Approaches and Challenges in Database Intrusion Detection

“…Intrusion detection methods can be roughly clustered into two basic categories: rules-based and learning-based methods (Santos, Bernardino, and Vieira 2014 , while not strictly a subset of anomaly or intrusion detection, is of some relevance to the temporal setting. Another natural approach is to model the temporal process via a Markov Model or a Hidden Markov Model, as was done in Görnitz, Braun, and Kloft; Soule et al (2015; 2005).…”

Section: Related Workmentioning

confidence: 99%

Temporal Anomaly Detection: Calibrating the Surprise

Gutflaish

Kontorovich

Sabato

et al. 2019

AAAI

View full text Add to dashboard Cite

We propose a hybrid approach to temporal anomaly detection in access data of users to databases -or more generally, any kind of subject-object co-occurrence data. We consider a highdimensional setting that also requires fast computation at test time. Our methodology identifies anomalies based on a single stationary model, instead of requiring a full temporal one, which would be prohibitive in this setting. We learn a low-rank stationary model from the training data, and then fit a regression model for predicting the expected likelihood score of normal access patterns in the future. The disparity between the predicted likelihood score and the observed one is used to assess the "surprise" at test time. This approach enables calibration of the anomaly score, so that time-varying normal behavior patterns are not considered anomalous. We provide a detailed description of the algorithm, including a convergence analysis, and report encouraging empirical results. One of the data sets that we tested, TDA, is new for the public domain. It consists of two months' worth of database access records from a live system. Our code is publicly available at https://github. com/eyalgut/TLR_anomaly_detection.git. The TDA data set is available at https://www.kaggle.com/ eyalgut/binary-traffic-matrices.

show abstract

“…There has been extensive level of research in detecting data leakage from databases, but there are still challenges in this field [33]. Chung et al [34] proposed the use of access patterns to databases to detect typical behavior of users.…”

Section: Related Workmentioning

confidence: 99%

Detecting Data Leakage from Databases on Android Apps with Concept Drift

Kul

Upadhyaya

Chandola

2018

2018 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/ 12th IEEE International

View full text Add to dashboard Cite

Mobile databases are the statutory backbones of many applications on smartphones, and they store a lot of sensitive information. However, vulnerabilities in the operating system or the app logic can lead to sensitive data leakage by giving the adversaries unauthorized access to the apps database.In this paper, we study such vulnerabilities to define a threat model, and we propose an OS-version independent protection mechanism that app developers can utilize to detect such attacks. To do so, we model the user behavior with the database query workload created by the original apps. Here, we model the drift in behavior by comparing probability distributions of the query workload features over time. We then use this model to determine if the app behavior drift is anomalous. We evaluate our framework on real-world workloads of three different popular Android apps, and we show that our system was able to detect more than 90% of such attacks.

show abstract

Approaches and Challenges in Database Intrusion Detection

Cited by 19 publications

References 34 publications

A Comprehensive Systematic Literature Review on Intrusion Detection Systems

A Comprehensive Systematic Literature Review on Intrusion Detection Systems

Temporal Anomaly Detection: Calibrating the Surprise

Detecting Data Leakage from Databases on Android Apps with Concept Drift

Contact Info

Product

Resources

About