Intrusion Detection and Containment in Database Systems Abhijit Bhosale M.Tech (IT) School of Information Technology, IIT Kharagpur.

Slides:



Advertisements
Similar presentations
Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.
Advertisements

1 Integrity Ioan Despi Transactions: transaction concept, transaction state implementation of atomicity and durability concurrent executions serializability,
1 Intrusion Monitoring of Malicious Routing Behavior Poornima Balasubramanyam Karl Levitt Computer Security Laboratory Department of Computer Science UCDavis.
Data Mining and Intrusion Detection
Database Seminar Spring Supervisor: Dr. Michalis Petropoulos Presented by: Sergey Chernokozinskiy.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
ICS (072)Database Recovery1 Database Recovery Concepts and Techniques Dr. Muhammad Shafique.
Data Mining As A Continuous Auditing Tool for “Soft Information”: A Research Question A Research Proposal By J. Donald Warren, Jr. Rutgers University Fifth.
Learning Classifier Systems to Intrusion Detection Monu Bambroo 12/01/03.
Security in Databases. 2 Srini & Nandita (CSE2500)DB Security Outline review of databases reliability & integrity protection of sensitive data protection.
Copyright 2002, Center for Secure Information Systems 1 Panel: Role of Data Mining in Cyber Threat Analysis Professor Sushil Jajodia Center for Secure.
Intrusion detection Anomaly detection models: compare a user’s normal behavior statistically to parameters of the current session, in order to find significant.
Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.
Security in Databases. 2 Outline review of databases reliability & integrity protection of sensitive data protection against inference multi-level security.
Assessing the Effect of Deceptive Data in the Web of Trust Yi Hu, Brajendra Panda, and Yanjun Zuo Computer Science and Computer Engineering Department.
seminar on Intrusion detection system
Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,
Department Of Computer Engineering
Intrusion Detection System Marmagna Desai [ 520 Presentation]
Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.
Intrusion and Anomaly Detection in Network Traffic Streams: Checking and Machine Learning Approaches ONR MURI area: High Confidence Real-Time Misuse and.
Data Mining for Intrusion Detection: A Critical Review Klaus Julisch From: Applications of data Mining in Computer Security (Eds. D. Barabara and S. Jajodia)
SEC835 Database and Web application security Information Security Architecture.
Intrusion Detection Jie Lin. Outline Introduction A Frame for Intrusion Detection System Intrusion Detection Techniques Ideas for Improving Intrusion.
Intrusion Detection for Grid and Cloud Computing Author Kleber Vieira, Alexandre Schulter, Carlos Becker Westphall, and Carla Merkle Westphall Federal.
DIDAR – Database Intrusion Detection with Automated Recovery Asankhaya Sharma Govindarajan S Srivatsan V Prof. DVLN Somayajulu.
Information Systems Security Computer System Life Cycle Security.
1 Engineering a Distributed Intrusion Tolerant Database System Using COTS Components Peng Liu University of Maryland Baltimore County Feb 2001.
Improving Intrusion Detection System Taminee Shinasharkey CS689 11/2/00.
Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.
Signature Based and Anomaly Based Network Intrusion Detection
INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION.
1 Engineering a Distributed Intrusion Tolerant Database System Using COTS Components Peng Liu University of Maryland Baltimore County July 2000.
Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Clay Brockman ITK 478 Fall Why intrusion detection? Comparing two types: Monitoring Database Application Behavior Using Time Signatures.
Operating system Security By Murtaza K. Madraswala.
Intrusion Control. CSCE Farkas2 Readings Lecture Notes Pfleeger: Chapter 7.5.
Detecting Targeted Attacks Using Shadow Honeypots Authors: K.G. Anagnostakis, S. Sidiroglou, P. Akritidis, K. Xinidis, E. Markatos, A.D. Keromytis Published:
INTRUDERS BY VISHAKHA RAUT TE COMP OUTLINE INTRODUCTION TYPES OF INTRUDERS INTRUDER BEHAVIOR PATTERNS INTRUSION TECHNIQUES QUESTIONS ON INTRUDERS.
Name:Neha Madgaonkar Roll no:  What are intruders?  Types  Behavior  Techniques.
CSCE 824 Secure and Distributed Database Management Systems FarkasCSCE 8241.
1 COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED. Cognitive Security: Security Analytics and Autonomics for Virtualized Networks Lalita Jagadeesan.
DETECTING TARGETED ATTACKS USING SHADOW HONEYPOTS AUTHORS: K. G. Anagnostakisy, S. Sidiroglouz, P. Akritidis, K. Xinidis, E. Markatos, A. D. Keromytisz.
1 A Network Security Monitor Paper By: Heberlein et. al. Presentation By: Eric Hawkins.
Search Engine using Web Mining COMS E Web Enhanced Information Mgmt Prof. Gail Kaiser Presented By: Rupal Shah (UNI: rrs2146)
Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.
1 Intrusion Detection “Intrusion detection is the process of identifying and responding to malicious activity targeted at computing and networking resources.”
Transactions.
Intrusion Detection System
CS526: Information Security Chris Clifton November 25, 2003 Intrusion Detection.
CSCE 824 Secure (and Distributed) Database Management Systems FarkasCSCE
10 Transaction Management and Concurrency Control MIS 304 Winter 2005.
An Energy-Efficient Approach for Real-Time Tracking of Moving Objects in Multi-Level Sensor Networks Vincent S. Tseng, Eric H. C. Lu, & Kawuu W. Lin Institute.
1. ABSTRACT Information access through Internet provides intruders various ways of attacking a computer system. Establishment of a safe and strong network.
Some Great Open Source Intrusion Detection Systems (IDSs)
Threat Modeling for Cloud Computing
Access control techniques
Intrusion Control.
Transaction Management and Concurrency Control
Database Management System
Outline Introduction Characteristics of intrusion detection systems
Operating system Security
Evaluating a Real-time Anomaly-based IDS
Flavio Toffalini, Ivan Homoliak, Athul Harilal,
Intrusion Detection Systems
Data Warehousing Data Mining Privacy
Outline Introduction Background Distributed DBMS Architecture
Presentation transcript:

