Presentation is loading. Please wait.

Presentation is loading. Please wait.

Anomalous Database Transaction Detection

Published byBertram Morrison Modified over 5 years ago

Similar presentations

Presentation on theme: "Anomalous Database Transaction Detection"— Presentation transcript:

1 Anomalous Database Transaction Detection
By Harshith Reddy Sarabudla

2 Anomaly detection approaches
Command-centric – focus on attack syntax Mostly capture attack queries that have similar columns but process or display different row contents from those of normal queries Data-centric – focus on semantics Mostly capture attack queries that are similar in both columns and resulting datasets

3 Limitations SELECT Name, Salary FROM Employee WHERE ID = 102 AND Dept_id = 3; Conversely, suppose we rewrite the above query as follows SELECT Name, Salary FROM Employee WHERE ID = 102 AND Dept_id = 3 AND Name IS NOT NULL; Both queries are syntactically different but produces the same result. However, the second syntax is likely to be flagged as anomalous and ends up be a false positive.

4 Importance of problem: Abundance of false alerts (most of them being false positive) makes it difficult for the security analyst to identify successful attacks and to take remedial actions.

5 Challenging aspects We propose a solution for detecting anomalous transactions in the database more efficiently while Focusing on reducing the number of false positives Reducing the detection time window Handling detection for newly added attributes

6 Proposed solution Training Phase:
Features that represent the syntax of the queries are extracted for legitimate transactions taken collected from DBMS audit logs. Features: SQL operations, attributes, user role, number of commands and command execution time Signatures are created for all legitimate transactions Detection Phase: Stage 1 – Syntax based detection Compare Incoming transaction signature with collected signatures Stage 2 – Data usage-based detection Attributes are grouped according to their frequency of usage for each user role and compared Stage 3 - Data sensitivity-based detection Compare the amount of sensitive information the transaction returns

7 Future work Anomaly detection algorithms may be modified according to the workload or data size of the database Measure the impact of alerts for admin to prioritize them in taking action

Download ppt "Anomalous Database Transaction Detection"

Similar presentations

Loss-Sensitive Decision Rules for Intrusion Detection and Response Linda Zhao Statistics Department University of Pennsylvania Joint work with I. Lee,

Loss-Sensitive Decision Rules for Intrusion Detection and Response Linda Zhao Statistics Department University of Pennsylvania Joint work with I. Lee,
MySQL Access Privilege System

MySQL Access Privilege System
Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
2009 Architecture Plan Overview 2009 Architecture Plan Overview.

2009 Architecture Plan Overview 2009 Architecture Plan Overview.
Database Management System

Database Management System
Polymorphic blending attacks Prahlad Fogla et al USENIX 2006 Presented By Himanshu Pagey.

Polymorphic blending attacks Prahlad Fogla et al USENIX 2006 Presented By Himanshu Pagey.
Advanced Database Systems September 2013 Dr. Fatemeh Ahmadi-Abkenari 1.

Advanced Database Systems September 2013 Dr. Fatemeh Ahmadi-Abkenari 1.
Data Mining and Intrusion Detection

Data Mining and Intrusion Detection
Database Seminar Spring 2008 1 Supervisor: Dr. Michalis Petropoulos Presented by: Sergey Chernokozinskiy.

Database Seminar Spring Supervisor: Dr. Michalis Petropoulos Presented by: Sergey Chernokozinskiy.
Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.

Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.
Ken Paiboon 214.274.3436 ken@exabeam.com User Behavior Intelligence Fundamentals: Behaviors, Characteristics, and Facts Ken Paiboon 214.274.3436 ken@exabeam.com.

Ken Paiboon User Behavior Intelligence Fundamentals: Behaviors, Characteristics, and Facts Ken Paiboon
DARPA Challenges for Anomaly Detection of Program Exploits Anup K. Ghosh, Ph.D. DARPA/ATO JHU Workshop on Intrusion Detection Johns Hopkins University.

DARPA Challenges for Anomaly Detection of Program Exploits Anup K. Ghosh, Ph.D. DARPA/ATO JHU Workshop on Intrusion Detection Johns Hopkins University.
Intrusion Detection for Grid and Cloud Computing Author Kleber Vieira, Alexandre Schulter, Carlos Becker Westphall, and Carla Merkle Westphall Federal.

Intrusion Detection for Grid and Cloud Computing Author Kleber Vieira, Alexandre Schulter, Carlos Becker Westphall, and Carla Merkle Westphall Federal.
PHP Programming with MySQL Slide 8-1 CHAPTER 8 Working with Databases and MySQL.

PHP Programming with MySQL Slide 8-1 CHAPTER 8 Working with Databases and MySQL.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 5 “Database and Cloud Security”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 5 “Database and Cloud Security”.
1 11/3/05CS360 Windows Programming Databases and Data Representation.

1 11/3/05CS360 Windows Programming Databases and Data Representation.
Chapter 7 Working with Databases and MySQL PHP Programming with MySQL 2 nd Edition.

Chapter 7 Working with Databases and MySQL PHP Programming with MySQL 2 nd Edition.
Programming using C# Joins SQL Injection Stored Procedures

Programming using C# Joins SQL Injection Stored Procedures
Copyright © 2013 Curt Hill Database Security An Overview with some SQL.

Copyright © 2013 Curt Hill Database Security An Overview with some SQL.
A Data-Centric Approach to Insider Attack Detection in Database Systems Sunu Mathew Joint Work with: Michalis Petropoulos, Hung Q. Ngo, Shambhu Upadhyaya.

A Data-Centric Approach to Insider Attack Detection in Database Systems Sunu Mathew Joint Work with: Michalis Petropoulos, Hung Q. Ngo, Shambhu Upadhyaya.

Similar presentations

Ads by Google