A System for Profiling and Monitoring Database Access Patterns by Application Programs for Anomaly Detection
作者: Lorenzo Bossi , Elisa Bertino , Syed Rafiul Hussain
关键词:
摘要: Database Management Systems (DBMSs) provide access control mechanisms that allow database administrators (DBAs) to grant application programs privileges databases. Though such are powerful, in practice finer-grained mechanism tailored the semantics of data stored DMBS is required as a first class defense against smart attackers. Hence, custom written applications which databases implement an additional layer control. Therefore, securing alone not enough for applications, attackers aiming at stealing can take advantage vulnerabilities privileged and make these issue malicious queries. An only prevent from accessing authorized, but it unable misuse authorized access. we need able detect behavior resulting previously applications. In this paper, present architecture anomaly detection mechanism, DetAnom , aims solve problem. Our approach based analysis profiling order create succinct representation its interaction with database. Such profile keeps signature every submitted query also corresponding constraints program must satisfy submit query. Later, phase, whenever issues query, module captures before reaches verifies current context application. If there mismatch, marked anomalous. The main our that, build profiles, neither any previous knowledge nor example possible attacks. As result, protect attacks code modification attacks, SQL injections, other data-centric well. We have implemented software testing technique called concolic PostgreSQL DBMS. Experimental results show close accurate, requires acceptable amount time, incurs low runtime overhead.
acm.org
computer.org
ieeecomputersociety.org参考文章(33)
Elisa Bertino, Ashish Kamra, James P. Early, Profiling Database Application to Detect SQL Injection Attacks international performance computing and communications conference. pp. 449- 458 ,(2007) , 10.1109/PCCC.2007.358926
P. Griffiths Selinger, M. M. Astrahan, D. D. Chamberlin, R. A. Lorie, T. G. Price, Access path selection in a relational database management system Proceedings of the 1979 ACM SIGMOD international conference on Management of data - SIGMOD '79. pp. 23- 34 ,(1979) , 10.1145/582095.582099
C. Cowan, F. Wagle, Calton Pu, S. Beattie, J. Walpole, Buffer overflows: attacks and defenses for the vulnerability of the decade darpa information survivability conference and exposition. ,vol. 2, pp. 119- 129 ,(2000) , 10.1109/DISCEX.2000.821514
Xiaokui Shu, Danfeng Yao, Barbara G. Ryder, A Formal Framework for Program Anomaly Detection recent advances in intrusion detection. pp. 270- 292 ,(2015) , 10.1007/978-3-319-26362-5_13
Asmaa Sallam, Elisa Bertino, Syed Rafiul Hussain, David Landers, R. Michael Lefler, Donald Steiner, DBSAFE—An Anomaly Detection System to Protect Databases From Exfiltration Attempts IEEE Systems Journal. ,vol. 11, pp. 483- 493 ,(2017) , 10.1109/JSYST.2015.2487221
William G.J. Halfond, Alessandro Orso, Jeremy Viegas, A Classification of SQL-Injection Attacks and Countermeasures Proceedings of the International Symposium on Secure Software Engineering. ,(2006)
Barton P. Miller, Somesh Jha, Jonathon T. Giffin, Efficient Context-Sensitive Intrusion Detection. network and distributed system security symposium. ,(2004)
Dawn M Cappelli, Randall F Trzeciak, Matthew Collins, Andrew P Moore, Tom Caron, Spotlight On: Programmers as Malicious Insiders -- Updated and Revised ,(2013)
Robin Ruefle, Carly Huth, Components and Considerations in Building an Insider Threat Program ,(2013)
Kui Xu, Danfeng Daphne Yao, Barbara G. Ryder, Ke Tian, Probabilistic Program Modeling for High-Precision Anomaly Classification 2015 IEEE 28th Computer Security Foundations Symposium. pp. 497- 511 ,(2015) , 10.1109/CSF.2015.37