[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to main content

Automatic Identification of Critical Data Items in a Database to Mitigate the Effects of Malicious Insiders

  • Conference paper
Information Systems Security (ICISS 2009)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5905))

Included in the following conference series:

Abstract

A major concern for computer system security is the threat from malicious insiders who target and abuse critical data items in the system. In this paper, we propose a solution to enable automatic identification of critical data items in a database by way of data dependency relationships. This identification of critical data items is necessary because insider threats often target mission critical data in order to accomplish malicious tasks. Unfortunately, currently available systems fail to address this problem in a comprehensive manner. It is more difficult for non-experts to identify these critical data items because of their lack of familiarity and due to the fact that data systems are constantly changing. By identifying the critical data items automatically, security engineers will be better prepared to protect what is critical to the mission of the organization and also have the ability to focus their security efforts on these critical data items. We have developed an algorithm that scans the database logs and forms a directed graph showing which items influence a large number of other items and at what frequency this influence occurs. This graph is traversed to reveal the data items which have a large influence throughout the database system by using a novel metric based formula. These items are critical to the system because if they are maliciously altered or stolen, the malicious alterations will spread throughout the system, delaying recovery and causing a much more malignant effect. As these items have significant influence, they are deemed to be critical and worthy of extra security measures. Our proposal is not intended to replace existing intrusion detection systems, but rather is intended to complement current and future technologies. Our proposal has never been performed before, and our experimental results have shown that it is very effective in revealing critical data items automatically.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
£29.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
GBP 19.95
Price includes VAT (United Kingdom)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
GBP 35.99
Price includes VAT (United Kingdom)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
GBP 44.99
Price includes VAT (United Kingdom)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Ray, I., Poolsappasit, N.: Using Attack Trees to Identify Malicious Attacks from Authorized Insiders. In: di Vimercati, S.d.C., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 231–246. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  2. Hu, Y., Panda, B.: Identification of Malicious Transactions in Database Systems. In: 7th Intl. Database Engineering and App. Symposium (IDEAS 2003), p. 329 (2003)

    Google Scholar 

  3. Zuo, Y., Panda, B.: A Service Oriented System Based Information Flow Model for Damage Assessment. In: 6th IFIP WG 11.5 Working Conference on Integrity and Internal Control in Information Systems, Lausanne, Switzerland, November 13-14 (2003)

    Google Scholar 

  4. Cappelli, D., Moore, A., Shimeall, T., Trzeciak, R.: Common Sense Guide to Prevention and Detection of Insider Threats, Carnegie Mellon University (2008)

    Google Scholar 

  5. Insider Threat Integrated Process Team, Department of Defense (DoD-IPT), 2000. DoD Insider Threat Mitigation, U.S. Department of Defense (2000)

    Google Scholar 

  6. Anderson, R., Bozek, T., Logstaff, T., Meitzler, W., Skroch, M., Wyk, K.V.: Research on mitigating the insider threat to information sys., RAND Corporation Report CF-163 (2000)

    Google Scholar 

  7. Whitman, M.: Enemy at the Gate: Threats to Information Security. Communications of the ACM 46(8) (2003)

    Google Scholar 

  8. Abbadi, I., Alawneh, M.: Preventing Insider Information Leakage for Enterprises. In: Proceedings of the 2008 Second International Conference on Emerging Security Information, Systems and Technologies, pp. 99–106 (2008)

    Google Scholar 

  9. Anderson, R., Brackney, R.: Understanding the Insider Threat. In: Proceedings of a March 2004 Workshop, RAND National Defense Research Institute (2004)

    Google Scholar 

  10. Ha, D., Upadhyaya, S., Ngo, H., Pramanik, S., Chinchani, R., Mathew, S.: Insider Threat Analysis Using Information Centric Modeling. In: Craiger, P., Shenoi, S. (eds.) Advances in Digital Forensics III. Springer, Boston (2007)

    Google Scholar 

  11. Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.: Automated Generation and Analysis of Attack Graphs. In: Proc. IEEE Symposium on Sec. and Priv., Oakland (2002)

    Google Scholar 

  12. Cathey, R., Ma, L., Goharian, N., Grossman, D.: Misuse detection for information retrieval systems. In: CIKM 2003: Proceedings of the twelfth international conference on Information and knowledge management, New York, NY, USA, pp. 183–190 (2003)

    Google Scholar 

  13. White, J., Panda, B.: Implementing PII Honeytokens to Mitigate Against the Threat of Malicious Insiders. In: Proc. of the IEEE International Conference on Intelligence and Security Informatics (ISI 2009), Dallas, Texas, p. 233 (2009)

    Google Scholar 

  14. White, J., Panda, B., Yaseen, Q., Nguyen, K., Li, W.: Detecting Malicious Insider Threats using a Null Affinity Temporal Three Dimensional Matrix Relation. In: Proc. of the 7th Inl. Workshop on Security in Info. Sys (WOSIS 2009), Milan, pp. 93–102 (2009)

    Google Scholar 

  15. Meza, B., Burns, P., Eavenson, M., Palaniswami, D., Sheth, A.: An ontological approach to the document access problem of insider threat. In: Kantor, P., Muresan, G., Roberts, F., Zeng, D.D., Wang, F.-Y., Chen, H., Merkle, R.C. (eds.) ISI 2005. LNCS, vol. 3495, pp. 486–491. Springer, Heidelberg (2005)

    Google Scholar 

  16. Bradford, P., Brown, M., Perdue, J., Self, B.: Towards proactive computer-system forensics. In: Proceedings of ITCC, pp. 648–652 (2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

White, J., Panda, B. (2009). Automatic Identification of Critical Data Items in a Database to Mitigate the Effects of Malicious Insiders. In: Prakash, A., Sen Gupta, I. (eds) Information Systems Security. ICISS 2009. Lecture Notes in Computer Science, vol 5905. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-10772-6_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-10772-6_16

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-10771-9

  • Online ISBN: 978-3-642-10772-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics