Skip to main content
SpringerLink
Log in

Database Intrusion Detection Using Role Profiling with Role Hierarchy

  • Conference paper
Secure Data Management (SDM 2009)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 5776))

Included in the following conference series:

Abstract

Insider threats cause the majority of computer system security problems. An anomaly-based intrusion detection system (IDS), which can profile normal behaviors for all users and detect anomalies when a user’s behaviors deviate from his/her profiles, can be effective to protect computer systems against insider threats. Although many IDSes have been developed at the network or host level, there are still very few IDSes specifically tailored to database systems. We build our anomaly-based database IDS using two different profiling methods: one is to build profiles for each individual user (user profiling) and the other is to mine profiles for roles (role profiling) when role-based access control (RBAC) is supported by the database management system (DBMS). Detailed comparative evaluations between role profiling and user profiling are conducted, and we also analyze the reasons why role profiling is more effective and efficient than user profiling. Another contribution of our work is that we introduce role hierarchies into database IDS and remarkably reduce the false positive rate without increasing the false negative rate.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bertino, E., Kamra, A., Terzi, E., Vakali, A.: Intrusion detection in RBAC-administered databases. In: ACSAC, pp. 170–182. IEEE Computer Society, Los Alamitos (2005)

    Google Scholar 

  2. Bertino, E., Leggieri, T., Terzi, E.: Securing DBMS: Characterizing and detecting query floods. In: Zhang, K., Zheng, Y. (eds.) ISC 2004. LNCS, vol. 3225, pp. 195–206. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  3. Chung, C.Y., Gertz, M., Levitt, K.N.: DEMIDS: A misuse detection system for database systems. In: van Biene-Hershey, M.E., Strous, L. (eds.) IICIS, IFIP Conference Proceedings, vol. 165, pp. 159–178. Kluwer, Dordrecht (1999)

    Google Scholar 

  4. Fonseca, J., Vieira, M., Madeira, H.: Integrated intrusion detection in databases. In: Bondavalli, A., Brasileiro, F., Rajsbaum, S. (eds.) LADC 2007. LNCS, vol. 4746, pp. 198–211. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  5. Heady, R., Luger, G., Maccabe, A., Servilla, M.: The architecture of a network level intrusion detection system. Technical report, University of New Mexico, Department of Computer Science (August 1990)

    Google Scholar 

  6. American National Standards Institute. For information technology - role-based access control. ANSI INCITS 359 (January 2004)

    Google Scholar 

  7. Kamra, A., Terzi, E., Bertino, E.: Detecting anomalous access patterns in relational databases. VLDB Journal 17(5), 1063–1077 (2008)

    Article  Google Scholar 

  8. Lee, S.Y., Low, W.L., Wong, P.Y.: Learning fingerprints for a database intrusion detection system. In: Gollmann, D., Karjoth, G., Waidner, M. (eds.) ESORICS 2002. LNCS, vol. 2502, pp. 264–280. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  9. Lee, V.C.S., Stankovic, J.A., Son, S.H.: Intrusion detection in real-time database systems via time signatures. In: IEEE Real Time Technology and Applications Symposium, pp. 124–133 (2000)

    Google Scholar 

  10. Low, W.L., Lee, J., Teoh, P.: DIDAFIT: Detecting intrusions in databases through fingerprinting transactions. In: ICEIS, pp. 121–128 (2002)

    Google Scholar 

  11. Mitchell, T.: Machine Learning. McGraw-Hill, New York (1997)

    MATH  Google Scholar 

  12. Microsoft MSDN. AdventureWorks sample OLTP database, http://msdn.microsoft.com/en-us/library/ms124659.aspx (February 2009)

  13. Nyanchama, M., Osborn, S.L.: The role graph model. In: ACM Workshop on Role-Based Access Control (1995)

    Google Scholar 

  14. Osborn, S.L., Sandhu, R., Munawer, Q.: Configuring role-based access control to enforce mandatory and discretionary access control policies. ACM Transactions on Information and System Security 3(2), 85–106 (2000)

    Article  Google Scholar 

  15. Parker, D.B.: Crime by Computer, 1st edn. Charles Scribner’s Sons, New York (1976)

    Google Scholar 

  16. Valeur, F., Mutz, D., Vigna, G.: A learning-based approach to the detection of SQL attacks. In: Julisch, K., Krügel, C. (eds.) DIMVA 2005. LNCS, vol. 3548, pp. 123–140. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, The University of Western Ontario, Canada

    Garfield Zhiping Wu & Sylvia L. Osborn

  2. Microsoft Corporation, China

    Xin Jin

Authors
  1. Garfield Zhiping Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sylvia L. Osborn
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xin Jin
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, University of Twente, P.O. Box 217, 7500 AE, Enschede, The Netherlands

    Willem Jonker

  2. Philips Research Laboratories, Koninklijke Philips Electronics N.V., High Tech Ampus 34, 5656 AE, Eindhoven, The Netherlands

    Milan Petković

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Wu, G.Z., Osborn, S.L., Jin, X. (2009). Database Intrusion Detection Using Role Profiling with Role Hierarchy. In: Jonker, W., Petković, M. (eds) Secure Data Management. SDM 2009. Lecture Notes in Computer Science, vol 5776. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04219-5_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-04219-5_3

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-04218-8

  • Online ISBN: 978-3-642-04219-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation