Database Intrusion Detection Systems (DIDs): Insider Threat Detection via Behavioural-based Anomaly Detection Systems - A Brief Survey of Concepts and Approaches

  title={Database Intrusion Detection Systems (DIDs): Insider Threat Detection via Behavioural-based Anomaly Detection Systems - A Brief Survey of Concepts and Approaches},
  author={Muhammad Imran Khan and Simon N. Foley and Barry O’Sullivan},
One of the data security and privacy concerns is of insider threats, where legitimate users of the system abuse the access privileges they hold. The insider threat to data security means that an insider steals or leaks sensitive personal information. Database Intrusion detection systems, specifically behavioural-based database intrusion detection systems, have been shown effective in detecting insider attacks. This paper presents background concepts on database intrusion detection systems in… 



Intrusion Detection Techniques

This chapter gives an overview of the existing intrusion detection techniques, including anomaly detection and misuse detection models, and identifies techniques related to intrusion detection in distributed systems.

A Semantic Approach to Frequency Based Anomaly Detection of Insider Access in Database Management Systems

A model of DBMS-oriented normal behavior is described that can be used to detect frequency based anomalies in database access and can be transformed into the more traditional role-oriented profiles.

Intrusion Detection: A Survey

This chapter provides the overview of the state of the art in intrusion detection research and provides taxonomy of computer intrusions, along with brief descriptions of major computer attack categories.

Mimicry attacks on host-based intrusion detection systems

This work introduces the notion of a mimicry attack, which allows a sophisticated attacker to cloak their intrusion to avoid detection by the IDS, and develops a theoretical framework for evaluating the security of an IDS against mimicry attacks.

Specification-based anomaly detection: a new approach for detecting network intrusions

Whereas feature selection was a crucial step that required a great deal of expertise and insight in the case of previous anomaly detection approaches, it is shown that the use of protocol specifications in the approach simplifies this problem.

Knowledge-based intrusion detection

The authors claim that integrating the two approaches in IDES provides for a comprehensive system for detecting intrusions as they occur.

Intrusion detection: a brief history and overview

The paper considers data collection issues, intrusion detection techniques, system effectiveness and network wide analysis of intrusion detection systems and their applications in the cloud.

Detecting intrusion transactions in databases using data item dependencies and anomaly analysis

The proposed approach to identifying malicious transactions is able to track normal transactions and detect malicious ones more effectively than existing approaches.

DBSAFE—An Anomaly Detection System to Protect Databases From Exfiltration Attempts

The design and evaluation of DBSAFE, a system to detect, alert on, and respond to anomalies in database access designed specifically for relational database management systems (DBMS), are presented.