Intrusion Detection and Containment in Database Systems Abhijit Bhosale M.Tech (IT) School of Information Technology, IIT Kharagpur

1 Nov 2004 Intrusion Detection and Containment in Database Systems2 Topics Intrusion and Intrusion Detection Intrusion Detection in Database Systems Data Mining Approach Intrusion Detection in Real-time Database Systems Misuse Detection System for Database Systems Recovery from Malicious Transactions Malicious Activity Recovery Transaction (MART) Repair using Transaction Dependency Graph

1 Nov 2004 Intrusion Detection and Containment in Database Systems3 Intrusion Intrusion: The act of wrongfully entering upon, seizing, or taking possession of the property of another Types of Attacks Outsider : Can be defended using physical protection and strong network security mechanisms. Insider : Usually Harder to defend

1 Nov 2004 Intrusion Detection and Containment in Database Systems4 Intrusion Detection Detection Techniques Misuse Detection Detect know patterns of intrusions Anomaly Detection Suspect the anomalous behaviors

1 Nov 2004 Intrusion Detection and Containment in Database Systems5 Intrusion Detection in Databases Under threat by insider attacks Intruders get access to database by employing SQL Injection to poorly coded web-based applications or by stealing password of legitimate user Very few existing misuse detection systems have concepts of misuse detection in database systems

1 Nov 2004 Intrusion Detection and Containment in Database Systems6 Data Mining Approach Proposed by Yi Hu and Brajendra Panda Uses data dependencies (access correlation) among the data items to generate association rules The rules give dependency of read/write operations of some items on write operations of some items Less sensitive to user behavior changes

1 Nov 2004 Intrusion Detection and Containment in Database Systems7 Data Mining Approach (cont.) Definitions Sequence: It’s an ordered list of read and/or write operations. E.g. Read sequence for data item x is a sequence containing w(x) preceded by all the read operations performed on different data items in the same transaction. E.g. Write sequence for data item x is a sequence containing w(x) followed by all the write operations performed on different data items in the same transaction. E.g. Weight of Data Dependency : It indicates to what extend a data item x depends on other data items in the red or write sequence. The rweight and wweight denote the weight of read dependency and write dependency respectively.

