Skip to main content
SpringerLink
Log in

Detecting Anomalous Behavior in DBMS Logs

  • Conference paper
  • First Online:
Risks and Security of Internet and Systems (CRiSIS 2016)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 10158))

Included in the following conference series:

Abstract

It is argued that anomaly-based techniques can be used to detect anomalous DBMS queries by insiders. An experiment is described whereby an n-gram model is used to capture normal query patterns in a log of SQL queries from a synthetic banking application system. Preliminary results demonstrate that n-grams do capture the short-term correlations inherent in the application.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. 27 suspended for Clooney file peek, CNN report (2007). http://edition.cnn.com/2007/SHOWBIZ/10/10/clooney.records/index.html?eref=ew

  2. Carr, J.: Breach of Britney Spears patient data reported, Sc magazine for IT security professionals (2008). http://www.scmagazine.com/breach-of-britney-spears-patient-data-reported/article/108141/

  3. Insider Threat Report, Insider Threat Security Statistics, Vormetric (2015)

    Google Scholar 

  4. 2015 Cost of Cyber Crime: Global, Ponemon Institute (2015)

    Google Scholar 

  5. Kemmerer, R.A., Vigna, G.: Intrusion detection: a brief history and overview. Computer 35(4), 27–30 (2002)

    Article  Google Scholar 

  6. Forrest, S., Hofmeyr, S.A., Somayaji, A., Longstaff, T.A.: A sense of self for Unix processes. In: IEEE Symposium on Security and Privacy, Oakland, California, pp. 120–128, May 1996

    Google Scholar 

  7. Forrest, S., Hofmeyr, S., Somayaji, A.: The evolution of system-call monitoring. In: ACSAC 2008, Proceedings of the 2008 Annual Computer Security Applications Conference, pp. 418–430. IEEE Computer Society (2008)

    Google Scholar 

  8. Pieczul, O., Foley, S.N.: Discovering emergent norms in security logs. In: IEEE Conference on Communications and Network Security (CNS - SafeConfig), pp. 438–445 (2013)

    Google Scholar 

  9. Laszka, A., Abbas, W., Sastry, S.S., Vorobeychik, Y., Koutsoukos, X.: Optimal thresholds for intrusion detection systems. In: Proceedings of the Symposium and Bootcamp on the Science of Security (HotSos 2016), pp. 72–81. ACM, New York (2016)

    Google Scholar 

  10. Pieczul, O., Foley, S.: Runtime detection of zero-day vulnerability exploits in contemporary software systems. In: DBSec2016, Trento, 18–21 July 2016

    Google Scholar 

  11. Jamrozik, K., von Styp-Rekowsky, P., Zeller, A.: Mining sandboxes. Saarland University, Technical report (2015)

    Google Scholar 

  12. Low, W.L., Lee, S.Y., Teoh, P.: DIDAFIT: detecting intrusions in databases through fingerprinting transactions. In: 4th International Conference on Enterprise Information Systems (ICEIS) (2002)

    Google Scholar 

  13. Lee, S.Y., Low, W.L., Wong, P.Y.: Learning fingerprints for a database intrusion detection system. In: 7th European Symposium on Research in Computer Security, pp. 264–280 (2002)

    Google Scholar 

  14. Kul, G., Luong, D., Xie, T., Coonan, P., Chandola, V., Kennedy, O., Upadhyaya, S.: Ettu: analyzing query intents in corporate databases. In: WWW2016 Workshop on Empirical Research Methods in Information Security (ERMIS 2016) (2016)

    Google Scholar 

  15. Hussain, S.R., Sallam, A.M., Bertino, E.: Detanom: detecting anomalous database transactions by insiders. In: Proceedings 5th ACM CODASPY, pp. 25–35. New York, NY, USA (2015)

    Google Scholar 

  16. Kosoresow, A.P., Hofmeyr, S.A.: Intrusion detection via system call traces. J. IEEE Softw. 14(5), 35–42 (1997)

    Article  Google Scholar 

  17. Kamra, A., Terzi, E., Bertino, E.: Detecting anomalous access patterns in relational databases. J. Very Large Databases (VLDB) 17(5), 1063–1077 (2008)

    Article  Google Scholar 

  18. Sallam, A., Bertino, E., Hussain, S.R., Landers, D.: DBSAFE - an anomaly detection system to protect databases from exfiltration attempts. IEEE Syst. J. PP(99), 1–11 (2015)

    Article  Google Scholar 

  19. Hofmeyr, S., Forrest, S., Somayaji, A.: Intrusion detection using sequences of system calls. J. Comput. Secur. 6, 151–180 (1998)

    Article  Google Scholar 

Download references

Acknowledgments

This work was supported, in part, by Science Foundation Ireland under grant SFI/12/RC/2289.

Author information

Authors and Affiliations

  1. Insight Centre for Data Analytics, Department of Computer Science, University College Cork, Cork, Ireland

    Muhammad Imran Khan & Simon N. Foley

Authors
  1. Muhammad Imran Khan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Simon N. Foley
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Muhammad Imran Khan .

Editor information

Editors and Affiliations

  1. Telecom Bretagne , Cesson Sevigne CX, France

    Frédéric Cuppens

  2. Telecom Bretagne , Brest Cedex 3, France

    Nora Cuppens

  3. Inria , Rennes Cedex, France

    Jean-Louis Lanet

  4. Inria , Rennes Cedex, France

    Axel Legay

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Khan, M.I., Foley, S.N. (2017). Detecting Anomalous Behavior in DBMS Logs. In: Cuppens, F., Cuppens, N., Lanet, JL., Legay, A. (eds) Risks and Security of Internet and Systems. CRiSIS 2016. Lecture Notes in Computer Science(), vol 10158. Springer, Cham. https://doi.org/10.1007/978-3-319-54876-0_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-54876-0_12

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-54875-3

  • Online ISBN: 978-3-319-54876-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation