[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
10.5555/646649.699488guideproceedingsArticle/Chapter ViewAbstractPublication PagesConference Proceedingsacm-pubtype
Article

Learning Fingerprints for a Database Intrusion Detection System

Published: 14 October 2002 Publication History

Abstract

There is a growing security concern on the increasing number of databases that are accessible through the Internet. Such databases may contain sensitive information like credit card numbers and personal medical histories. Many e-service providers are reported to be leaking customers' information through their websites. The hackers exploited poorly coded programs that interface with backend databases using SQL injection techniques. We developed an architectural framework, DIDAFIT (Detecting Intrusions in DAtabases through FIngerprinting Transactions) [1], that can efficiently detect illegitimate database accesses. The system works by matching SQL statements against a known set of legitimate database transaction fingerprints. In this paper, we explore the various issues that arise in the collation, representation and summarization of this potentially huge set of legitimate transaction fingerprints. We describe an algorithm that summarizes the raw transactional SQL queries into compact regular expressions. This representation can be used to match against incoming database transactions efficiently. A set of heuristics is used during the summarization process to ensure that the level of false negatives remains low. This algorithm also takes into consideration incomplete logs and heuristically identifies "high risk" transactions.

References

[1]
Low, W. L., Lee, S. Y., Teoh, P.: DIDAFIT: Detecting Intrusions in Databases Through Fingerprinting Transactions. In: Proceedings of the 4th International Conference on Enterprise Information Systems (ICEIS). (2002).
[2]
Atanasov, M.: The truth about internet fraud. In: Ziff Davis Smart Business, Available at URL http://techupdate.zdnet.com/techupdate/stories/main/ 0,14179,2688776-11,00.html (2001).
[3]
Hatcher, T.: Survey: Costs of computer security breaches soar. In: CNN.com, Available at URL http://www.cnn.com/2001/TECH/internet/03/12/csi.fbi.hacking.report/ (2001).
[4]
Poulsen, K.: Guesswork PlaguesWeb Hole Reporting. In: SecurityFocus, Available at URL http://online.securityfocus.com/news/346 (2002).
[5]
Internet Security Systems: RealSecure Intrusion Detection Solution, Available at URL http://www.iss.net (2001).
[6]
NFR Security: NFR network intrusion detection, Available at URL http://www.nfr.com/products/NID/ (2001).
[7]
Enterasys Networks, Inc.: The Dragon IDS, Available at URL http://www.enterasys.com/ids/dragonids.html (2001).
[8]
Cisco Systems, Inc.: Cisco Intrusion Detection, Available at URL http://www.cisco.com/warp/public/cc/pd/sqsw/sqidsz/ (2001).
[9]
Symantec Corporation: Enterprise Solutions, Available at URL http://enterprisesecurity.symantec.com/ (2001).
[10]
Roesch, M.: Snort: Lighweight intrusion detection for networks. In: Proceedings of the 13th Conference on Systems Administration (LISA-99), USENIX Association (1999) 229-238.
[11]
Andrews, C.: SQL injection FAQ, Available at URL http://www.sqlsecurity.com (2001).
[12]
Anley, C.: Advanced SQL Injection In SQL Server Applications, Next Generation Security Software Ltd, Available at URL http://www.nextgenss.com/papers/ advanced_sql_injection.pdf (2002).
[13]
Anley, C.: (more) Advanced SQL Injection, Next Generation Security Software Ltd, Available at URL http://www.nextgenss.com/papers/ more_advanced_sql_injection.pdf (2002).
[14]
Oracle: Oracle, 2001, Available at URL http://www.oracle.com (2001).
[15]
Chung, C.Y., Gertz, M., Levitt, K.: Misuse detection in database systems through user profiling. In: Web Proceedings of the 2nd International Workshop on the Recent Advances in Intrusion Detection (RAID). (1999).
[16]
Quinlan, J. R.: Induction of decision trees. In Shavlik, J.W., Dietterich, T.G., eds.: Readings in Machine Learning. Morgan Kaufmann (1990) Originally published in Machine Learning 1:81-106, 1986.
[17]
Hovy, E., Lin, C.Y.: Automated Text Summarization in SUMMARIST. In: Proceedings of ACL/EACL Workshop on Intelligent Scalable Text Summarization. (1997) Madrid, Spain.
[18]
Boguraev, B., Bellamy, R.: Dynamic Presentation of Phrasally-Based Document Abstractions. In: Proceedings of Thirty-second Annual Hawaii International Conference on System Sciences (HICSS). (1998).

Cited By

View all
  • (2019)Computing the Identification Capability of SQL Queries for Privacy ComparisonProceedings of the ACM International Workshop on Security and Privacy Analytics10.1145/3309182.3309188(47-52)Online publication date: 13-Mar-2019
  • (2017)ACIDRainProceedings of the 2017 ACM International Conference on Management of Data10.1145/3035918.3064037(5-20)Online publication date: 9-May-2017
  • (2016)PANDDEProceedings of the Sixth ACM Conference on Data and Application Security and Privacy10.1145/2857705.2857710(267-276)Online publication date: 9-Mar-2016
  • Show More Cited By

Recommendations

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Guide Proceedings
ESORICS '02: Proceedings of the 7th European Symposium on Research in Computer Security
October 2002
284 pages

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 14 October 2002

Qualifiers

  • Article

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)0
  • Downloads (Last 6 weeks)0
Reflects downloads up to 25 Dec 2024

Other Metrics

Citations

Cited By

View all
  • (2019)Computing the Identification Capability of SQL Queries for Privacy ComparisonProceedings of the ACM International Workshop on Security and Privacy Analytics10.1145/3309182.3309188(47-52)Online publication date: 13-Mar-2019
  • (2017)ACIDRainProceedings of the 2017 ACM International Conference on Management of Data10.1145/3035918.3064037(5-20)Online publication date: 9-May-2017
  • (2016)PANDDEProceedings of the Sixth ACM Conference on Data and Application Security and Privacy10.1145/2857705.2857710(267-276)Online publication date: 9-Mar-2016
  • (2016)Anomalous query access detection in RBAC-administered databases with random forest and PCAInformation Sciences: an International Journal10.1016/j.ins.2016.06.038369:C(238-250)Online publication date: 10-Nov-2016
  • (2015)DetAnomProceedings of the 5th ACM Conference on Data and Application Security and Privacy10.1145/2699026.2699111(25-35)Online publication date: 2-Mar-2015
  • (2015)Mining SQL Queries to Detect Anomalous Database Access using Random Forest and PCAProceedings of the 28th International Conference on Current Approaches in Applied Artificial Intelligence - Volume 910110.1007/978-3-319-19066-2_15(151-160)Online publication date: 10-Jun-2015
  • (2014)Approaches and Challenges in Database Intrusion DetectionACM SIGMOD Record10.1145/2694428.269443543:3(36-47)Online publication date: 4-Dec-2014
  • (2014)Intrusion DetectionProceedings of the 42nd annual ACM SIGUCCS conference on User services10.1145/2661172.2661186(69-73)Online publication date: 2-Nov-2014
  • (2013)PostgreSQL anomalous query detectorProceedings of the 16th International Conference on Extending Database Technology10.1145/2452376.2452469(741-744)Online publication date: 18-Mar-2013
  • (2012)SENTINELProceedings of the second ACM conference on Data and Application Security and Privacy10.1145/2133601.2133605(25-36)Online publication date: 7-Feb-2012
  • Show More Cited By

View Options

View options

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media