Abstract
It is argued that anomaly-based techniques can be used to detect anomalous DBMS queries by insiders. An experiment is described whereby an n-gram model is used to capture normal query patterns in a log of SQL queries from a synthetic banking application system. Preliminary results demonstrate that n-grams do capture the short-term correlations inherent in the application.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
27 suspended for Clooney file peek, CNN report (2007). http://edition.cnn.com/2007/SHOWBIZ/10/10/clooney.records/index.html?eref=ew
Carr, J.: Breach of Britney Spears patient data reported, Sc magazine for IT security professionals (2008). http://www.scmagazine.com/breach-of-britney-spears-patient-data-reported/article/108141/
Insider Threat Report, Insider Threat Security Statistics, Vormetric (2015)
2015 Cost of Cyber Crime: Global, Ponemon Institute (2015)
Kemmerer, R.A., Vigna, G.: Intrusion detection: a brief history and overview. Computer 35(4), 27–30 (2002)
Forrest, S., Hofmeyr, S.A., Somayaji, A., Longstaff, T.A.: A sense of self for Unix processes. In: IEEE Symposium on Security and Privacy, Oakland, California, pp. 120–128, May 1996
Forrest, S., Hofmeyr, S., Somayaji, A.: The evolution of system-call monitoring. In: ACSAC 2008, Proceedings of the 2008 Annual Computer Security Applications Conference, pp. 418–430. IEEE Computer Society (2008)
Pieczul, O., Foley, S.N.: Discovering emergent norms in security logs. In: IEEE Conference on Communications and Network Security (CNS - SafeConfig), pp. 438–445 (2013)
Laszka, A., Abbas, W., Sastry, S.S., Vorobeychik, Y., Koutsoukos, X.: Optimal thresholds for intrusion detection systems. In: Proceedings of the Symposium and Bootcamp on the Science of Security (HotSos 2016), pp. 72–81. ACM, New York (2016)
Pieczul, O., Foley, S.: Runtime detection of zero-day vulnerability exploits in contemporary software systems. In: DBSec2016, Trento, 18–21 July 2016
Jamrozik, K., von Styp-Rekowsky, P., Zeller, A.: Mining sandboxes. Saarland University, Technical report (2015)
Low, W.L., Lee, S.Y., Teoh, P.: DIDAFIT: detecting intrusions in databases through fingerprinting transactions. In: 4th International Conference on Enterprise Information Systems (ICEIS) (2002)
Lee, S.Y., Low, W.L., Wong, P.Y.: Learning fingerprints for a database intrusion detection system. In: 7th European Symposium on Research in Computer Security, pp. 264–280 (2002)
Kul, G., Luong, D., **e, T., Coonan, P., Chandola, V., Kennedy, O., Upadhyaya, S.: Ettu: analyzing query intents in corporate databases. In: WWW2016 Workshop on Empirical Research Methods in Information Security (ERMIS 2016) (2016)
Hussain, S.R., Sallam, A.M., Bertino, E.: Detanom: detecting anomalous database transactions by insiders. In: Proceedings 5th ACM CODASPY, pp. 25–35. New York, NY, USA (2015)
Kosoresow, A.P., Hofmeyr, S.A.: Intrusion detection via system call traces. J. IEEE Softw. 14(5), 35–42 (1997)
Kamra, A., Terzi, E., Bertino, E.: Detecting anomalous access patterns in relational databases. J. Very Large Databases (VLDB) 17(5), 1063–1077 (2008)
Sallam, A., Bertino, E., Hussain, S.R., Landers, D.: DBSAFE - an anomaly detection system to protect databases from exfiltration attempts. IEEE Syst. J. PP(99), 1–11 (2015)
Hofmeyr, S., Forrest, S., Somayaji, A.: Intrusion detection using sequences of system calls. J. Comput. Secur. 6, 151–180 (1998)
Acknowledgments
This work was supported, in part, by Science Foundation Ireland under grant SFI/12/RC/2289.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Khan, M.I., Foley, S.N. (2017). Detecting Anomalous Behavior in DBMS Logs. In: Cuppens, F., Cuppens, N., Lanet, JL., Legay, A. (eds) Risks and Security of Internet and Systems. CRiSIS 2016. Lecture Notes in Computer Science(), vol 10158. Springer, Cham. https://doi.org/10.1007/978-3-319-54876-0_12
Download citation
DOI: https://doi.org/10.1007/978-3-319-54876-0_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-54875-3
Online ISBN: 978-3-319-54876-0
eBook Packages: Computer ScienceComputer Science (R0)