Presentation is loading. Please wait.

Presentation is loading. Please wait.

Clay Brockman ITK 478 Fall 2007. Why intrusion detection? Comparing two types: Monitoring Database Application Behavior Using Time Signatures.

Published byWilla Roberts Modified over 9 years ago

Similar presentations

Presentation on theme: "Clay Brockman ITK 478 Fall 2007. Why intrusion detection? Comparing two types: Monitoring Database Application Behavior Using Time Signatures."— Presentation transcript:

1 Clay Brockman ITK 478 Fall 2007

2 Why intrusion detection? Comparing two types: Monitoring Database Application Behavior Using Time Signatures

3 “Security is an integrative concept that includes the following properties: confidentiality …, authenticity …, integrity …, and availability” (Vieira and Madeira, 2005, p. 350) Explanation of these properties

4 Occur in one of the following ways: “intentional unauthorized attempts to access or destroy private data” (Vieira and Madeira, 2005, p. 351) “malicious actions executed by authorized users to cause loss or corruption of critical data” (Vieira and Madeira, 2005, p. 351) “external interferences aimed to cause undue delays in accessing or using data, or even denial of service” (Vieira and Madeira, 2005, p. 351)

5 False Positive the detection system reports an intrusion but the action is really a legitimate request (Afonso, et al., 2006, p.37) accounts for 17% of recorded events (Afonso, et al., 2006, p.37) False Negative system will allow a malicious request to pass, identifying it as a legitimate request (Afonso, et al., 2006, p.37) accounts for about 12% of recorded events (Afonso, et al., 2006, p.37)

6 Developed by José Fonseca, Marco Vieira, and Henrique Madeira This method “adds concurrent intrusion detection to DBMS using a comprehensive set of behavior abstractions representing database activity” (Fonseca, et al., 2006, p. 383). Messages checked at 3 different levels Command Level Transaction Level Session Level

7 Command Level “checks if the structure of each executed command belongs to the set of command structures previously learned” (Fonseca, et al., 2006, p. 383) Transaction Level “checks if the command is in the right place inside the transaction profile (a transaction is a unit formed by a set of SQL commands always executed in the same sequence)” (Fonseca, et al., 2006, p. 383) Session Level “checks if the transaction fits in a known transaction sequence. It represents the sequence of operations that the user executes in a session” (Fonseca, et al., 2006, p. 383)

8 Results: 1 normal request was found to be malicious, resulting in 1 false positive 100% accuracy on requests with slight changes Randomly ordered SQL commands resulted in 4.2% false negatives All 50 manual injections were caught

9 Expects requests to come in at certain times Based on a real-time database Examples: Stock Market Power Grid Air Traffic Control

10 Two different types of intrusions User transactions: “the characteristics of an intruding transaction are identical to a user transaction except for the data object access pattern” (Lee, et al., 2000, p. 128) Sensor transactions: Read a sensor periodically to check for updated information (Lee, et al., 2000, p. 127-128)

11 Results: False positive rate was as low as 0.36% (Lee, et al., 2000, p. 129) False negative rate was as high as 5.5% (Lee, et al., 2000, p. 129).

12 Both methods had very low false positive rates Monitoring Database Application behavior was better on false negative rates by 1.5%

Download ppt "Clay Brockman ITK 478 Fall 2007. Why intrusion detection? Comparing two types: Monitoring Database Application Behavior Using Time Signatures."

Similar presentations

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Chapter 19: Computer and Network Security Techniques Business Data Communications, 6e.

Chapter 19: Computer and Network Security Techniques Business Data Communications, 6e.
Module 20 Troubleshooting Common SQL Server 2008 R2 Administrative Issues.

Module 20 Troubleshooting Common SQL Server 2008 R2 Administrative Issues.
Detecting Computer Intrusions Using Behavioral Biometrics Ahmed Awad E. A, and Issa Traore University of Victoria PST’05 Oct 13,2005.

Detecting Computer Intrusions Using Behavioral Biometrics Ahmed Awad E. A, and Issa Traore University of Victoria PST’05 Oct 13,2005.
Intrusion Detection and Containment in Database Systems Abhijit Bhosale M.Tech (IT) School of Information Technology, IIT Kharagpur.

Intrusion Detection and Containment in Database Systems Abhijit Bhosale M.Tech (IT) School of Information Technology, IIT Kharagpur.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.

Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
Report on Intrusion Detection and Data Fusion By Ganesh Godavari.

Report on Intrusion Detection and Data Fusion By Ganesh Godavari.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
DBMS Functions Data, Storage, Retrieval, and Update

DBMS Functions Data, Storage, Retrieval, and Update
Intrusion detection Anomaly detection models: compare a user’s normal behavior statistically to parameters of the current session, in order to find significant.

Intrusion detection Anomaly detection models: compare a user’s normal behavior statistically to parameters of the current session, in order to find significant.
Ned Bakelman Advisor: Dr. Charles Tappert Research Experiment Design Sprint: Keystroke Biometric Intrusion Detection.

Ned Bakelman Advisor: Dr. Charles Tappert Research Experiment Design Sprint: Keystroke Biometric Intrusion Detection.
Lecture 11 Intrusion Detection (cont)

Lecture 11 Intrusion Detection (cont)
SE571 Security in Computing

SE571 Security in Computing
D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.

D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.
Intrusion and Anomaly Detection in Network Traffic Streams: Checking and Machine Learning Approaches ONR MURI area: High Confidence Real-Time Misuse and.

Intrusion and Anomaly Detection in Network Traffic Streams: Checking and Machine Learning Approaches ONR MURI area: High Confidence Real-Time Misuse and.
Reducing False-Positives and False-Negatives in Security Event Data Using Context Derek G. Shaw August 2011.

Reducing False-Positives and False-Negatives in Security Event Data Using Context Derek G. Shaw August 2011.

Similar presentations

Ads by Google