Home
This Title All WIREs
WIREs RSS Feed
How to cite this WIREs title:
WIREs Data Mining Knowl Discov
Impact Factor: 2.111

Data and syntax centric anomaly detection for relational databases

Full article on Wiley Online Library:   HTML PDF

Can't access this content? Tell your librarian.

Recent studies show that insider attacks that aim at exfiltrating data are very common and that these attacks are performed according to specific patterns. Protecting against such threats requires complementing existing security techniques, such as access control and encryption, with tools able to detect anomalies in data accesses. In this paper, we present a technique specifically tailored for detecting anomalous database accesses. Our technique extracts users’ access patterns based on both the syntax of the input queries and the amount of data in their output results. Our technique is based on mining SQL queries in database audit logs in order to form profiles of the normal users’ access patterns. New queries are checked upon these profiles, and deviations from these profiles are considered anomalous and thus indicative of possible attempts to exfiltrate or misuse the data. Our technique works under two application scenarios. The first is when the database has role‐based access control (RBAC) in place. Under an RBAC system, users belong to roles and privileges are associated with roles rather than individual users. For this scenario, we form profiles of roles which make our approach usable for database management systems (DBMSs) that have a large user population; in this scenario, we apply the naive Bayesian classifier which shows accurate results in practice. We also employ multilabeling classification to enhance accuracy when the access patterns are common to multiple roles. The second application scenario is when the DBMS does not apply RBAC. In this scenario, we apply the COBWEB clustering method. Experimental results indicate that our techniques are very effective. WIREs Data Mining Knowl Discov 2016, 6:231–239. doi: 10.1002/widm.1195

System architecture.
[ Normal View | Magnified View ]
Query representation.
[ Normal View | Magnified View ]

Browse by Topic

Application Areas > Science and Technology

Access to this WIREs title is by subscription only.

Recommend to Your
Librarian Now!

The latest WIREs articles in your inbox

Sign Up for Article Alerts