Abstract
Techniques for detection of anomalies in accesses to database systems have been widely investigated. Existing techniques operate in two main phases. The first phase is a training phase during which profiles of the database subjects are created based on historical data representing past users’ actions. New actions are then checked with these profiles to detect deviations from the expected normal behavior. Such deviations are considered indicators of possible attacks and may thus require further analyses. The existing techniques have considered different categories of features to describe users’ actions and followed different methodologies and algorithms to build access profiles and track users’ behaviors. In this chapter, we review the prominent techniques and systems for anomaly detection in database systems. We discuss the attacks they help detect as well as their limitations and possible extensions. We also give directions on potential future research.
Cite
CITATION STYLE
Sallam, A., & Bertino, E. (2019). Techniques and Systems for Anomaly Detection in Database Systems. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 11550 LNCS, pp. 113–133). Springer Verlag. https://doi.org/10.1007/978-3-030-17277-0_7
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
