Skip to main content
Springer Nature Link
Log in

Architecture for Data Collection in Database Intrusion Detection Systems

  • Conference paper
Secure Data Management (SDM 2007)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 4721))

Included in the following conference series:

  • 676 Accesses

Abstract

A database intrusion detection system (IDS) is a new database security mechanism to guard data, the most valuable assets of an organization. To provide the intrusion detection module with relevant audit data for further analysis, an effective data collection method is essential. Currently, very little work has been done on the data acquisition mechanisms tailored to the needs of database IDSs. Most researchers use the native database auditing functionality, which excludes privileged users such as database administrators (DBAs) from being monitored. In this paper, we present a new approach to data collection for database IDSs by situating data collecting sensors on the database server and having the data transmitted to the audit server on a physically different site for further processing. This approach can guarantee that behavior of both average users and privileged users are monitored for signs of intrusion.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Low, W.L., Lee, J., Teoh, P.: DIDAFIT: Detecting intrusions in databases through fingerprinting transactions. In: ICEIS, pp. 121–128 (2002)

    Google Scholar 

  2. Rietta, F.S.: Application layer intrusion detection for SQL injection. In: Menezes, R. (ed.) ACM Southeast Regional Conference, pp. 531–536. ACM Press, New York (2006)

    Google Scholar 

  3. Ramasubramanian, P., Kannan, A.: Intelligent multi-agent based database hybrid intrusion prevention system. In: Benczúr, A.A., Demetrovics, J., Gottlob, G. (eds.) ADBIS 2004. LNCS, vol. 3255, pp. 393–408. Springer, Heidelberg (2004)

    Google Scholar 

  4. Ramasubramanian, P., Kannan, A.: A genetic-algorithm based neural network short-term forecasting framework for database intrusion prediction system. Soft Comput. 10(8), 699–714 (2006)

    Article  Google Scholar 

  5. Chung, C.Y., Gertz, M., Levitt, K.N.: DEMIDS: A misuse detection system for database systems. In: IICIS, pp. 159–178 (1999)

    Google Scholar 

  6. Lee, S.Y., Low, W.L., Wong, Y.: Learning fingerprints for a database intrusion detection system. In: Gollmann, D., Karjoth, G., Waidner, M. (eds.) ESORICS 2002. LNCS, vol. 2502, Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  7. Lee, V., Stankovic, J., Son, S.: Intrusion detection in real-time database systems via time signatures. In: Proceedings of the Sixth IEEE Real-Time Technology and Applications Symposium (RTAS 2000), Washington - Brussels - Tokyo, pp. 124–133. IEEE, Los Alamitos (2000)

    Chapter  Google Scholar 

  8. Hu, Y., Panda, B.: Identification of malicious transactions in database systems. In: IDEAS, pp. 329–335. IEEE Computer Society Press, Los Alamitos (2003)

    Google Scholar 

  9. Hu, Y., Panda, B.: A data mining approach for database intrusion detection. In: Haddad, H., Omicini, A., Wainwright, R.L., Liebrock, L.M. (eds.) SAC, pp. 711–716. ACM Press, New York (2004)

    Google Scholar 

  10. Mattsson, U.T.: A real-time intrusion prevention system for commercial enterprise databases. In: Ascenso, J., Belo, C., Vasiu, L., Saramago, M., Coelhas, H. (eds.) ICETE, pp. 275–280. INSTICC Press (2004)

    Google Scholar 

  11. Valeur, F., Mutz, D., Vigna, G.: A learning-based approach to the detection of SQL attacks. In: Julisch, K., Krügel, C. (eds.) DIMVA 2005. LNCS, vol. 3548, pp. 123–140. Springer, Heidelberg (2005)

    Google Scholar 

  12. Bertino, E., Kamra, A., Terzi, E., Vakali, A.: Intrusion detection in RBAC-administered databases. In: ACSAC, pp. 170–182. IEEE Computer Society Press, Los Alamitos (2005)

    Google Scholar 

  13. Spalka, A., Lehnhardt, J.: A comprehensive approach to anomaly detection in relational databases. In: Jajodia, S., Wijesekera, D. (eds.) Data and Applications Security XIX. LNCS, vol. 3654, pp. 207–221. Springer, Heidelberg (2005)

    Google Scholar 

  14. Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Hippocratic databases. In: VLDB, pp. 143–154. Morgan Kaufmann, San Francisco (2002)

    Google Scholar 

  15. Ryutov, T., Neuman, B.C., Kim, D., Zhou, L.: Integrated access control and intrusion detection for web servers. In: 23th International Conference on Distributed Computing Systems (23th ICDCS’2003). Providence, RI, pages 394-. IEEE Computer Society Press, Los Alamitos (2003)

    Google Scholar 

  16. Spitzner, L.: Honeypots: Catching the insider threat. In: ACSAC, pp. 170–181. IEEE Computer Society Press, Los Alamitos (2003)

    Google Scholar 

  17. Magklaras, G., Furnell, S.: Insider threat prediction tool: Evaluating the probability of IT misuse. Computers & Security 21(1), 62–73 (2002)

    Article  Google Scholar 

  18. Heady, R., Luger, G., Maccabe, A., Servilla, M.: The architecture of a network level intrusion detection system. Technical report, University of New Mexico, Department of Computer Science (August 1990)

    Google Scholar 

  19. Ajith, S.P.: Intrusion detection systems using decision trees and support vector machines, URL: citeseer.ist.psu.edu/741190.html

  20. Welz, M.G., Hutchison, A.: Interfacing trusted applications with intrusion detection systems. In: RAID 2000: Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection, pp. 37–53. Springer, London (2001)

    Google Scholar 

  21. Almgren, M., Lindqvist, U.: Application-integrated data collection for security monitoring. In: RAID 2000: Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection, pp. 22–36. Springer, London, UK (2001)

    Google Scholar 

  22. Zamboni, D.: Data collection mechanisms for intrusion detection systems. Technical report(05 March, 2000)

    Google Scholar 

  23. Nyanchama, M., Osborn, S.: The role graph model and conflict of interest. ACM Transactions on Information and System Security 2(1), 3–33 (1999)

    Article  Google Scholar 

  24. Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Computer 20(2), 38–47 (1996)

    Google Scholar 

  25. Modrakovic, M.: Reading and storing data directly from Oracle SGA using ProC*/C code (2004), URL: http://www.petefinnigan.com/Storing_Data_Directly_From_Oracle_SGA.pdf

  26. Mattsson, U.: A practical implementation of a real-time intrusion prevention system for commercial enterprise databases. In: WSEAS, Copacabana, Rio de Janeiro, Brazil (2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Dept. of Computer Science, The University of Western Ontario, London, Ontario, Canada

    Xin Jin & Sylvia L. Osborn

Authors
  1. Xin Jin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sylvia L. Osborn
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Willem Jonker Milan Petković

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Jin, X., Osborn, S.L. (2007). Architecture for Data Collection in Database Intrusion Detection Systems. In: Jonker, W., Petković, M. (eds) Secure Data Management. SDM 2007. Lecture Notes in Computer Science, vol 4721. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-75248-6_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-75248-6_7

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-75247-9

  • Online ISBN: 978-3-540-75248-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics