Abstract
Data Warehouses (DWs) are used for producing business knowledge and aiding decision support. Since they store the secrets of the business, securing their data is critical. To accomplish this, several Database Intrusion Detection Systems (DIDS) have been proposed. However, when using DIDS in DWs, most solutions produce either too many false-positives (i.e., false alarms) that must be verified or too many false-negatives (i.e., true intrusions that pass undetected). Moreover, many approaches detect intrusions a posteriori which, given the sensitivity of DW data, may result in irreparable cost. To the best of our knowledge, no DIDS specifically tailored for DWs has been proposed. This paper examines intrusion detection from a data warehousing perspective and the reasons why traditional database security methods are not sufficient to avoid intrusions. We define the specific requirements for a DW DIDS and propose a conceptual approach for a real-time DIDS for DWs at the SQL command level that works transparently as an extension of the Database Management System (DBMS) between the user applications and the database server itself. A preliminary experimental evaluation using the TPC-H decision support benchmark is included to demonstrate the DIDS’ efficiency.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Bockermann C, Apel M, Meier M (2009) Learning sql for database intrusion detection using context-sensitive modelling. In: Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 196–205). Springer Berlin Heidelberg
Fonseca J, Vieira M, Madeira H (2008, March). Online detection of malicious data access using DBMS auditing. In: Proceedings of the 2008 ACM symposium on Applied computing (pp. 1013–1020). ACM
Hu Y, Panda B (2004, March). A data mining approach for database intrusion detection. In: Proceedings of the 2004 ACM symposium on Applied computing (pp. 711–716). ACM
Jin X, Osborn SL (2007) Architecture for data collection in database intrusion detection systems. In: Secure data management (pp. 96–107). Springer Berlin Heidelberg
Kamra A, Terzi E, Bertino E (2008) Detecting anomalous access patterns in relational databases. Springer VLDB J 17(5):1063–1077
Kimball R, Ross M (2002) The data warehouse toolkit, 2nd edn. Wiley, New York
Kundu A, Sural S, Majumdar AK (2010) Database intrusion detection using sequence alignment. Int J Inform Secur (9), 2010
Lee SY, Low WL, Wong PY (2002) Learning fingerprints for a database intrusion detection system. In: Computer Security—ESORICS 2002 (pp. 264–279). Springer Berlin Heidelberg
Lee VC, Stankovic JA, Son SH (2000) Intrusion detection in real-time database systems via time signatures. In: Real-Time Technology and Applications Symposium, 2000. RTAS 2000. Proceedings. Sixth IEEE (pp. 124–133). IEEE
Mathew S, Petropoulos M, Ngo HQ, Upadhyaya S (2010, January). A data-centric approach to insider attack detection in database systems. In: Recent Advances in Intrusion Detection (pp. 382–401). Springer Berlin Heidelberg
Newman AC (2011) Intrusion detection and security auditing in Oracle. Application Security Inc. White paper
Pietraszek T (2004, January). Using adaptive alert classification to reduce false positives in intrusion detection. In Recent Advances in Intrusion Detection (pp. 102–124). Springer Berlin Heidelberg
Pietraszek T, Tanner A (2005) Data mining and machine learning – towards reducing false positives in intrusion detection. Inform Secur Tech Rep 10(3):169–183
Rao UP, Sahani GJ, Patel DR (2010) Clustering based machine learning approach for detecting intrusions in RBAC enabled databases. IJCNS 2(6)
Spalka A, Lehnhardt J (2005) A comprehensive approach to anomaly detection in relational databases. In: Data and Applications Security XIX (pp. 207–221). Springer Berlin Heidelberg
Srivastava A, Sural S, Majumdar AK (2006) Database intrusion detection using weighted sequence mining. J Computer 1(4)
Transaction Processing Council. Decision support benchmark TPC-H, www.tpc.org/tpch
Treinen JJ, Thurimella R (2006, January). A framework for the application of association rule mining in large intrusion detection infrastructures. In: Recent Advances in Intrusion Detection (pp. 1–18). Springer Berlin Heidelberg
Yu Z, Tsai JP, Weigert T (2007) An automatically tuning intrusion detection system. IEEE T Syst Man Cy 37(2)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer Science+Business Media, LLC
About this paper
Cite this paper
Santos, R.J., Bernardino, J., Vieira, M. (2013). DBMS Application Layer Intrusion Detection for Data Warehouses. In: Linger, H., Fisher, J., Barnden, A., Barry, C., Lang, M., Schneider, C. (eds) Building Sustainable Information Systems. Springer, Boston, MA. https://doi.org/10.1007/978-1-4614-7540-8_38
Download citation
DOI: https://doi.org/10.1007/978-1-4614-7540-8_38
Published:
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4614-7539-2
Online ISBN: 978-1-4614-7540-8
eBook Packages: Computer ScienceComputer Science (R0)