Finding and Analyzing Database User Sessions

Yao, Qingsong; An, Aijun; Huang, Xiangji

doi:10.1007/11408079_77

Cited by 29 publications

(18 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The database itself consists of 119 tables with 1142 attributes in all. For more detailed description of the data set we refer the reader to [25].…”

Section: Real Data Setmentioning

confidence: 99%

Intrusion Detection in RBAC-administered Databases

Bertino

Terzi

Kamra

et al.

21st Annual Computer Security Applications Conference (ACSAC'05)

View full text Add to dashboard Cite

show abstract

“…The database itself consists of 119 tables with 1142 attributes in all. For more detailed description of the data set we refer the reader to [25].…”

Section: Real Data Setmentioning

confidence: 99%

Intrusion Detection in RBAC-administered Databases

Bertino

Terzi

Kamra

et al.

21st Annual Computer Security Applications Conference (ACSAC'05)

View full text Add to dashboard Cite

show abstract

“…Few methods for session boundaries identification that rely on known user identity have been proposed [14][15][16][17]. The session identification task involves identifying session boundaries from the log of database events.…”

Section: Related Workmentioning

confidence: 99%

Tracking end-users in web databases

Розенберг¹,

Gonen²,

Gudes³

et al. 2011

2011 5th International Conference on Network and System Security

View full text Add to dashboard Cite

When a database is accessed via a web application, users usually receive a pooled connection to the database. From a database point of view, such a connection is always established by the same user (i.e. the web application) and specific data on the end user is not available. As a consequence, users' specific transactions cannot be audited and fine-grained access control cannot be enforced at the database level. In this paper we propose a method and a system which provide the ability to track the end users in web databases. The new method can be applied to legacy web applications without requiring any changes in their existing infrastructure. Furthermore, the new users tracking ability provides a basis for native database protection mechanisms, and intrusion detection systems.

show abstract

“…This approach cannot handle adhoc queries (as the authors themselves state) and works at the coarse-grained transaction level as opposed to the fine-grained query level. Database session identification is the focus of [22]: queries within a session are considered to be related to each other, and an information theoretic metric (entropy) is used to separate sessions; however, whole queries are used as the basic unit for n-gram-statistical modeling of sessions. A multiagent based approach to database intrusion detection is presented in [23]; relatively simple metrics such as access frequency, object requests and utilization and execution denials/violations are used to audit user behavior.…”

Section: Related Workmentioning

confidence: 99%

A Data-Centric Approach to Insider Attack Detection in Database Systems

Mathew

Petropoulos

Ngo

et al. 2010

Lecture Notes in Computer Science

119

View full text Add to dashboard Cite

Abstract. The insider threat against database management systems is a dangerous security problem. Authorized users may abuse legitimate privileges to masquerade as another user or to maliciously harvest data. We propose a new direction to address the problem. We model users' access patterns by profiling the data points that users access, in contrast to analyzing the query expressions in prior approaches. Our data-centric approach is based on the key observation that query syntax alone is a poor discriminator of user intent, which is much better rendered by what is accessed. We present a feature-extraction method to model users' access patterns. Statistical learning algorithms are trained and tested using data from a real Graduate Admission database. Experimental results indicate that the technique is very effective, accurate, and is promising in complementing existing database security solutions. Practical performance issues are also addressed.

show abstract

Finding and Analyzing Database User Sessions

Cited by 29 publications

References 12 publications

Intrusion Detection in RBAC-administered Databases

Intrusion Detection in RBAC-administered Databases

Tracking end-users in web databases

A Data-Centric Approach to Insider Attack Detection in Database Systems

Contact Info

Product

Resources

About