Sciweavers

Share
RAID
2010
Springer

A Data-Centric Approach to Insider Attack Detection in Database Systems

8 years 9 months ago
A Data-Centric Approach to Insider Attack Detection in Database Systems
The insider threat against database management systems is a dangerous security problem. Authorized users may abuse legitimate privileges to masquerade as other users or to maliciously harvest data. We propose a new direction to address this problem. We model users’ access patterns by profiling the data points that users access, in contrast to analyzing the query expressions in prior approaches. Our data-centric approach is based on the key observation that query syntax alone is a poor discriminator of user intent, which is much better rendered by what is accessed. We present a feature-extraction method to model users’ access patterns. Statistical learning algorithms are trained and tested using data from a real Graduate Admission database. Experimental results indicate that the technique is very effective, accurate, and is promising in complementing existing database security solutions. Practical performance issues are also addressed.
Sunu Mathew, Michalis Petropoulos, Hung Q. Ngo, Sh
Added 30 Jan 2011
Updated 30 Jan 2011
Type Journal
Year 2010
Where RAID
Authors Sunu Mathew, Michalis Petropoulos, Hung Q. Ngo, Shambhu J. Upadhyaya
Comments (0)
books