Presentation is loading. Please wait.

Presentation is loading. Please wait.

HENGHA: DATA HARVESTING DETECTION ON HIDDEN DATABASES Shiyuan Wang, Divyakant Agrawal, Amr El Abbadi University of California, Santa Barbara CCSW 2010.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "HENGHA: DATA HARVESTING DETECTION ON HIDDEN DATABASES Shiyuan Wang, Divyakant Agrawal, Amr El Abbadi University of California, Santa Barbara CCSW 2010."— Presentation transcript:

1 HENGHA: DATA HARVESTING DETECTION ON HIDDEN DATABASES Shiyuan Wang, Divyakant Agrawal, Amr El Abbadi University of California, Santa Barbara CCSW 2010

2 Data Security Concern: Back-End Databases of Web-based Applications Form-based query interfaces provide entrance to both users and attackers. Traditional Attacks Submit malicious requests to break in the hidden database through vulnerable holes in the application, e.g. SQL injection [Vale05]. Many can be detected by prior work. 10/8/2010 2

3 Data Security Concern: Back-End Databases of Web-based Applications Data Harvesting Attacks Iteratively submit legitimate queries to extract data inventory or infer sensitive aggregate information. E.g 1. A competitor of a car rental company A harvested A’s inventory about a popular car. E.g 2. Terrorists inferred that a flight was relatively empty and could be a hijacking target. 10/8/2010 3

4 Anatomy of Data Harvesting Attacks General strategy Iteratively submit legitimate queries with valid fields, analyze the results and then design new queries with the goal of maximizing information gain through limited #queries. Two types of harvesting attacks to consider Crawling Attack Performed by deep web crawling [Madh08] Sampling Attack Performed by uniform random sampling on results of sizes no more than K [Dasg09] 10/8/2010 4

5 How To Defend Against Data Harvesting Attacks Database inference control [Denn83]? Query set restriction is not effective, especially on sampling attacks. Query set restriction and data perturbation [Dasg09] hurt usability. Web robot detection [Tan02]? Data harvesters can camouflage normal users’ http traffic patterns. 10/8/2010 5

6 Our Approach Detection based on search behaviors within sessions Attackers’ search behaviors Diversity Queries are not concentrated and localized, and they reflect very distinct intents Broadness The results of the queries cover a broad scope of the underlying data. 10/8/2010 6

7 HengHa: Detecting Data Harvesting Attacks at Single Session Level Identify data harvesting attackers by examining if their search behaviors in a session show relatively significant diversity and broadness. Diversity -> query correlation Broadness -> result coverage 10/8/2010 7 Heng: query correlation observer Ha: result coverage monitor HengHa DETECTORDETECTOR Web Application DB query result suspicious

8 Queries in a Session That Plans Trip to Chicago Heng: Query Correlation Observer Key idea Frequent predicate value sets as indications of correlations among queries Intuitively, if a session has more frequent predicate value sets with higher supports, and those predicate value sets are more similar to the queries, the queries in this session are more correlated. 10/8/2010 8

9 Ha: Result Coverage Monitor Key idea Sort multi-attribute data D in a total order, e.g. z-curve, that preserves locality. Create a coverage bit vector (CBV), where the bits correspond to the data in the total order. Access a data -> set a bit Training Cluster CBVs to model different data access patterns x y 0 1 2 3 10/8/2010 9 1110 1100 0100 0000

10 Experiment Extracted 98,564 real user query sessions and a data table of 387 records from KDD Cup 2000 clickstream dataset Synthesized 1000 attack sessions [Madh08, Dasg09] Run on a server with Intel 2.4GHz CPU, 3GB RAM and FC 8 OS Performed four folds cross-validation 10/8/2010 10 Effectiveness of Detection in Four ValidationsEfficiency of Detection in Four Validation

11 Conclusion & Future Work Identified non-traditional data harvesting attacks on the back-end databases of web-based applications, i.e. crawling attack and sampling attack. Detection based on identifying attackers’ special search behaviors at single session level, diversity->query correlation observer, broadness->result coverage monitor. Detecting cross-session data harvesting attacks will be considered in the future work. 10/8/2010 11

12 References [Vale05] F. Valeur et al. A learning-based approach to the detection of sql attacks. In DIMVA, pages 123–140, 2005. [Dasg09] A. Dasgupta et al. Privacy preservation of aggregates in hidden databases: why and how? In SIGMOD, pages 153–164, 2009. [Madh08] J. Madhavan et al. Google’s deep web crawl. PVLDB, 1(2):1241–1252, 2008. [Tan02] P.-N. Tan et al. Discovery of web robot sessions based on their navigational patterns. Data Min. Knowl. Discov., 6(1):9–35, 2002. [Denn83] D. E. Denning et al. Inference controls for statistical databases. Computer, 16(7):69–82, 1983. 10/8/2010 12

13 Thanks for Listening 10/8/2010 13

Download ppt "HENGHA: DATA HARVESTING DETECTION ON HIDDEN DATABASES Shiyuan Wang, Divyakant Agrawal, Amr El Abbadi University of California, Santa Barbara CCSW 2010."

