DBSAFE-An Anomaly Detection System to Protect Databases From Exfiltration Attempts

被引：17

作者：

Sallam, Asmaa ^{[1
,2
]}

Bertino, Elisa ^{[1
,2
]}

Hussain, Syed Rafiul ^{[1
,2
]}

Landers, David ^{[3
]}

Lefler, R. Michael ^{[4
]}

Steiner, Donald ^{[3
]}

机构：

[1] CERIAS, Cyber Ctr, W Lafayette, IN 47907 USA

[2] Purdue Univ, Dept Comp Sci, W Lafayette, IN 47907 USA

[3] Northrop Grumman Corp, Informat Syst Sector, Falls Church, VA 22042 USA

[4] Northrop Grumman Corp, Enterprise Shared Serv Org, Falls Church, VA 22042 USA

来源：

IEEE SYSTEMS JOURNAL | 2017年 / 11卷 / 02期

关键词：

Data engineering; data systems; information security;

D O I：

10.1109/JSYST.2015.2487221

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Attempts by insiders to exfiltrate data have become a severe threat to the enterprise. Conventional data security techniques, such as access control and encryption, must be augmented with techniques to detect anomalies in data access that may indicate exfiltration attempts. In this paper, we present the design and evaluation of DBSAFE, a system to detect, alert on, and respond to anomalies in database access designed specifically for relational database management systems (DBMS). The system automatically builds and maintains profiles of normal user and application behavior, based on their interaction with the monitored database during a training phase. The system then uses these profiles to detect anomalous behavior that deviates from normality. Once an anomaly is detected, the system uses predetermined policies guiding automated and/or human response to the anomaly. The DBSAFE architecture does not impose any restrictions on the type of the monitored DBMS. Evaluation results indicate that the proposed techniques are indeed effective in detecting anomalies.

引用

页码：483 / 493

页数：11

共 20 条

[11]

Lee SY, 2002, LECT NOTES COMPUT SC, V2502, P264

[12]

Li W., 2012, LECT NOTES COMPUTER, V7671, P223

[13]

Mathew S, 2010, LECT NOTES COMPUT SC, V6307, P382, DOI 10.1007/978-3-642-15512-3_20

[14] POSTER: Protecting Against Data Exfiltration Insider Attacks Through Application Programs [J].

Sallam, Asmaa ;

Bertino, Elisa .

CCS'14: PROCEEDINGS OF THE 21ST ACM CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, 2014, :1493-1495

[15]

Shebaro B., 2013, Proceedings of the 16th International Conference on Extending Database Technology, EDBT '13, P741

[16]

Spalka A, 2005, LECT NOTES COMPUT SC, V3654, P207

[17]

Xiong HJ, 2009, LECT NOTES COMPUT SC, V5927, P293, DOI 10.1007/978-3-642-11145-7_23

[18]

Yaseen Qussai, 2009, 2009 International Conference on Computational Science and Engineering (CSE), P450, DOI 10.1109/CSE.2009.159

[19]

Yaseen Q, 2010, LECT NOTES COMPUT SC, V6033, P368, DOI 10.1007/978-3-642-12368-9_30

[20]

Zhang H, 2014, P 9 ACM S INF COMP C, P39

← 1 2 →