1 Nov 2004 Intrusion Detection and Containment in Database Systems8 Data Mining Approach (cont.) The Methodology Discovering Data Dependency is performed in tree steps Sequential pattern discovery phase : Discover sequential patterns in the database log Sequence set generation phase: Obtain read and write sequence sets. Data dependency rules generation: Read and Write dependency rules The transactions which don’t follow the read and write rules are marked as malicious transactions

1 Nov 2004 Intrusion Detection and Containment in Database Systems9 Example Sequential Patterns mined Sample Transactions

1 Nov 2004 Intrusion Detection and Containment in Database Systems10 Example (cont.) Read and Write Sequence Set Data Dependency Rules Min confidence = 70%

1 Nov 2004 Intrusion Detection and Containment in Database Systems11 Intrusion Detection in Real- time Database Systems Proposed by Lee and team Considers Real-time Databases like used for Stock Market Definitions Sensor Transaction: Which are responsible for updating the values of real-time data. Temporal Data objects: values of which change with time Sensor transactions are periodic In every period only one sensor transaction can update temporal data More than one transactions in a period are flagged as malicious transactions

1 Nov 2004 Intrusion Detection and Containment in Database Systems12 Misuse Detection System for Database Systems DEMIDS - Proposed by Chung and his team Uses audit logs to generate profiles Profiles are used to detect the misuse behavior Needs to be trained with normal behavior (no intrusion)

1 Nov 2004 Intrusion Detection and Containment in Database Systems13 Components of DEMIDS’s Architecture

1 Nov 2004 Intrusion Detection and Containment in Database Systems14 Recovery from Malicious Transactions Traditional Recovery mechanisms don’t address the recovery of malicious transactions Complete rollback and adding compensatory transactions is too time consuming. There can be direct as well as indirectly affected transactions which need to be recovered.

1 Nov 2004 Intrusion Detection and Containment in Database Systems15 Intrusion Tolerant Database Systems The systems, which in addition to detect the system, also perform countermeasures to the successful attacks, are called intrusion tolerant systems

1 Nov 2004 Intrusion Detection and Containment in Database Systems16 The flat transaction recovery can only remove direct effect of malicious transactions. MART can solve this problem by nesting the flat transactions under MART. The indirect effect can be removed by doing the roll back of the MART. Malicious Activity Recovery Transaction (MART)

1 Nov 2004 Intrusion Detection and Containment in Database Systems17 Repair using Transaction Dependency Graph Uses Dependency Graph of bad and suspect transaction and undo the effects of all the bad and suspect transactions Transaction Dependency : Transaction T i is dependent upon T j if T j reads x after it’s updated by T i T i does not abort before T j reads x Every transaction that updates x between the time T i updates x and T j reads x is aborted before T j reads x. Every source node in the DG(B) is bad transaction and every non source node is a suspect transaction. If a good transaction is not affected by any bad transaction then than transaction need not be undone

1 Nov 2004 Intrusion Detection and Containment in Database Systems18 Repair using Transaction Dependency Graph (cont.) Dependency Graph Dirty Data :A data item is dirty if it’s a write set of any bad or suspect transaction. All the dirty data items should be restored to the value they had before the first transaction in DG(B) wrote it. History log Dependency Graph

1 Nov 2004 Intrusion Detection and Containment in Database Systems19 References Yi Hu, Brajendra Panda: A data mining approach for database intrusion detection. SAC 2004: Paul Ammann, Sushil Jajodia, Peng Liu, Recovery from Malicious Transactions, IEEE Transactions on Knowledge and Data Engineering, v.14 n.5, p , September 2002 Lee, V. C.S., Stankovic, J. A., Son, S. H. Intrusion Detection in Real-time Database Systems Via Time Signatures. In Proceedings of the Sixth IEEE Real Time Technology and Applications Symposium, Chung, C., Gertz M., and Levitt, K. DEMIDS: A Misuse Detection System for Database Systems. In Third Annual IFIP TC-11 WG 11.5 Working Conference on Integrity and Internal Control in Information Systems, Kluwer Academic Publishers, pages , November 1999.

1 Nov 2004 Intrusion Detection and Containment in Database Systems20 Questions

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.