Timely detection of an insider attack is prevalent among challenges in database security. Research on anomaly-based database intrusion detection systems has received significant attention because of its potential to detect zero-day insider attacks. Such approaches differ mainly in their construction of normative behavior of (insider) role/user. In this paper, a different perspective on the construction of normative behavior is presented, whereby normative behavior is captured instead from the perspective of the DBMS itself. Using techniques from Statistical Process Control, a model of DBMS-oriented normal behavior is described that can be used to detect frequency based anomalies in database access. The approach is evaluated using a synthetic dataset and we also demonstrate this DBMS-oriented profile can be transformed into the more traditional role-oriented profiles.
CITATION STYLE
Khan, M. I., O’Sullivan, B., & Foley, S. N. (2018). A semantic approach to frequency based anomaly detection of insider access in database management systems. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 10694 LNCS, pp. 18–28). Springer Verlag. https://doi.org/10.1007/978-3-319-76687-4_2
Mendeley helps you to discover research relevant for your work.