More Web Proxy on the site http://driver.im/

column

Approaches and Challenges in Database Intrusion Detection

Authors:

Ricardo Jorge Santos,

Jorge Bernardino,

Marco VieiraAuthors Info & Claims

ACM SIGMOD Record, Volume 43, Issue 3

Pages 36 - 47

https://doi.org/10.1145/2694428.2694435

Published: 04 December 2014 Publication History

Abstract

Databases often support enterprise business and store its secrets. This means that securing them from data damage and information leakage is critical. In order to deal with intrusions against database systems, Database Intrusion Detection Systems (DIDS) are frequently used. This paper presents a survey on the main database intrusion detection techniques currently available and discusses the issues concerning their application at the database server layer. The identified weak spots show that most DIDS inadequately deal with many characteristics of specific database systems, such as ad hoc workloads and alert management issues in data warehousing environments, for example. Based on this analysis, research challenges are presented, and requirements and guidelines for the design of new or improved DIDS are proposed. The main finding is that the development and benchmarking of specifically tailored DIDS for the context in which they operate is a relevant issue, and remains a challenge. We trust this work provides a strong incentive to open the discussion between both the security and database research communities.

References

[1]

Bertino, E., Kamra, A., Terzi, E. and A. Vakali. "Intrusion Detection in RBAC-Administered Databases", Annual Computer Security Applications Conference (ACSAC), 2005.

Digital Library

[2]

Bockermann, C., Apel, M. and M. Meier, "Learning SQL for Database Intrusion Detection using Context-Sensitive Modeling", International Conference on Knowledge Discovery and Machine Learning (KDML), 2009.

[3]

Chakraborty, A., Majumdar, A. K. and S. Sural, "A Column Dependency-Based Approach for Static and Dynamic Recovery of Databases from Malicious Transactions", International Journal of Information Security (9), 2010.

Digital Library

[4]

Chung, C. Y., Gertz, M. and K. Levitt, "DEMIDS: A Misuse Detection System for Database Systems", IFIP TC11 WG11.5 Conf. on Integrity and Internal Control in Information Systems, Kluwer Academic Publishers, 1999.

[5]

DARPA archive, Task Description of the KDD99 Benchmark, available at http://www.kdd.ics.uci.edu/databases/kddcup99/task.html.

[6]

Debar, H., and A. Wespi, "Aggregation and Correlation of Intrusion-Detection Alerts", Recent Advances in Intrusion Detection (RAID), 2001.

Digital Library

[7]

Dia, J., and H. Miao, "D_DIPS: An Intrusion Prevention System for Database Security", Int. Conference on Information and Communications Security (ICICS), 2005.

Digital Library

[8]

Douligeris, C. and A. Mitrokotsa, "DDoS Attacks and Defense Mechanisms: Classification and State-of-the-Art", Int. Journal of Computer Networks (IJCN), Elsevier B. V., 44, 2004.

Digital Library

[9]

Fonseca, J., Vieira, M. and H. Madeira, "Online Detection of Malicious Data Access using DBMS Auditing". ACM Int. Symposium on Applied Computing (SAC), 2008.

Digital Library

[10]

Hu, Y. and B. Panda, "A Data Mining Approach for Database Intrusion Detection". ACM Intern. Symposium on Applied Computing (SAC), 2004.

Digital Library

[11]

Kamra, A., Terzi, E. and E. Bertino, "Detecting Anomalous Access Patterns in Relational Databases". Springer VLDB Journal, 17, 2008.

Digital Library

[12]

Kamra, A. and E. Bertino, "Design and Implementation of an Intrusion Response System for Relational Databases", IEEE Transactions on Knowledge and Data Engineering (TKDE), Vol. 23, No. 6, June 2011.

Digital Library

[13]

Kimball, R. and M. Ross, The Data Warehouse Toolkit, 3rd Ed. Wiley & Sons, Inc., 2013.

[14]

Kindy, D. A. and A. K. Pathan, "A Detailed Survey on Various Aspects of SQL Injection: Vulnerabilities, Innovative Attacks and Remedies", Int. Journal of Communication Networks and Information Security (IJCNIS), Vol. 5, No. 2, August 2013.

[15]

Kundu, A., Sural, S. and A. K. Majumdar, "Database Intrusion Detection Using Sequence Alignment". International Journal of Information Security (9), 2010.

Digital Library

[16]

Lee, S. Y., Low, W. L. and P. Y. Wong, "Learning Fingerprints for a Database Intrusion Detection System". Euro Symposium on Research in Computer Security (ESORICS), 2002.

Digital Library

[17]

Lee, W. and D. Xiang, "Information-Theoretic Measures for Anomaly Detection", IEEE Symposium on Security and Privacy, 2001.

