A semantic approach to frequency based anomaly detection of insider access in database management systems

Muhammad Imran Khan; Barry O’Sullivan; Simon N. Foley

doi:10.1007/978-3-319-76687-4_2

A semantic approach to frequency based anomaly detection of insider access in database management systems

Muhammad Imran Khan
, Barry O’Sullivan
, Simon N. Foley

Research output: Chapter in Book/Report/Conference proceedings › Conference proceeding › peer-review

Abstract

Timely detection of an insider attack is prevalent among challenges in database security. Research on anomaly-based database intrusion detection systems has received significant attention because of its potential to detect zero-day insider attacks. Such approaches differ mainly in their construction of normative behavior of (insider) role/user. In this paper, a different perspective on the construction of normative behavior is presented, whereby normative behavior is captured instead from the perspective of the DBMS itself. Using techniques from Statistical Process Control, a model of DBMS-oriented normal behavior is described that can be used to detect frequency based anomalies in database access. The approach is evaluated using a synthetic dataset and we also demonstrate this DBMS-oriented profile can be transformed into the more traditional role-oriented profiles.

Original language	English
Title of host publication	Risks and Security of Internet and Systems - 12th International Conference, CRiSIS 2017, Revised Selected Papers
Editors	Nora Cuppens, Frederic Cuppens, Axel Legay, Jean-Louis Lanet, Joaquin Garcia-Alfaro
Publisher	Springer Verlag
Pages	18-28
Number of pages	11
ISBN (Print)	9783319766867
DOIs	https://doi.org/10.1007/978-3-319-76687-4_2
Publication status	Published - 2018
Event	12th International Conference on Risks and Security of Internet and Systems, CRiSIS 2017 - Dinard, France Duration: 19 Sep 2017 → 21 Sep 2017

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	10694 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	12th International Conference on Risks and Security of Internet and Systems, CRiSIS 2017
Country/Territory	France
City	Dinard
Period	19/09/17 → 21/09/17

Keywords

Anomaly detection
Cybersecurity
Database intrusion detection
Insider threats

Access to Document

10.1007/978-3-319-76687-4_2

Cite this

Khan, M. I., O’Sullivan, B., & Foley, S. N. (2018). A semantic approach to frequency based anomaly detection of insider access in database management systems. In N. Cuppens, F. Cuppens, A. Legay, J.-L. Lanet, & J. Garcia-Alfaro (Eds.), Risks and Security of Internet and Systems - 12th International Conference, CRiSIS 2017, Revised Selected Papers (pp. 18-28). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10694 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-319-76687-4_2

Khan, Muhammad Imran ; O’Sullivan, Barry ; Foley, Simon N. / A semantic approach to frequency based anomaly detection of insider access in database management systems. Risks and Security of Internet and Systems - 12th International Conference, CRiSIS 2017, Revised Selected Papers. editor / Nora Cuppens ; Frederic Cuppens ; Axel Legay ; Jean-Louis Lanet ; Joaquin Garcia-Alfaro. Springer Verlag, 2018. pp. 18-28 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{62708c9e5b5346c38f9540bb878008d0,

title = "A semantic approach to frequency based anomaly detection of insider access in database management systems",

abstract = "Timely detection of an insider attack is prevalent among challenges in database security. Research on anomaly-based database intrusion detection systems has received significant attention because of its potential to detect zero-day insider attacks. Such approaches differ mainly in their construction of normative behavior of (insider) role/user. In this paper, a different perspective on the construction of normative behavior is presented, whereby normative behavior is captured instead from the perspective of the DBMS itself. Using techniques from Statistical Process Control, a model of DBMS-oriented normal behavior is described that can be used to detect frequency based anomalies in database access. The approach is evaluated using a synthetic dataset and we also demonstrate this DBMS-oriented profile can be transformed into the more traditional role-oriented profiles.",

keywords = "Anomaly detection, Cybersecurity, Database intrusion detection, Insider threats",

author = "Khan, \{Muhammad Imran\} and Barry O{\textquoteright}Sullivan and Foley, \{Simon N.\}",

note = "Publisher Copyright: {\textcopyright} Springer International Publishing AG, part of Springer Nature 2018.; 12th International Conference on Risks and Security of Internet and Systems, CRiSIS 2017 ; Conference date: 19-09-2017 Through 21-09-2017",

year = "2018",

doi = "10.1007/978-3-319-76687-4\_2",

language = "English",

isbn = "9783319766867",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "18--28",

