Intrusion Detection in RBAC-administered Databases

Elisa Bertino
Purdue University

Ashish Kamra
Purdue University

Evimaria Terzi
University of Helsinki

Athena Vakali
Aristotle University

A considerable effort has been recently devoted to the
development of Database Management Systems (DBMS)s which guarantee
high assurance security. An important component of any strong
security solution is represented by intrusion detection
techniques, able to detect anomalous behavior by applications and
users. To date, however, there have been very few ID techniques
specifically tailored to database systems. In this paper, we
propose such a technique. The approach we propose to ID is based
on mining database traces stored in log files. The result of the
mining process is used to form user profiles that can model normal
behavior and identify intruders. An additional feature of our
approach is that we couple our mechanism with Role Based Access
Control (RBAC). Under an RBAC system permissions are associated
with roles, usually grouping several users, rather than with
single users. Our ID system is able to determine role intruders,
that is, individuals that while holding a specific role, have a
behavior different from the normal behavior of the role. An
important advantage of providing an ID technique specifically
tailored to databases is that it can also be used to protect
against insider threats. Furthermore, the use of roles makes our
approach usable even for databases with large user population. Our
preliminary experimental evaluation on both real and synthetic
database traces show that our methods work well in practical

Keywords: RBAC Databases, Intrusion detection, Naive Bayes Classifier

Read Paper Read Paper (in PDF)