.Li, and T.Yu. A roadmap for comprehensive online privacy policies. In CERIAS Technical Report, 2004-47, 2004.
5. S. Axelsson. Intrusion detection systems: A survey and taxonomy. Technical Report 99-15, Chalmers Univ., Mar. 2000.
6. C. Chung, M. Gertz, and K. Levitt. Demids: a misuse detection system for database systems. In Proceedings of Integrity and Internal Control in Information Systems: Strategic Views on the Need for Control IFIP TC11 WG11.5 Third Working Conference, 2000.
7. P. Domingos and M. J. Pazzani. On the optimality of the simple bayesian classifier under zero-one loss. Machine Learning, 29(2-3):103-130, 1997.
8. Y. Hu and B. Panda. Identification of malicious transactions in database systems. In Proceedings of the International Database Engineering and Applications Symposium (IDEAS), 2003.
9. Z. Jian-ming and M. Jiang-feng. Intrusion-tolerant based architecture for database system security. Journal of Xidian University, 3(1), February 2003.
10. J. B. Joshi, R. Bhatti, E. Bertino, and A. Ghafoor. Access-control language for multidomain environments. IEEE Internet Computing, 8(6):40-50, 2004.
11. J.Vaidya and C. Clifton. Privacy-preserving data mining: Why, how, and when. IEEE Security and Privacy, 2(6): 19-27, 2004.
12. G. Karjoth. Access control with ibm tivoli access manager. ACM Transactions on Information and Systems Security (TISSEC), 6(2):232-257, 2003.
13. T. Lane and C. E. Brodley. Temporal sequence learning and data reduction for anomaly detection. ACM Transactions on Information and Systems Security (TISSEC), 2(3):295-331, 1999.
14. V. Lee, J. Stankovic, and S. Son. Intrusion detection in real-time databases via time signatures. In Proceedings of the Sixth IEEE Real-Time Technology and Applications Symposium (RTAS), 2000.
15. K. LeFevre, R. Agrawal, V. Ercegovac, R. Ramakrishnan, Y. Xu, and D. J. DeWitt. Limiting disclosure in hippocratic databases. In Proceedings of the 30th international conference on Very Large Data Bases (VIDE), pages 108-119, 2004.
16. P. Liu. Architectures for intrusion tolerant database systems. In Proceedings of the 18th Annual Computer Security Applications Conference (ACSAC), 2002.
17. T. Lunt, A. Tamaru, F. Gilham, R. Jagannathan, P. Neumann, H. Javitz, A. Valdes, and T. Garvey. A real - time intrusion detection expert system (ides) - final technical report. Technical Report, Computer Science Laboratory, SRI International, 1992.
18. T. M. Mitchell. Machine Learning. McGraw-Hill, 1997.
19. R. Sandhu, D. Ferraiolo, and R. Kuhn. The nist model for role based access control: Towards a unified standard. In Proceedings of the 5th ACM Workshop on Role Based Access Control, 2000.
20. R. Shariq, M. Alberto, S. S., and R. Prasan. Extending query rewriting techniques for fine-grained access control. In Proceedings of ACM SIGMOD, International Conference on Management of Data, 2004.
21. L. Sweeney. Achieving k-anonymity privacy protection using generalization and suppression. International Journal on Uncertainty, Fuzziness and Knowledge-based Systems, 10(5):571-588, 2002.
22. R. Talpade, G. Kim, and S. Khurana. Nomad: Traffic-based network monitoring framework for anomaly detection. In Proceedings of the 4th IEEE Symposium on Computers and Communications, 1999.
23. V. S. Verykios, E. Bertino, I.Nai-Fovino, L. P. Provenza, Y. Saygin, and Y.Theodoridis. State-of-the-art in privacy preserving data mining. SIGMOD Record, 33(1):50-57, 2004.
24. S. Wenhui and T. Tan. A novel intrusion detection system model for securing web-based database systems. In Proceedings of the 25th Annual International Computer Software and Applications Conference (COMPSAC), 2001.
25. Q. Yao, A. An, and X. Huang. Finding and analyzing database user sessions. In Proceedings of the 10th International Conference on Database Systems for Advanced Applications (DASFAA), 2005.