Digital Library

[18]

Lee, V. C. S., Stankovic, J. A. and S. H. Son, "Intrusion Detection in Real-time Database Systems via Time Signatures". Real-time Technology and App. Symposium (RTAS), 2000.

Digital Library

[19]

Mathew, S., Petropoulos, M., Ngo, H. Q. and S. Upadhyaya, "A Data-Centric Approach to Insider Attack Detection in Database Systems". International Conference on Recent Advances in Intrusion Detection (RAID), 2010.

Digital Library

[20]

Motwani, R., Nabar, S. U. and D. Thomas, "Auditing SQL Queries", Int. Conf. on Data Engineering (ICDE), 2008.

Digital Library

[21]

Newman, A. C., "Intrusion Detection and Security Auditing in Oracle". Application Security Inc. White Paper, 2011.

[22]

Ning, P., Cui, Y. and D. S. Reeves, "Analyzing Intensive Intrusion Alerts via Correlation", Recent Advances in Int. Detection (RAID), 2002.

Digital Library

[23]

Pei, J., Upadhyaya, S. J., Farooq, F. and V. Govindaraju, "Data Mining for Intrusion Detection: Techniques, Applications and Systems", Int. Conf. on Data Engineering (ICDE), 2004.

Digital Library

[24]

Pham-Gia, T. and T. L. Hung, "The Mean and Median Absolute Deviations", International Journal on Mathematical and Computer Modelling", Vol. 34, Issues 7-8, October 2001.

Digital Library

[25]

Pietraszek, T., "Using Adaptive Alert Classification to Reduce False Positives in Intrusion Detection". Int. Conf. on Recent Advances in Intrusion Detection (RAID), 2004.

[26]

Pietraszek, T. and A. Tanner, "Data Mining and Machine Learning -- Towards Reducing False Positives in Intrusion Detection". Inf. Security Technical Report, 10(3), 2005.

Digital Library

[27]

Spalka, A. and J. Lehnhardt, "A Comprehensive Approach to Anomaly Detection in Relational Databases". IFIP Int. Conf. Data and Applications Security and Privacy (DBSec), 2005.

Digital Library

[28]

Srivastava, A., Sural, S. and A. K. Majumdar, "Database Intrusion Detection using Weighted Sequence Mining". Journal of Computers, Vol. I, No. 4, 2006.

[29]

Srivastava, A., Sural, S. and A. K. Majumdar, "Weighted Intra-Transactional Rule Mining for Database Intrusion Detection". Int. Pacific-Asia Conference on Knowledge Discovery in Databases (PAKDD), 2006.

Digital Library

[30]

Treinen, J. and R. Thurimella, "A Framework for the Application of Association Rule Mining in Large Intrusion Detection Infrastructures", International Conference on Recent Advances in Intrusion Detection (RAID), 2006.

Digital Library

[31]

Valdes, A. and K. Skinner, "Probabilistic Alert Correlation". International Conference on Recent Advances in Intrusion Detection (RAID), 2001.

Digital Library

[32]

Yu, Z., Tsai, J. P. and T. Weigert, "An Automatically Tuning Intrusion Detection System". IEEE Transactions on Systems, Man, and Cybernetics, Vol. 37, No. 2, 2007.

Digital Library

[33]

Zhong, Y. and X. Qin, "Database Intrusion Detection Based on User Query Frequent Itemsets Mining with Item Constraints", Information Security Conf. (InfoSecu), 2004.

Digital Library

Cited By

Wang YDong GBai JDeng STang DLiu S(2024)A Method for Modeling Normal User Behavior Based on Security Risk Audit Elements2024 IEEE 16th International Conference on Advanced Infocomm Technology (ICAIT)10.1109/ICAIT62580.2024.10807894(238-243)Online publication date: 16-Aug-2024
https://doi.org/10.1109/ICAIT62580.2024.10807894
Morzy TZakrzewicz M(2024)A Study on Database Intrusion Detection Based on Query Execution PlansBig Data Analytics and Knowledge Discovery10.1007/978-3-031-68323-7_30(353-358)Online publication date: 26-Aug-2024
https://dl.acm.org/doi/10.1007/978-3-031-68323-7_30
Guan HChen ZSong S(2023)CORE-Sketch: On Exact Computation of Median Absolute Deviation with Limited SpaceProceedings of the VLDB Endowment10.14778/3611479.361149116:11(2832-2844)Online publication date: 24-Aug-2023
https://dl.acm.org/doi/10.14778/3611479.3611491
Show More Cited By

Recommendations

Syntax vs. semantics: competing approaches to dynamic network intrusion detection

Malicious network traffic, including widespread worm activity, is a growing threat to internet-connected networks and hosts. In this paper, we consider both syntax and semantics based approaches for dynamic network intrusion detection. The semantics-...
Network intrusion detection

