Clay Brockman ITK 478 Fall 2007. Why intrusion detection? Comparing two types: Monitoring Database Application Behavior Using Time Signatures.

Slides:

Advertisements

Similar presentations

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Advertisements

Chapter 19: Computer and Network Security Techniques Business Data Communications, 6e.

Module 20 Troubleshooting Common SQL Server 2008 R2 Administrative Issues.

Detecting Computer Intrusions Using Behavioral Biometrics Ahmed Awad E. A, and Issa Traore University of Victoria PST’05 Oct 13,2005.

Intrusion Detection and Containment in Database Systems Abhijit Bhosale M.Tech (IT) School of Information Technology, IIT Kharagpur.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.

Report on Intrusion Detection and Data Fusion By Ganesh Godavari.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

DBMS Functions Data, Storage, Retrieval, and Update

Intrusion detection Anomaly detection models: compare a user’s normal behavior statistically to parameters of the current session, in order to find significant.

Ned Bakelman Advisor: Dr. Charles Tappert Research Experiment Design Sprint: Keystroke Biometric Intrusion Detection.

Lecture 11 Intrusion Detection (cont)

SE571 Security in Computing

D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.

Intrusion and Anomaly Detection in Network Traffic Streams: Checking and Machine Learning Approaches ONR MURI area: High Confidence Real-Time Misuse and.

Reducing False-Positives and False-Negatives in Security Event Data Using Context Derek G. Shaw August 2011.

ISOM MIS3150 Data and Info Mgmt Database Security Arijit Sengupta.

Intrusion Detection for Grid and Cloud Computing Author Kleber Vieira, Alexandre Schulter, Carlos Becker Westphall, and Carla Merkle Westphall Federal.

DIDAR – Database Intrusion Detection with Automated Recovery Asankhaya Sharma Govindarajan S Srivatsan V Prof. DVLN Somayajulu.

SQL INJECTION COUNTERMEASURES &

DBSQL 7-1 Copyright © Genetic Computer School 2009 Chapter 7 Transaction Management, Database Security and Recovery.

IIT Indore © Neminah Hubballi

Improving Intrusion Detection System Taminee Shinasharkey CS689 11/2/00.

IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.

Security Security is a measure of the system’s ability to protect data and information from unauthorized access while still providing access to people.

1 Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.

Signature Based and Anomaly Based Network Intrusion Detection

Interaction Modeling Interaction model describes how objects interact to produce useful results. Interactions can be modeled at different levels of abstraction:

Grant Pannell. Intrusion Detection Systems  Attempt to detect unauthorized activity  CIA – Confidentiality, Integrity, Availability  Commonly network-based.

Report on Intrusion Detection and Data Fusion By Ganesh Godavari.

Operating system Security By Murtaza K. Madraswala.

Detecting Targeted Attacks Using Shadow Honeypots Authors: K.G. Anagnostakis, S. Sidiroglou, P. Akritidis, K. Xinidis, E. Markatos, A.D. Keromytis Published:

HIPS Host-Based Intrusion Prevention System By Ali Adlavaran & Mahdi Mohamad Pour (M.A. Team) Life’s Live in Code Life.

Kittiphan Techakittiroj (25/10/58 12:06 น. 25/10/58 12:06 น. 25/10/58 12:06 น.) Intrusion Detection System Kittiphan Techakittiroj

Beyond negative security Signatures are not always enough Or Katz Trustwave ot.com/

SNORT Biopsy: A Forensic Analysis on Intrusion Detection System By Asif Syed Chowdhury.

Information Security What is Information Security?

Database Security Outline.. Introduction Security requirement Reliability and Integrity Sensitive data Inference Multilevel databases Multilevel security.

CSCI 3140 Module 6 – Database Security Theodore Chiasson Dalhousie University.

© G. Dhillon Principles of IS Security Security of Technical Systems in Organizations – an introduction.

DETECTING TARGETED ATTACKS USING SHADOW HONEYPOTS AUTHORS: K. G. Anagnostakisy, S. Sidiroglouz, P. Akritidis, K. Xinidis, E. Markatos, A. D. Keromytisz.

Intrusion Detection State of the Art/Practice Anita Jones University of Virginia.

Database security Diego Abella. Database security Global connection increase database security problems. Database security is the system, processes, and.

Cryptography and Network Security Sixth Edition by William Stallings.

Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.