Similar presentations

Automatic Misconfiguration Troubleshooting with PeerPressure Helen J. Wang, John C. Platt, Yu Chen, Ruyun Zhang, Yi-Min Wang Microsoft Research Presenter:

Automatic Misconfiguration Troubleshooting with PeerPressure Helen J. Wang, John C. Platt, Yu Chen, Ruyun Zhang, Yi-Min Wang Microsoft Research Presenter:
On the Privacy of Private Browsing Kiavash Satvat, Matt Forshaw, Feng Hao, Ehsan Toreini Newcastle University DPM’13.

On the Privacy of Private Browsing Kiavash Satvat, Matt Forshaw, Feng Hao, Ehsan Toreini Newcastle University DPM’13.
DSPIN: Detecting Automatically Spun Content on the Web Qing Zhang, David Y. Wang, Geoffrey M. Voelker University of California, San Diego 1.

DSPIN: Detecting Automatically Spun Content on the Web Qing Zhang, David Y. Wang, Geoffrey M. Voelker University of California, San Diego 1.
Application Identification in information-poor environments Charalampos Rotsos 02/02/20101 What is application identification Current status My work Future.

Application Identification in information-poor environments Charalampos Rotsos 02/02/20101 What is application identification Current status My work Future.
Automatic Discovery and Classification of search interface to the Hidden Web Dean Lee and Richard Sia Dec 2 nd 2003.

Automatic Discovery and Classification of search interface to the Hidden Web Dean Lee and Richard Sia Dec 2 nd 2003.
Privacy and Integrity Preserving in Distributed Systems Presented for Ph.D. Qualifying Examination Fei Chen Michigan State University August 25 th, 2009.

Privacy and Integrity Preserving in Distributed Systems Presented for Ph.D. Qualifying Examination Fei Chen Michigan State University August 25 th, 2009.
Leveraging User Interactions for In-Depth Testing of Web Applications Sean McAllister, Engin Kirda, and Christopher Kruegel RAID ’08 1 Seoyeon Kang November.

Leveraging User Interactions for In-Depth Testing of Web Applications Sean McAllister, Engin Kirda, and Christopher Kruegel RAID ’08 1 Seoyeon Kang November.
Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2013 Lecture 3 09/03/2013 Security and Privacy in Cloud Computing.

Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2013 Lecture 3 09/03/2013 Security and Privacy in Cloud Computing.
Leveraging User Interactions for In-Depth Testing of Web Application Sean McAllister Secure System Lab, Technical University Vienna, Austria Engin Kirda.

Leveraging User Interactions for In-Depth Testing of Web Application Sean McAllister Secure System Lab, Technical University Vienna, Austria Engin Kirda.
Presenter Deddie Tjahjono.  Introduction  Website Application Layer  Why Web Application Security  Web Apps Security Scanner  About  Feature  How.

Presenter Deddie Tjahjono.  Introduction  Website Application Layer  Why Web Application Security  Web Apps Security Scanner  About  Feature  How.
Machine Learning in Simulation-Based Analysis 1 Li-C. Wang, Malgorzata Marek-Sadowska University of California, Santa Barbara.

Machine Learning in Simulation-Based Analysis 1 Li-C. Wang, Malgorzata Marek-Sadowska University of California, Santa Barbara.
Deep-Web Crawling “Enlightening the dark side of the web”

Deep-Web Crawling “Enlightening the dark side of the web”
Lucent Technologies – Proprietary Use pursuant to company instruction Learning Sequential Models for Detecting Anomalous Protocol Usage (work in progress)

Lucent Technologies – Proprietary Use pursuant to company instruction Learning Sequential Models for Detecting Anomalous Protocol Usage (work in progress)
Web Usage Mining Sara Vahid. Agenda Introduction Web Usage Mining Procedure Preprocessing Stage Pattern Discovery Stage Data Mining Approaches Sample.

Web Usage Mining Sara Vahid. Agenda Introduction Web Usage Mining Procedure Preprocessing Stage Pattern Discovery Stage Data Mining Approaches Sample.
1 CS 178H Introduction to Computer Science Research What is CS Research?

1 CS 178H Introduction to Computer Science Research What is CS Research?
«Tag-based Social Interest Discovery» Proceedings of the 17th International World Wide Web Conference (WWW2008) Xin Li, Lei Guo, Yihong Zhao Yahoo! Inc.,

«Tag-based Social Interest Discovery» Proceedings of the 17th International World Wide Web Conference (WWW2008) Xin Li, Lei Guo, Yihong Zhao Yahoo! Inc.,
Where Are the Nuggets in System Audit Data? Wenke Lee College of Computing Georgia Institute of Technology.

Where Are the Nuggets in System Audit Data? Wenke Lee College of Computing Georgia Institute of Technology.
Processing and Analyzing Large log from Search Engine Meng Dou 13/9/2012.

Processing and Analyzing Large log from Search Engine Meng Dou 13/9/2012.
John P., Fang Yu, Yinglian Xie, Martin Abadi, Arvind Krishnamurthy University of California, Santa Cruz USENIX SECURITY SYMPOSIUM, August, 2010 John P.,

John P., Fang Yu, Yinglian Xie, Martin Abadi, Arvind Krishnamurthy University of California, Santa Cruz USENIX SECURITY SYMPOSIUM, August, 2010 John P.,
Improving Intrusion Detection System Taminee Shinasharkey CS689 11/2/00.

Improving Intrusion Detection System Taminee Shinasharkey CS689 11/2/00.

Similar presentations

Ads by Google