Database intrusion detection using role and user behavior based risk assessment. (December 2020)
- Record Type:
- Journal Article
- Title:
- Database intrusion detection using role and user behavior based risk assessment. (December 2020)
- Main Title:
- Database intrusion detection using role and user behavior based risk assessment
- Authors:
- Singh, Indu
Kumar, Narendra
K.G., Srinivasa
Sharma, Tript
Kumar, Vaibhav
Singhal, Siddharth - Abstract:
- Abstract: Present-day organizations continue to expose their critical information infrastructures over the Internet for facilitating accessibility; substantially raising concerns about the security of data from both outsiders and insiders. In this paper, we propose a novel approach for detecting intrusive attacks on databases by assessing the risk for incoming transaction based upon the conflation of multiple behavior-based components for the user. In a database intrusion detection system for a role-based access (RBAC) environment, it is not sufficient to focus on role-based features as every user within the same role has a degree of uniqueness. Moreover, traditional database intrusion detection systems classify the incoming transactions into two classes (Malicious or Non-malicious), taking the same action for all transactions that are labeled as malicious irrespective of the damage it can cause to the system. Our approach, Role and User Behavior-based Risk Assessment (RUBRA) uses both role-behavior and user-behavior based features for detecting an intrusive attack. Further, we also quantify the risk associated with the incoming transaction, streamlining the countermeasure process. Experiments on stochastic datasets show promising results on both detection and labeling of malicious transactions. Highlights: A robust algorithm for DIDS which assesses risk associated with incoming transaction and selects the response from a suite of countermeasures. A novel framework forAbstract: Present-day organizations continue to expose their critical information infrastructures over the Internet for facilitating accessibility; substantially raising concerns about the security of data from both outsiders and insiders. In this paper, we propose a novel approach for detecting intrusive attacks on databases by assessing the risk for incoming transaction based upon the conflation of multiple behavior-based components for the user. In a database intrusion detection system for a role-based access (RBAC) environment, it is not sufficient to focus on role-based features as every user within the same role has a degree of uniqueness. Moreover, traditional database intrusion detection systems classify the incoming transactions into two classes (Malicious or Non-malicious), taking the same action for all transactions that are labeled as malicious irrespective of the damage it can cause to the system. Our approach, Role and User Behavior-based Risk Assessment (RUBRA) uses both role-behavior and user-behavior based features for detecting an intrusive attack. Further, we also quantify the risk associated with the incoming transaction, streamlining the countermeasure process. Experiments on stochastic datasets show promising results on both detection and labeling of malicious transactions. Highlights: A robust algorithm for DIDS which assesses risk associated with incoming transaction and selects the response from a suite of countermeasures. A novel framework for creating user profiles based upon fingerprinting legitimate transactions for a user. A novel method for agglomeration of different behavioral checks, i.e combining results of the user, role and temporal analysis as one. … (more)
- Is Part Of:
- Journal of information security and applications. Volume 55(2020)
- Journal:
- Journal of information security and applications
- Issue:
- Volume 55(2020)
- Issue Display:
- Volume 55, Issue 2020 (2020)
- Year:
- 2020
- Volume:
- 55
- Issue:
- 2020
- Issue Sort Value:
- 2020-0055-2020-0000
- Page Start:
- Page End:
- Publication Date:
- 2020-12
- Subjects:
- Database intrusion detection -- User and role behavior analysis -- Weighted sequential pattern mining -- Dynamic sensitivity -- Temporal analysis -- Risk assessment
Computer security -- Periodicals
Information technology -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/ ↗
- DOI:
- 10.1016/j.jisa.2020.102654 ↗
- Languages:
- English
- ISSNs:
- 2214-2126
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - BLDSS-3PM
British Library STI - ELD Digital store - Ingest File:
- 22654.xml