An anomaly based approach for intrusion detection by authorized users in database systems

Abstract

This paper is an attempt to introduce a new approach on increasing the security of database systems. Securing databases involves external as well as internal misuse detection and prevention. SQL injection handling and access control mechanism prevents misuse through unauthorized access to the database. This allows only those users to access database contents who are meant to use it. However, if there is an intentional or unintentional misuse by some authorized user, then it becomes very difficult to identify and prevent that misuse then and there only. Such misuse scenarios can be detected later by auditing the transaction log. Therefore the need for a robust query intrusion detection model for database system arises. The model proposed in this paper detects such types of misuses by authorized users and classifies them as legitimate or anomalous by analyzing the nature of queries they fire and tuning itself based on the responses to the alarms raised. © 2010 Springer-Verlag Berlin Heidelberg.