Intrusion detection is a new, retrofit approach for providing a sense of security in existing computers and data networks, while allowing them to operate in their current "open" mode. The goal of intrusion detection is to identify unauthorized use, ...
A Survey on Intrusion Detection and Prevention Systems
Abstract
In the digital world, malicious activities that violate the confidentiality, integrity, or availability of data and devices are known as intrusions. An intrusion detection system (IDS) analyses the activities of a single system or a network to ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM SIGMOD Record

ACM SIGMOD Record Volume 43, Issue 3

September 2014

70 pages

ISSN:0163-5808

DOI:10.1145/2694428

Editors:
Yanlei Diao
University of Massachusetts Amherst
,
Pablo Barceló
Universidad de Chile
,
Vanessa Braganholo
Universidade Federal Fluminense
,
Marco Brambilla
Politecnico di Milano
,
Chee Yong Chan
National University of Singapore
,
Rada Chirkova
North Carolina State University
,
Anish Das Sarma
Google Research
,
Alkis Simitsis
HP Labs
,
Nesime Tatbul
ETH Zurich
,
Marianne Winslett
University of Illinois

Issue’s Table of Contents

Copyright © 2014 Authors.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 04 December 2014

Published in SIGMOD Volume 43, Issue 3

Check for updates

Qualifiers

Column

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

17
Total Citations
View Citations
432
Total Downloads

Downloads (Last 12 months)15
Downloads (Last 6 weeks)1

Reflects downloads up to 25 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Wang YDong GBai JDeng STang DLiu S(2024)A Method for Modeling Normal User Behavior Based on Security Risk Audit Elements2024 IEEE 16th International Conference on Advanced Infocomm Technology (ICAIT)10.1109/ICAIT62580.2024.10807894(238-243)Online publication date: 16-Aug-2024
https://doi.org/10.1109/ICAIT62580.2024.10807894
Morzy TZakrzewicz M(2024)A Study on Database Intrusion Detection Based on Query Execution PlansBig Data Analytics and Knowledge Discovery10.1007/978-3-031-68323-7_30(353-358)Online publication date: 26-Aug-2024
https://dl.acm.org/doi/10.1007/978-3-031-68323-7_30
Guan HChen ZSong S(2023)CORE-Sketch: On Exact Computation of Median Absolute Deviation with Limited SpaceProceedings of the VLDB Endowment10.14778/3611479.361149116:11(2832-2844)Online publication date: 24-Aug-2023
https://dl.acm.org/doi/10.14778/3611479.3611491
Rani SKumar S(2023)A Comprehensive Analysis of Intrusion Detection Datasets: Evaluation, Challenges, and Insights2023 Seventh International Conference on Image Information Processing (ICIIP)10.1109/ICIIP61524.2023.10537654(547-551)Online publication date: 22-Nov-2023
https://doi.org/10.1109/ICIIP61524.2023.10537654
Cong ZChu LYang YPei J(2021)Comprehensible counterfactual explanation on Kolmogorov-Smirnov testProceedings of the VLDB Endowment10.14778/3461535.346154614:9(1583-1596)Online publication date: 22-Oct-2021
https://dl.acm.org/doi/10.14778/3461535.3461546
Ozkan-Okay MSamet RAslan OGupta D(2021)A Comprehensive Systematic Literature Review on Intrusion Detection SystemsIEEE Access10.1109/ACCESS.2021.31293369(157727-157760)Online publication date: 2021
https://doi.org/10.1109/ACCESS.2021.3129336
Arora AGosain A(2021)Intrusion detection system for data warehouse with second level authenticationInternational Journal of Information Technology10.1007/s41870-021-00659-1Online publication date: 17-Apr-2021
https://doi.org/10.1007/s41870-021-00659-1
Dmitry DElena PAnna CTatiana ZElena P(2020)Approaches to Anomaly Detection in Web Application Intrusion Detection Systems2020 Ural Symposium on Biomedical Engineering, Radioelectronics and Information Technology (USBEREIT)10.1109/USBEREIT48449.2020.9117745(532-535)Online publication date: May-2020
https://doi.org/10.1109/USBEREIT48449.2020.9117745
Said WMostafa A(2020)Towards a Hybrid Immune Algorithm Based on Danger Theory for Database SecurityIEEE Access10.1109/ACCESS.2020.30153998(145332-145362)Online publication date: 2020
https://doi.org/10.1109/ACCESS.2020.3015399
Keyvanpour MBarani Shirzad MMehmandoost S(2020)CID: a novel clustering-based database intrusion detection algorithmJournal of Ambient Intelligence and Humanized Computing10.1007/s12652-020-02231-4Online publication date: 26-Jun-2020
https://doi.org/10.1007/s12652-020-02231-4
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Issue’s Table of Contents