A data-centric approach to insider attack detection in database systems

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 6307 LNCS, Issue , 2010, Pages 382-401

  Mathew, Sunu ^a   Petropoulos, Michalis ^b   Ngo, Hung Q ^b   Upadhyaya, Shambhu ^b  

^a AMAZON   (United States)

^b State University of New York   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

INTRUSION DETECTION; LEARNING ALGORITHMS; QUERY PROCESSING;

DATA-CENTRIC APPROACHES; DATABASE SECURITY; FEATURE EXTRACTION METHODS; INSIDER-ATTACK DETECTION; PERFORMANCE ISSUES; QUERY EXPRESSION; SECURITY PROBLEMS; STATISTICAL LEARNING;

DATABASE SYSTEMS;

EID: 78249276495     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-642-15512-3_20     Document Type: Conference Paper

References (36)

1. Owasp top 10 2007 (2007), http://www.owasp.org/index.php/Top-10-2007
2. Owasp-sql injection prevention cheat sheet (2008), http://www.owasp.org/ index.php/SQL-Injection-Prevention-Cheat-Sheet
3. Acharya, S., Gibbons, P.B., Poosala, V., Ramaswamy, S.: Join synopses for approximate query answering. In: SIGMOD Conference, pp. 275-286 (1999)
4. Agrawal, R., Srikant, R.: Privacy-preserving data mining. In: Proc. of the ACM SIGMOD Conference on Management of Data (SIGMOD 2000), pp. 439-450 (2000)
5. Babcock, B., Chaudhuri, S., Das, G.: Dynamic sample selection for approximate query processing. In: SIGMOD Conference, pp. 539-550 (2003)
6. Bishop, C.M.: Pattern Recognition and Machine Learning. Springer, Heidelberg (October 2007)
7. Bishop, M.: The insider problem revisited. In: Proc. of the 2005 Workshop on New Security Paradigms (NSPW 2005), pp. 75-76 (2005)
8. Brackney, R., Anderson, R.: Understanding the Insider Threat: Proceedings of a March 2004 Workshop. RAND Corp. (2004)
9. Buneman, P., Khanna, S., Tan, W.C.: Why and where: A characterization of data provenance. In: ICDT, pp. 316-330 (2001)
10. Calvanese, D., Giacomo, G.D., Lenzerini, M.: On the decidability of query containment under constraints. In: Proc. of the ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems (PODS 1998), pp. 149-158 (1998)
11. Cappelli, D.: Preventing insider sabotage: Lessons learned from actual attacks (2005), http://www.cert.org/archive/pdf/InsiderThreatCSI.pdf
12. Chaudhuri, S., Motwani, R., Narasayya, V.R.: On random sampling over joins. In: SIGMOD Conference, pp. 263-274 (1999)
13. Chung, C.Y., Gertz, M., Levitt, K.: Demids: a misuse detection system for database systems. In: Integrity and Internal Control Information Systems: Strategic Views on the Need for Control, pp. 159-178. Kluwer Academic Publishers, Norwell (2000)
14. CSO Magazine, US Secret Service, CERT, Microsoft: 2007 E-Crime Watch Survey (2007), http://www.sei.cmu.edu/about/press/releases/2007ecrime.html
15. Fonseca, J., Vieira, M., Madeira, H.: Online detection of malicious data access using dbms auditing. In: Proc. of the 2008 ACM Symposium on Applied Computing (SAC 2008), pp. 1013-1020 (2008)
16. Haas, P.J., Hellerstein, J.M.: Ripple joins for online aggregation. In: SIGMOD Conference, pp. 287-298 (1999)
17. Hu, Y., Panda, B.: Identification of malicious transactions in database systems. In: Proc. of the 7th International Database Engineering and Applications Symposium, pp. 329-335 (2003)
18. Kamra, A., Terzi, E., Bertino, E.: Detecting anomalous access patterns in relational databases. The VLDB Journal 17(5), 1063-1077 (2008)
19. Kenthapadi, K., Mishra, N., Nissim, K.: Simulatable auditing. In: Proc. of the ACM Symposium on Principles of Database Systems (PODS 2005), pp. 118-127 (2005)
20. Kruegel, C., Vigna, G.: Anomaly detection of web-based attacks. In: Proc. of the 10th ACM Conference on Computers and Communications Security (CCS 2003), pp. 251-261 (2003)
21. Lee, S.Y., Low, W.L., Wong, P.Y.: Learning fingerprints for a database intrusion detection system. In: Gollmann, D., Karjoth, G., Waidner, M. (eds.) ESORICS 2002. LNCS, vol. 2502, pp. 264-280. Springer, Heidelberg (2002)
22. Lee, V.C., Stankovic, J., Son, S.H.: Intrusion detection in real-time database systems via time signatures. In: Proc. of the Sixth IEEE Real Time Technology and Applications Symposium (RTAS 2000), p. 124 (2000)
23. Liu, P.: Architectures for intrusion tolerant database systems. In: Proc. of the 18th Annual Computer Security Applications Conference (ACSAC 2002), p. 311 (2002)
24. Maier, D., Ullman, J.D., Vardi, M.Y.: On the foundations of the universal relation model. ACM Trans. on Database Syst. 9(2), 283-308 (1984) (Pubitemid 14606342)
25. Olken, F., Rotem, D.: Simple random sampling from relational databases. In: VLDB, pp. 160-169 (1986)
26. Ramasubramanian, P., Kannan, A.: Intelligent multi-agent based database hybrid intrusion prevention system. In: Benczúr, A.A., Demetrovics, J., Gottlob, G. (eds.) ADBIS 2004. LNCS, vol. 3255, pp. 393-408. Springer, Heidelberg (2004) (Pubitemid 39748866)
27. Roichman, A., Gudes, E.: Diweda - detecting intrusions in web databases. In: Proc. of the 22nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security, pp. 313-329 (2008)
28. Sandhu, R., Ferraiolo, D., Kuhn, R.: The nist model for role based access control. In: Proc. of the 5th ACM Workshop on Role Based Access Control (2000)
29. Schneier, B.: Secrets and Lies: Digital Security in a Networked World. John Wiley and Sons, New York (2000)
30. Schonlau, M., DuMouchel, W., Ju, W., Karr, A., Theus, M., Vardi, Y.: Computer intrusion: Detecting masquerades. Statistical Science 16(1), 58-74 (2001)
31. Spalka, A., Lehnhardt, J.: A comprehensive approach to anomaly detection in relational databases. In: DBSec, pp. 207-221 (2005)
32. Srivastava, A., Sural, S., Majumdar, A.K.: Database intrusion detection using weighted sequence mining. Journal of Computers 1(4), 8-17 (2006)
33. Stonebraker, M.: Implementation of integrity constraints and views by query modification. In: SIGMOD Conference, pp. 65-78 (1975)
34. Valeur, F., Mutz, D., Vigna, G.: A learning-based approach to the detection of sql attacks. In: Julisch, K., Krügel, C. (eds.) DIMVA 2005. LNCS, vol. 3548, pp. 123-140. Springer, Heidelberg (2005) (Pubitemid 41423153)
35. Wenhui, S., Tan, D.: A novel intrusion detection system model for securing webbased database systems. In: Proc. of the 25th International Computer Software and Applications Conference on Invigorating Software Development (COMPSAC 2001), p. 249 (2001)
36. Yao, Q., An, A., Huang, X.: Finding and analyzing database user sessions. In: Proc. of Database Systems for Advanced Applications, pp. 283-308 (2005)