Monitoring Insider Attack in Database Systems Using Multiple-Criteria Query Statement Probabilities

Sky Cheolmin Moon; Sam Chung; Barbara Endicott-Popovsky

Monitoring Insider Attack in Database Systems Using Multiple-Criteria Query Statement Probabilities

원문정보

Sky Cheolmin Moon, Sam Chung, Barbara Endicott-Popovsky

한국EA학회 정보화연구 제12권 3호 2015.09 pp.375-390 KCI 등재

피인용수 : 0건 (자료제공 : 네이버학술정보)

초록

영어

Any malicious attack on the database systems performed by an entrusted group of people having authorized access is called database insider attack. Even though the insider attack has been lively researched, it is still far from the practical application. We propose a new approach to improve the limitations in the previous researches. This approach has four objectives: (1) Multi-Preprocessing Algorithms to observe a query in multiple perspectives (2) Query Probabilities Based Database Insider Monitoring Methodology based upon Markov Mathematical Model to record insider’s behavioral patterns with query and query transition probabilities (3) Query Probabilities Time Series Graph to create metrics to monitor the insider’s behavior in order to predict insider attack, and (4) Multi-Criteria Query Probabilities Based Insider Attack Monitoring System containing the (1)–(3). The results from the evaluation show that the proposed system overcomes the limitations and is also capable to monitor insider’s behavioral data while the database is being updated.

Abstract
1. Introduction
2. Background
2.1 General Query Log in a Data Base Management System (DBMS) – MySQL
2.2 Syntax-Centric and Data-Centric Approaches
2.3 Log Analysis in the Cloud
3. Previous Work
4. Problem Statement and Objectives
4.1 Monitoring the insider’s behavioral patterns
4.2 Query preprocessing algorithms with multiple perspectives
4.3 Dynamic Data, no static data for a training set
5. Architecture of A Database Insider Attack Monitoring System
6. DB Log sender node
7. Preprocessor node
7.1 Approach
8. Logger node
8.1 NoSQL DB - Cassandra DB
9. Query Probability Calculator node
9.1 Approach
9.2 Invariant Property of Markov Chain
9.3 Query Probability Calculation using the Invariant Property of Markov Chain
9.4 Example
10. Monitor node
10.1 Approach
10.2 Calculation of the Total-Mean and the Lastk-Mean Based Insider Attack Monitoring
10.3 Presentation and Interpretation
11. MONITORING Anomalous QUERY and Behavior with Query Probabilities Time Series Graphs
11.1 Detecting Anomalous Query
11.2 Detecting Anomalous Behavior
12. Conclusion
References

키워드

저자정보

Sky Cheolmin Moon Computer Science & Systems, Institute of Technology, University of Washington, Tacoma, WA
Sam Chung School of Information Systems and Applied Technologies, College of Applied Sciences and Arts, Southern Illinois University, Carbondale, IL
Barbara Endicott-Popovsky Institute of Technology & Center for Information Assurance and Cybersecurity, University of Washington, Tacoma, WA

참고문헌

자료제공 : 네이버학술정보

함께 이용한 논문

※ 기관로그인 시 무료 이용이 가능합니다.

4,900원

0개의 논문이 장바구니에 담겼습니다.

earticle