Abstract
Insider threats cause the majority of computer system security problems. An anomaly-based intrusion detection system (IDS), which can profile normal behaviors for all users and detect anomalies when a user’s behaviors deviate from his/her profiles, can be effective to protect computer systems against insider threats. Although many IDSes have been developed at the network or host level, there are still very few IDSes specifically tailored to database systems. We build our anomaly-based database IDS using two different profiling methods: one is to build profiles for each individual user (user profiling) and the other is to mine profiles for roles (role profiling) when role-based access control (RBAC) is supported by the database management system (DBMS). Detailed comparative evaluations between role profiling and user profiling are conducted, and we also analyze the reasons why role profiling is more effective and efficient than user profiling. Another contribution of our work is that we introduce role hierarchies into database IDS and remarkably reduce the false positive rate without increasing the false negative rate.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bertino, E., Kamra, A., Terzi, E., Vakali, A.: Intrusion detection in RBAC-administered databases. In: ACSAC, pp. 170–182. IEEE Computer Society, Los Alamitos (2005)
Bertino, E., Leggieri, T., Terzi, E.: Securing DBMS: Characterizing and detecting query floods. In: Zhang, K., Zheng, Y. (eds.) ISC 2004. LNCS, vol. 3225, pp. 195–206. Springer, Heidelberg (2004)
Chung, C.Y., Gertz, M., Levitt, K.N.: DEMIDS: A misuse detection system for database systems. In: van Biene-Hershey, M.E., Strous, L. (eds.) IICIS, IFIP Conference Proceedings, vol. 165, pp. 159–178. Kluwer, Dordrecht (1999)
Fonseca, J., Vieira, M., Madeira, H.: Integrated intrusion detection in databases. In: Bondavalli, A., Brasileiro, F., Rajsbaum, S. (eds.) LADC 2007. LNCS, vol. 4746, pp. 198–211. Springer, Heidelberg (2007)
Heady, R., Luger, G., Maccabe, A., Servilla, M.: The architecture of a network level intrusion detection system. Technical report, University of New Mexico, Department of Computer Science (August 1990)
American National Standards Institute. For information technology - role-based access control. ANSI INCITS 359 (January 2004)
Kamra, A., Terzi, E., Bertino, E.: Detecting anomalous access patterns in relational databases. VLDB Journal 17(5), 1063–1077 (2008)
Lee, S.Y., Low, W.L., Wong, P.Y.: Learning fingerprints for a database intrusion detection system. In: Gollmann, D., Karjoth, G., Waidner, M. (eds.) ESORICS 2002. LNCS, vol. 2502, pp. 264–280. Springer, Heidelberg (2002)
Lee, V.C.S., Stankovic, J.A., Son, S.H.: Intrusion detection in real-time database systems via time signatures. In: IEEE Real Time Technology and Applications Symposium, pp. 124–133 (2000)
Low, W.L., Lee, J., Teoh, P.: DIDAFIT: Detecting intrusions in databases through fingerprinting transactions. In: ICEIS, pp. 121–128 (2002)
Mitchell, T.: Machine Learning. McGraw-Hill, New York (1997)
Microsoft MSDN. AdventureWorks sample OLTP database, http://msdn.microsoft.com/en-us/library/ms124659.aspx (February 2009)
Nyanchama, M., Osborn, S.L.: The role graph model. In: ACM Workshop on Role-Based Access Control (1995)
Osborn, S.L., Sandhu, R., Munawer, Q.: Configuring role-based access control to enforce mandatory and discretionary access control policies. ACM Transactions on Information and System Security 3(2), 85–106 (2000)
Parker, D.B.: Crime by Computer, 1st edn. Charles Scribner’s Sons, New York (1976)
Valeur, F., Mutz, D., Vigna, G.: A learning-based approach to the detection of SQL attacks. In: Julisch, K., Krügel, C. (eds.) DIMVA 2005. LNCS, vol. 3548, pp. 123–140. Springer, Heidelberg (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Wu, G.Z., Osborn, S.L., Jin, X. (2009). Database Intrusion Detection Using Role Profiling with Role Hierarchy. In: Jonker, W., Petković, M. (eds) Secure Data Management. SDM 2009. Lecture Notes in Computer Science, vol 5776. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04219-5_3
Download citation
DOI: https://doi.org/10.1007/978-3-642-04219-5_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-04218-8
Online ISBN: 978-3-642-04219-5
eBook Packages: Computer ScienceComputer Science (R0)