Abstract
Database management systems (DBMS), which are the ultimate layer in preventing malicious data access or corruption, implement several security mechanisms to protect data. However these mechanisms cannot always stop malicious users from accessing the data by exploiting system vulnerabilities. In fact, when a malicious user accesses the database there is no effective way to detect and stop the attack in due time. This practical experience report presents a tool that implements concurrent intrusion detection in DBMS. This tool analyses the transactions the users execute and compares them with the profile of the authorized transactions that were previously learned in order to detect potential deviations. The tool was evaluated using the transactions from a standard database benchmark (TPC-W) and a real database application. Results show that the proposed intrusion detection tool can effectively detect SQL-based attacks with no false positives and no overhead to the server.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Date, C.J., Darwen, H.: The SQL Standard, 3rd Edition, Addison-Wesley Publishing Company, pages 414, paperbound (1993), ISBN 0-201-55822-X
Conry-Murray, A.: The Threat From Within (2005), http://www.itarchitect.com/shared/article/showArticle.jhtml?articleId=166400792
Gordon, L.A., Loeb, M.P., Lucyshyn, W., Richardson, R.: Computer Security Institute. Computer crime and security survey (2005)
Schonlau, M., DuMouchel, W., Ju, W.-H., Karr, A.F., Theus, M., Vardi, Y.: Computer intrusion: Detecting masquerades. Statistical Science 16(1), 58–74 (2001)
Surf, M., Shulman, A.: How safe is it out there? Zeroing in on the vulnerabilities of application security, Imperva Application Defense Center Paper (2004)
Anton, A., Bertino, E., Li, N., Yu, T.: A roadmap for comprehensive online privacy policies. In: CERIAS Technical Report, 2004-47 (2004)
Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Hippocratic databases. Proceedings of the 28th international conference on Very Large Data Bases. Morgan-Kaufmann, San Francisco (2002)
Chung, C.Y., Gertz, M., Levitt, K.: DEMIDS: A Misuse Detection System for Database Systems. In: 3rd IFIP TC-11 WG11.5 Working Conference on Integrity and Internal Control in Information System, pp. 159–178. Kluwer Academic Publishers, Dordrecht (1999)
Bertino, E., Kamra, A., Terzi, E., Vakali, A.: Intrusion detection in RBAC-administered databases. In: 21st Annual Computer Security Applications Conference (2005)
Liu, P.: DAIS: A Real-time Data Attack Isolation System for Commercial Database Applications. In: Proc. of the 17th Annual Comp. Security Applications Conf. (2001)
Hu, Y., Panda, B.: Identification of malicious transactions in database systems. In: The International Database Engineering and Applications Symposium (2003)
Lee, S.Y., Low, W.L., Wong, P.Y.: Learning Fingerprints for a Database Intrusion Detection System. In: 7th European Symp. on Research in Computer Security (2002)
Vieira, M., Madeira, H.: Detection of malicious transactions in DBMS. In: The 11th IEEE Intl. Symposium Pacific Rim Dependable Computing, IEEE Computer Society Press, Los Alamitos (2005)
Fonseca, J., Vieira, M., Madeira, H.: Tool for Integrated Intrusion Detection in Databases (2007), available at: http://gbd.dei.uc.pt/downloads.php
Kimball, R. (ed.): The Data Warehouse Lifecycle Toolkit. Wiley & Sons, Inc., Chichester (1998)
Santiago, V., Amaral, A., Vijaykumar, N.L., Mattiello-Francisco, M., Martins, E., Lopes, O.: A Practical Approach for Automated Test Case Generation using Statecharts. In: 30th Annual International Computer Software and Applications Conference, 2006, Chicago (2006)
Tsai, W.T., Bai, X., Huang, B., Devaraj, G., Paul, R.: Automatic Test Case Generation for GUI Navigation. In: The Thirteenth International Software & Internet Quality Week (2000)
Oracle Corporation, Oracle® Database Concepts 10g Release 1 (10.1) (2003)
Transaction Processing Performance Council, TPC Benchmark W (Web Commerce) Specification, Revision 1.8 (2002), available at: http://www.tpc.org/tpcw
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Fonseca, J., Vieira, M., Madeira, H. (2007). Integrated Intrusion Detection in Databases. In: Bondavalli, A., Brasileiro, F., Rajsbaum, S. (eds) Dependable Computing. LADC 2007. Lecture Notes in Computer Science, vol 4746. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-75294-3_15
Download citation
DOI: https://doi.org/10.1007/978-3-540-75294-3_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-75293-6
Online ISBN: 978-3-540-75294-3
eBook Packages: Computer ScienceComputer Science (R0)