Read Paper (in PDF)
Elisa Bertino
Purdue University
USA
Ashish Kamra
Purdue University
USA
Evimaria Terzi
University of Helsinki
Finland
Athena Vakali
Aristotle University
Greece
A considerable effort has been recently devoted to the
development of Database Management Systems (DBMS)s which guarantee
high assurance security. An important component of any strong
security solution is represented by intrusion detection
techniques, able to detect anomalous behavior by applications and
users. To date, however, there have been very few ID techniques
specifically tailored to database systems. In this paper, we
propose such a technique. The approach we propose to ID is based
on mining database traces stored in log files. The result of the
mining process is used to form user profiles that can model normal
behavior and identify intruders. An additional feature of our
approach is that we couple our mechanism with Role Based Access
Control (RBAC). Under an RBAC system permissions are associated
with roles, usually grouping several users, rather than with
single users. Our ID system is able to determine role intruders,
that is, individuals that while holding a specific role, have a
behavior different from the normal behavior of the role. An
important advantage of providing an ID technique specifically
tailored to databases is that it can also be used to protect
against insider threats. Furthermore, the use of roles makes our
approach usable even for databases with large user population. Our
preliminary experimental evaluation on both real and synthetic
database traces show that our methods work well in practical
situations.
Keywords: RBAC Databases, Intrusion detection, Naive Bayes Classifier