Abstract
This paper investigates the issues of malicious transactions by insiders in database systems. It establishes a number of rule sets to constrain the relationship between data items and transactions. A type of graph, called Predictive Dependency Graph, has been developed to determine data flow patterns among data items. This helps in foretelling which operation of a transaction has the ability to subsequently affect a sensitive data item. In addition, the paper proposes a mechanism to monitor suspicious insiders’ activities and potential harm to the database. With the help of the Predictive DependencyGraphs, the presented model predicts and prevents potential damage caused by malicious transactions.
Chapter PDF
Similar content being viewed by others
References
Mills, R.F., Peterson, G.L., Grimaila, M.R.: Insider Threat Prevention, Detection and Mitigation. In: Knapp, K.J. (ed.) Cyber Security and Global Information Assurance: Threat Analysis and Response Solution. U.S. Air Force Academy, Colorado, USA (2009)
Clark, D., Wilson, D.: A comparison of Commercial and Military Computer Security Policies. In: IEEE Symposium on Security & Privacy (1987)
Chung, C.Y., Gertz, M., Levitt, K.: Demids: A misuse detection system for database systems. In: 14th IFIP WG11.3 Working Conference on Database and Application Security (2000)
Lee, S.Y., Low, W.L., Wong, P.Y.: Learning Fingerprints for a Database Intrusion Detection System. In: 7th European Symposium on Research in Computer Security (2002)
Kamra, A., Bertino, E., Terzi, E.: Detecting anomalous access patterns in relational databases. The International Journal on Very Large Data Bases 17(5), 1063–1077 (2008)
Hu, Y., Panda, B.: Design and Analysis of Techniques for Detection of Malicious Activities in Database System. Journal of Network and System Management 13(3), 111–125 (2005)
Lee, W., Stolfo, S.J.: A framework for constructing features and models for intrusion detection system. ACM Transactions on Information and System Security 3(4), 227–261 (2000)
Meng, Y., Liu, P., Zang, W.: Multi-Version Attack Recovery for Workflow Systems. In: Proceedings of the 19th Annual Computer Security Applications Conference (2003)
Srivastava, A., Surai, S., Majumbar, A.K.: Weighted Intra Transaction Rules Mining for Database Intrusion Detection. In: Proceedings of the Pacific-Asia Knowledge Discovery and Data Mining (2006)
Ray, I., Poolsappasit, N.: Using Attack Trees to Identify Malicious Attacks from Authorized Insiders. In: Proceedings of the 10th European Symposium on Research in Computer Security (2005)
Martinez-Moyano, I., Rich, E., Conrad, S., Anderson, D.F., Stewart, T.R.: A Behavioral Theory of Insider-Threat Risk: A System Dynamic Approach. ACM Transactions on Modeling and Computer Simulation 18(2) (2008)
Yaseen, Q., Panda, B.: Predicting and Preventing Insider Threat in Relational Database Systems. In: Samarati, P., Tunstall, M., Posegga, J., Markantonakis, K., Sauveron, D. (eds.) WISTP 2010. LNCS, vol. 6033, pp. 368–383. Springer, Heidelberg (2010)
Yaseen, Q., Panda, B.: Malicious Modification attacks by Insiders in Relational Databases: Prediction and Prevention. In: 2nd IEEE International Conference on Information Privacy, Security, Risk and Trust (2010)
Newman, A.: Database Activity Monitoring: Intrusion Detection & Security Auditing. DAM Whitepaper, http://www.appsecinc.com/presentations/DAM_wp82305.pdf
Mogull, R.: Understanding and Selecting a Database Activity Monitoring Solution, http://www.securosis.com/reports/DAM-Whitepaper-final.pdf
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 IFIP International Federation for Information Processing
About this paper
Cite this paper
Li, W., Panda, B., Yaseen, Q. (2012). Malicious Users’ Transactions: Tackling Insider Threat. In: Gritzalis, D., Furnell, S., Theoharidou, M. (eds) Information Security and Privacy Research. SEC 2012. IFIP Advances in Information and Communication Technology, vol 376. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-30436-1_18
Download citation
DOI: https://doi.org/10.1007/978-3-642-30436-1_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-30435-4
Online ISBN: 978-3-642-30436-1
eBook Packages: Computer ScienceComputer Science (R0)