1 Intrusion Detection “Intrusion detection is the process of identifying and responding to malicious activity targeted at computing and networking resources.”

Intrusion Detection System

I NTRUSION P REVENTION S YSTEM (IPS). O UTLINE Introduction Objectives IPS’s Detection methods Classifications IPS vs. IDS IPS vs. Firewall.

Computer threats, Attacks and Assets upasana pandit T.E comp.

C OMPUTER THREATS, ATTACKS AND ASSETS DONE BY NISHANT NARVEKAR TE COMP

©Bob Godfrey, 2002, 2005 Lecture 17: Transaction Integrity and Concurrency BSA206 Database Management Systems.

10 1 Chapter 10 - A Transaction Management Database Systems: Design, Implementation, and Management, Rob and Coronel.

 Introduction  Tripwire For Servers  Tripwire Manager  Tripwire For Network Devices  Working Of Tripwire  Advantages  Conclusion.

IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.

SYSTEMS IMPLEMENTATION TECHNIQUES TRANSACTION PROCESSING DATABASE RECOVERY DATABASE SECURITY CONCURRENCY CONTROL.

By: Surapheal Belay ITEC 6322 / Spring ABSTRACT NIST , guide to intrusion detection and prevention systems (IDPS), discusses four types of.

Some Great Open Source Intrusion Detection Systems (IDSs)

Threat Modeling for Cloud Computing

IDS Intrusion Detection Systems

Network Security Presented by: JAISURYA BANERJEA MBA, 2ND Semester.

Chapter 9: Security © Len Bass, Paul Clements, Rick Kazman, distributed under Creative Commons Attribution License.

Design for Security Pepper.

Operating system Security

Data Warehousing Data Mining Privacy

Presentation transcript:

Clay Brockman ITK 478 Fall 2007

Why intrusion detection? Comparing two types: Monitoring Database Application Behavior Using Time Signatures

“Security is an integrative concept that includes the following properties: confidentiality …, authenticity …, integrity …, and availability” (Vieira and Madeira, 2005, p. 350) Explanation of these properties

Occur in one of the following ways: “intentional unauthorized attempts to access or destroy private data” (Vieira and Madeira, 2005, p. 351) “malicious actions executed by authorized users to cause loss or corruption of critical data” (Vieira and Madeira, 2005, p. 351) “external interferences aimed to cause undue delays in accessing or using data, or even denial of service” (Vieira and Madeira, 2005, p. 351)

False Positive the detection system reports an intrusion but the action is really a legitimate request (Afonso, et al., 2006, p.37) accounts for 17% of recorded events (Afonso, et al., 2006, p.37) False Negative system will allow a malicious request to pass, identifying it as a legitimate request (Afonso, et al., 2006, p.37) accounts for about 12% of recorded events (Afonso, et al., 2006, p.37)

Developed by José Fonseca, Marco Vieira, and Henrique Madeira This method “adds concurrent intrusion detection to DBMS using a comprehensive set of behavior abstractions representing database activity” (Fonseca, et al., 2006, p. 383). Messages checked at 3 different levels Command Level Transaction Level Session Level

Command Level “checks if the structure of each executed command belongs to the set of command structures previously learned” (Fonseca, et al., 2006, p. 383) Transaction Level “checks if the command is in the right place inside the transaction profile (a transaction is a unit formed by a set of SQL commands always executed in the same sequence)” (Fonseca, et al., 2006, p. 383) Session Level “checks if the transaction fits in a known transaction sequence. It represents the sequence of operations that the user executes in a session” (Fonseca, et al., 2006, p. 383)

Results: 1 normal request was found to be malicious, resulting in 1 false positive 100% accuracy on requests with slight changes Randomly ordered SQL commands resulted in 4.2% false negatives All 50 manual injections were caught

Expects requests to come in at certain times Based on a real-time database Examples: Stock Market Power Grid Air Traffic Control

Two different types of intrusions User transactions: “the characteristics of an intruding transaction are identical to a user transaction except for the data object access pattern” (Lee, et al., 2000, p. 128) Sensor transactions: Read a sensor periodically to check for updated information (Lee, et al., 2000, p )

Results: False positive rate was as low as 0.36% (Lee, et al., 2000, p. 129) False negative rate was as high as 5.5% (Lee, et al., 2000, p. 129).

Both methods had very low false positive rates Monitoring Database Application behavior was better on false negative rates by 1.5%