Title :
An adaptive anomaly-based intrusion prevention system for databases
Author :
Emrick, Eric S. ; Yi Hu
Author_Institution :
Dept. of Comput. Sci., Northern Kentucky Univ., Highland Heights, KY, USA
Abstract :
Conventional database security can employ a wide range of access controls including database roles, fine-grained object access and virtual private databases. Access controls are used to protect against malicious attacks and to ensure that established database privileges are not misused. Intrusion detection systems can augment these controls by alerting the intrusion response team after an attack has occurred. While intrusion detection can assist forensic analysis, a passive response to detection can permit the inflicted damage to go undetected for a long period of time, allowing the damage to potentially propagate. In contrast, we propose an adaptive anomaly-based intrusion prevention system to secure the database from attacks. The approach requires the database to learn the activities considered normal using training data taken from production. The model adapts to stringent variations of the training data while in operation, reducing the potential for normal activities to be misclassified as malicious.
Keywords :
authorisation; data protection; database management systems; digital forensics; access controls; adaptive anomaly-based intrusion prevention system; database privileges; database roles; database security; fine-grained object access; forensic analysis; inflicted damage; intrusion detection systems; intrusion response team; malicious attacks protection; virtual private databases; Databases; Intrusion detection; Production; Semantics; Syntactics; Training data; Database; Database Security; Intrusion Prevention Systems; Security Algorithms;
Conference_Titel :
Systems, Man and Cybernetics (SMC), 2014 IEEE International Conference on
Conference_Location :
San Diego, CA
DOI :
10.1109/SMC.2014.6974450