editor = "Nora Cuppens and Frederic Cuppens and Axel Legay and Jean-Louis Lanet and Joaquin Garcia-Alfaro",

booktitle = "Risks and Security of Internet and Systems - 12th International Conference, CRiSIS 2017, Revised Selected Papers",

address = "Germany",

}

Khan, MI, O’Sullivan, B & Foley, SN 2018, A semantic approach to frequency based anomaly detection of insider access in database management systems. in N Cuppens, F Cuppens, A Legay, J-L Lanet & J Garcia-Alfaro (eds), Risks and Security of Internet and Systems - 12th International Conference, CRiSIS 2017, Revised Selected Papers. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 10694 LNCS, Springer Verlag, pp. 18-28, 12th International Conference on Risks and Security of Internet and Systems, CRiSIS 2017, Dinard, France, 19/09/17. https://doi.org/10.1007/978-3-319-76687-4_2

A semantic approach to frequency based anomaly detection of insider access in database management systems. / Khan, Muhammad Imran; O’Sullivan, Barry; Foley, Simon N.
Risks and Security of Internet and Systems - 12th International Conference, CRiSIS 2017, Revised Selected Papers. ed. / Nora Cuppens; Frederic Cuppens; Axel Legay; Jean-Louis Lanet; Joaquin Garcia-Alfaro. Springer Verlag, 2018. p. 18-28 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10694 LNCS).

Research output: Chapter in Book/Report/Conference proceedings › Conference proceeding › peer-review

TY - GEN

T1 - A semantic approach to frequency based anomaly detection of insider access in database management systems

AU - Khan, Muhammad Imran

AU - O’Sullivan, Barry

AU - Foley, Simon N.

N1 - Publisher Copyright: © Springer International Publishing AG, part of Springer Nature 2018.

PY - 2018

Y1 - 2018

N2 - Timely detection of an insider attack is prevalent among challenges in database security. Research on anomaly-based database intrusion detection systems has received significant attention because of its potential to detect zero-day insider attacks. Such approaches differ mainly in their construction of normative behavior of (insider) role/user. In this paper, a different perspective on the construction of normative behavior is presented, whereby normative behavior is captured instead from the perspective of the DBMS itself. Using techniques from Statistical Process Control, a model of DBMS-oriented normal behavior is described that can be used to detect frequency based anomalies in database access. The approach is evaluated using a synthetic dataset and we also demonstrate this DBMS-oriented profile can be transformed into the more traditional role-oriented profiles.

AB - Timely detection of an insider attack is prevalent among challenges in database security. Research on anomaly-based database intrusion detection systems has received significant attention because of its potential to detect zero-day insider attacks. Such approaches differ mainly in their construction of normative behavior of (insider) role/user. In this paper, a different perspective on the construction of normative behavior is presented, whereby normative behavior is captured instead from the perspective of the DBMS itself. Using techniques from Statistical Process Control, a model of DBMS-oriented normal behavior is described that can be used to detect frequency based anomalies in database access. The approach is evaluated using a synthetic dataset and we also demonstrate this DBMS-oriented profile can be transformed into the more traditional role-oriented profiles.

KW - Anomaly detection

KW - Cybersecurity

KW - Database intrusion detection

KW - Insider threats

UR - https://www.scopus.com/pages/publications/85043989255

U2 - 10.1007/978-3-319-76687-4_2

DO - 10.1007/978-3-319-76687-4_2

M3 - Conference proceeding

AN - SCOPUS:85043989255

SN - 9783319766867

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 18

EP - 28

BT - Risks and Security of Internet and Systems - 12th International Conference, CRiSIS 2017, Revised Selected Papers

A2 - Cuppens, Nora

A2 - Cuppens, Frederic

A2 - Legay, Axel

A2 - Lanet, Jean-Louis

A2 - Garcia-Alfaro, Joaquin

PB - Springer Verlag

T2 - 12th International Conference on Risks and Security of Internet and Systems, CRiSIS 2017

Y2 - 19 September 2017 through 21 September 2017

ER -

Khan MI, O’Sullivan B, Foley SN. A semantic approach to frequency based anomaly detection of insider access in database management systems. In Cuppens N, Cuppens F, Legay A, Lanet JL, Garcia-Alfaro J, editors, Risks and Security of Internet and Systems - 12th International Conference, CRiSIS 2017, Revised Selected Papers. Springer Verlag. 2018. p. 18-28. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-76687-4_2

A semantic approach to frequency based anomaly detection of insider access in database management systems

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this