DBMS Log Analytics for Detecting Insider Threats in Contemporary Organizations

Advances in Electronic Government, Digital Divide, and Regional Development Pub Date : 1900-01-01 DOI:10.4018/978-1-5225-5984-9.CH010

Muhammad Imran Khan, S. Foley, B. O’Sullivan

{"title":"DBMS Log Analytics for Detecting Insider Threats in Contemporary Organizations","authors":"Muhammad Imran Khan, S. Foley, B. O’Sullivan","doi":"10.4018/978-1-5225-5984-9.CH010","DOIUrl":null,"url":null,"abstract":"Insiders are legitimate users of a system; however, they pose a threat because of their granted access privileges. Anomaly-based intrusion detection approaches have been shown to be effective in the detection of insiders' malicious behavior. Database management systems (DBMS) are the core of any contemporary organization enabling them to store and manage their data. Yet insiders may misuse their privileges to access stored data via a DBMS with malicious intentions. In this chapter, a taxonomy of anomalous DBMS access detection systems is presented. Secondly, an anomaly-based mechanism that detects insider attacks within a DBMS framework is proposed whereby a model of normative behavior of insiders n-grams are used to capture normal query patterns in a log of SQL queries generated from a synthetic banking application system. It is demonstrated that n-grams do capture the short-term correlations inherent in the application. This chapter also outlines challenges pertaining to the design of more effective anomaly-based intrusion detection systems to detect insider attacks.","PeriodicalId":271918,"journal":{"name":"Advances in Electronic Government, Digital Divide, and Regional Development","volume":"62 4","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Advances in Electronic Government, Digital Divide, and Regional Development","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4018/978-1-5225-5984-9.CH010","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 5

Abstract

Insiders are legitimate users of a system; however, they pose a threat because of their granted access privileges. Anomaly-based intrusion detection approaches have been shown to be effective in the detection of insiders' malicious behavior. Database management systems (DBMS) are the core of any contemporary organization enabling them to store and manage their data. Yet insiders may misuse their privileges to access stored data via a DBMS with malicious intentions. In this chapter, a taxonomy of anomalous DBMS access detection systems is presented. Secondly, an anomaly-based mechanism that detects insider attacks within a DBMS framework is proposed whereby a model of normative behavior of insiders n-grams are used to capture normal query patterns in a log of SQL queries generated from a synthetic banking application system. It is demonstrated that n-grams do capture the short-term correlations inherent in the application. This chapter also outlines challenges pertaining to the design of more effective anomaly-based intrusion detection systems to detect insider attacks.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

用于检测当代组织内部威胁的DBMS日志分析

内部人员是系统的合法用户;但是，由于授予了访问权限，它们构成了威胁。基于异常的入侵检测方法在检测内部人员的恶意行为方面已被证明是有效的。数据库管理系统(DBMS)是任何当代组织存储和管理数据的核心。然而，内部人员可能会滥用他们的特权，恶意地通过DBMS访问存储的数据。在本章中，介绍了异常DBMS访问检测系统的分类。其次，提出了一种在DBMS框架内检测内部攻击的基于异常的机制，利用内部n-gram的规范行为模型来捕获从合成银行应用系统生成的SQL查询日志中的正常查询模式。证明了n-gram确实捕获了应用程序中固有的短期相关性。本章还概述了与设计更有效的基于异常的入侵检测系统以检测内部攻击有关的挑战。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Advances in Electronic Government, Digital Divide, and Regional Development

自引率

0.00%

发文量