Visible to the public Detection of Temporal Data Ex-Filtration Threats to Relational Databases

TitleDetection of Temporal Data Ex-Filtration Threats to Relational Databases
Publication TypeConference Paper
Year of Publication2018
AuthorsSallam, Asmaa, Bertino, Elisa
Conference Name2018 IEEE 4th International Conference on Collaboration and Internet Computing (CIC)
Keywordsanomalous access detection, anomaly detection, anomaly detection techniques, authorisation, composability, Data Analytics for Security, data theft, feature extraction, Human Behavior, insider threats, Inspection, Metrics, Monitoring, pubcrawl, query processing, Real-time Systems, relational database security, relational databases, Resiliency, Temporal Attacks, temporal data ex-filtration threat detection, Training, unauthorized access
AbstractAccording to recent reports, the most common insider threats to systems are unauthorized access to or use of corporate information and exposure of sensitive data. While anomaly detection techniques have proved to be effective in the detection of early signs of data theft, these techniques are not able to detect sophisticated data misuse scenarios in which malicious insiders seek to aggregate knowledge by executing and combining the results of several queries. We thus need techniques that are able to track users' actions across time to detect correlated ones that collectively flag anomalies. In this paper, we propose such techniques for the detection of anomalous accesses to relational databases. Our approach is to monitor users' queries, sequences of queries and sessions of database connection to detect queries that retrieve amounts of data larger than the normal. Our evaluation of the proposed techniques indicates that they are very effective in the detection of anomalies.
Citation Keysallam_detection_2018