Online detection of malicious data access using DBMS auditing

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Online detection of malicious data access using DBMS auditing

Full text

Pdf (197 KB)

Source

Symposium on Applied Computing archive
Proceedings of the 2008 ACM symposium on Applied computing table of contents

Fortaleza, Ceara, Brazil

SESSION: Database theory, technology, and applications table of contents

Pages 1013-1020

Year of Publication: 2008

ISBN:978-1-59593-753-7

Authors

José Fonseca	University of Coimbra, Coimbra - Portugal
Marco Vieira	University of Coimbra, Coimbra - Portugal
Henrique Madeira	University of Coimbra, Coimbra - Portugal

Sponsor

SIGAPP: ACM Special Interest Group on Applied Computing

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 51, Downloads (12 Months): 143, Citation Count: 0

Additional Information:

abstract references index terms collaborative colleagues

Tools and Actions:	Review this Article Save this Article to a Binder Display Formats: BibTex EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1363686.1363921 What is a DOI?

ABSTRACT

This paper proposes a mechanism that allows concurrent detection of malicious data access through the online analysis of the Database Management Systems (DBMS) audit trail. The proposed mechanism uses a directed graph representing the profile of valid transactions to detect illegal accesses to data, which are seen as unauthorized sequences of Structured Query Language (SQL) commands. The paper proposes a generic algorithm that learns the graph representing the profile of the transactions executed by the users. This mechanism can be used to protect traditional database applications from data attacks as well as web based applications from SQL injection types of attacks. The proposed mechanism is generic and can be used in most commercial DBMS, adding concurrent detection of malicious data access to classical database security mechanisms. The paper presents a practical example of the implementation of the proposed mechanism using Oracle 10g. The Transaction Processing Performance Council benchmark C (TPC-C) and a real database installation were used to assess the detection mechanism and learning algorithm.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Rakesh Agrawal , Jerry Kiernan , Ramakrishnan Srikant , Yirong Xu, Hippocratic databases, Proceedings of the 28th international conference on Very Large Data Bases, p.143-154, August 20-23, 2002, Hong Kong, China
	2	A. Anton, E.Bertino, N.Li, and T.Yu, "A roadmap for comprehensive online privacy policies", In CERIAS Technical Report, 2004-47, 2004.
	3	Elisa Bertino , Ashish Kamra , Evimaria Terzi , Athena Vakali, Intrusion Detection in RBAC-administered Databases, Proceedings of the 21st Annual Computer Security Applications Conference, p.170-182, December 05-09, 2005 [doi>10.1109/CSAC.2005.33]
	4	Christina Yip Chung , Michael Gertz , Karl Levitt, DEMIDS: a misuse detection system for database systems, Integrity and internal control information systems: strategic views on the need for control, Kluwer Academic Publishers, Norwell, MA, 2000
	5	Lawrence A. Gordon, Martin P. Loeb, William Lucyshyn and Robert Richardson, Computer Security Institute. Computer crime and security survey, 2006.
	6	Y. Hu and B. Panda, "Identification of malicious transactions in database systems", International Database Engineering and Applications Symposium (IDEAS), 2003.
	7	Sin Yeung Lee , Wai Lup Low , Pei Yuen Wong, Learning Fingerprints for a Database Intrusion Detection System, Proceedings of the 7th European Symposium on Research in Computer Security, p.264-280, October 14-16, 2002
	8	P. Liu, DAIS: A Real-Time Data Attack Isolation System for Commercial Database Applications, Proceedings of the 17th Annual Computer Security Applications Conference, p.219, December 10-14, 2001
	9	Roy A. Maxion , Tahlia N. Townsend, Masquerade Detection Using Truncated Command Lines, Proceedings of the 2002 International Conference on Dependable Systems and Networks, p.219-228, June 23-26, 2002
	10	Roy A. Maxion , Tahlia N. Townsend, Masquerade Detection Using Truncated Command Lines, Proceedings of the 2002 International Conference on Dependable Systems and Networks, p.219-228, June 23-26, 2002
	11	Andrew Conry-Murray, "The Threat From Within", http://www.itarchitect.com/shared/article/showArticl e.jhtml?articleId=166400792, 2005
	12	Oracle Corporation, "Oracle® Database Concepts 10g Release 1 (10.1)", 2003.
	13	Pen Test Limited, "Oracle security white paper series exploiting and protecting oracle", 2001.
	14	Raghu Ramakrishnan , Johannes Gehrke, Database Management Systems, McGraw-Hill Science/Engineering/Math, 2002
	15	Matthias Schonlau , Martin Theus, Detecting masquerades in intrusion detection based on unpopular commands, Information Processing Letters, v.76 n.1-2, p.33-38, Nov. 2000 [doi>10.1016/S0020-0190(00)00122-8 ]
	16	M. Schonlau, W. DuMouchel, W.-H. Ju, A. F. Karr, M. Theus, and Y. Vardi, "Computer intrusion: Detecting masquerades", Statistical Science, 16(1):58--74, February 2001.
	17	Transaction Processing Performance Council, "TPC Benchmark C, Standard Specification, Version 5.4", 2005, available at: http://www.tpc.org/tpcc/.
	18	Marco Vieira , Henrique Madeira, Detection of Malicious Transactions in DBMS, Proceedings of the 11th Pacific Rim International Symposium on Dependable Computing, p.350-357, December 12-14, 2005 [doi>10.1109/PRDC.2005.31]
	19	Noel Yuhanna, "Comprehensive Database Security Requires Native DBMS Features and Third-Party Tools", Market overview, Forrester Research Inc., May 2005