Title :
Intrusion detection in RBAC-administered databases
Author :
Bertino, Elisa ; Terzi, Evimaria ; Kamra, Ashish ; Vakali, Athena
Author_Institution :
Purdue Univ., West Lafayette, IN
Abstract :
A considerable effort has been recently devoted to the development of database management systems (DBMS) which guarantee high assurance security and privacy. An important component of any strong security solution is represented by intrusion detection (ID) systems, able to detect anomalous behavior by applications and users. To date, however, there have been very few ID mechanisms specifically tailored to database systems. In this paper, we propose such a mechanism. The approach we propose to ID is based on mining database traces stored in log files. The result of the mining process is used to form user profiles that can model normal behavior and identify intruders. An additional feature of our approach is that we couple our mechanism with role based access control (RBAC). Under a RBAC system permissions are associated with roles, usually grouping several users, rather than with single users. Our ID system is able to determine role intruders, that is, individuals that while holding a specific role, have a behavior different from the normal behavior of the role. An important advantage of providing an ID mechanism specifically tailored to databases is that it can also be used to protect against insider threats. Furthermore, the use of roles makes our approach usable even for databases with large user population. Our preliminary experimental evaluation on both real and synthetic database traces show that our methods work well in practical situations
Keywords :
authorisation; data mining; database management systems; DBMS; RBAC-administered databases; anomalous behavior detection; assurance security solution; data privacy; database management system; database mining; intruder identification; intrusion detection system; role based access control; Access control; Data privacy; Data security; Database systems; Demography; Intrusion detection; Operating systems; Permission; Protection; Spatial databases;
Conference_Titel :
Computer Security Applications Conference, 21st Annual
Conference_Location :
Tucson, AZ
Print_ISBN :
0-7695-2461-3
DOI :
10.1109/CSAC.2005.33