Anomalous Database Transaction Detection

Slides:

Advertisements

Similar presentations

Loss-Sensitive Decision Rules for Intrusion Detection and Response Linda Zhao Statistics Department University of Pennsylvania Joint work with I. Lee,

Advertisements

MySQL Access Privilege System

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.

2009 Architecture Plan Overview 2009 Architecture Plan Overview.

Database Management System

Polymorphic blending attacks Prahlad Fogla et al USENIX 2006 Presented By Himanshu Pagey.

Advanced Database Systems September 2013 Dr. Fatemeh Ahmadi-Abkenari 1.

Data Mining and Intrusion Detection

Database Seminar Spring Supervisor: Dr. Michalis Petropoulos Presented by: Sergey Chernokozinskiy.

Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.

Ken Paiboon User Behavior Intelligence Fundamentals: Behaviors, Characteristics, and Facts Ken Paiboon

DARPA Challenges for Anomaly Detection of Program Exploits Anup K. Ghosh, Ph.D. DARPA/ATO JHU Workshop on Intrusion Detection Johns Hopkins University.

Intrusion Detection for Grid and Cloud Computing Author Kleber Vieira, Alexandre Schulter, Carlos Becker Westphall, and Carla Merkle Westphall Federal.

PHP Programming with MySQL Slide 8-1 CHAPTER 8 Working with Databases and MySQL.

Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 5 “Database and Cloud Security”.

1 11/3/05CS360 Windows Programming Databases and Data Representation.

Chapter 7 Working with Databases and MySQL PHP Programming with MySQL 2 nd Edition.

Programming using C# Joins SQL Injection Stored Procedures

Copyright © 2013 Curt Hill Database Security An Overview with some SQL.

A Data-Centric Approach to Insider Attack Detection in Database Systems Sunu Mathew Joint Work with: Michalis Petropoulos, Hung Q. Ngo, Shambhu Upadhyaya.

SQL Basics. What is SQL? SQL stands for Structured Query Language. SQL lets you access and manipulate databases.

SQL Basic. What is SQL? SQL (pronounced "ess-que-el") stands for Structured Query Language. SQL is used to communicate with a database.

Fine Grained Authorization Through Predicated Grants Surajit Chaudhuri, Tanmoy Dutta, S. Sudarshan (ICDE 2007) Presented By: Ahmad Abusalah

Topics Related to Attribute Values Objectives of the Lecture : To consider sorting relations by attribute values. To consider Triggers and their use for.

SQL/Lesson 7/Slide 1 of 32 Implementing Indexes Objectives In this lesson, you will learn to: * Create a clustered index * Create a nonclustered index.

7 Strategies for Extracting, Transforming, and Loading.

Role Of Network IDS in Network Perimeter Defense.

Aggregator Stage : Definition : Aggregator classifies data rows from a single input link into groups and calculates totals or other aggregate functions.

Some Great Open Source Intrusion Detection Systems (IDSs)

Ken Paiboon User Behavior Intelligence Fundamentals: Behaviors, Characteristics, and Facts Ken Paiboon

SQL Database Management

Introduction to Mongo DB(NO SQL data Base)

Database and Cloud Security

Introduction To DBMS.

Cloud App Security vs. O365 Advanced Security Management

ITEC 224 Database Programming

Visual Basic 2010 How to Program

An Introduction to database system

Database Security and Authorization

Intrusion Control.

Antonio Abalos Castillo

Database Performance Tuning and Query Optimization

Writing Correlated Subqueries

Database Queries.

Chapter 8 Working with Databases and MySQL

Database Vs. Data Warehouse

A New Phishing Detection Approach

A survey of network anomaly detection techniques

Advanced SQL: Views & Triggers

Database Management Systems

Lecture 2 - SQL Injection

Intrusion Detection Systems

Using Subqueries to Solve Queries

Instructor 彭智勇武汉大学软件工程国家重点实验室电话:

Oracle9i Developer: PL/SQL Programming Chapter 8 Database Triggers.

Using CASE Value expression

Using SQL*Plus.

Information Management

Chapter 11 Database Performance Tuning and Query Optimization

So What are Views and Triggers anyway?

Structured Query Language Path from Unorganized to Organized….

Query Processing.

Unit J: Creating a Database

Assertions and Triggers

David Gilmore & Richard Blevins Senior Consultants April 17th, 2012

Security in Computing, Fifth Edition

Presentation transcript:

Anomalous Database Transaction Detection By Harshith Reddy Sarabudla

Anomaly detection approaches Command-centric – focus on attack syntax Mostly capture attack queries that have similar columns but process or display different row contents from those of normal queries Data-centric – focus on semantics Mostly capture attack queries that are similar in both columns and resulting datasets

Limitations SELECT Name, Salary FROM Employee WHERE ID = 102 AND Dept_id = 3; Conversely, suppose we rewrite the above query as follows SELECT Name, Salary FROM Employee WHERE ID = 102 AND Dept_id = 3 AND Name IS NOT NULL; Both queries are syntactically different but produces the same result. However, the second syntax is likely to be flagged as anomalous and ends up be a false positive.

Importance of problem: Abundance of false alerts (most of them being false positive) makes it difficult for the security analyst to identify successful attacks and to take remedial actions.

Challenging aspects We propose a solution for detecting anomalous transactions in the database more efficiently while Focusing on reducing the number of false positives Reducing the detection time window Handling detection for newly added attributes

Proposed solution Training Phase: Features that represent the syntax of the queries are extracted for legitimate transactions taken collected from DBMS audit logs. Features: SQL operations, attributes, user role, number of commands and command execution time Signatures are created for all legitimate transactions Detection Phase: Stage 1 – Syntax based detection Compare Incoming transaction signature with collected signatures Stage 2 – Data usage-based detection Attributes are grouped according to their frequency of usage for each user role and compared Stage 3 - Data sensitivity-based detection Compare the amount of sensitive information the transaction returns

Future work Anomaly detection algorithms may be modified according to the workload or data size of the database Measure the impact of alerts for admin to prioritize them in taking action