PostgreSQL anomalous query detector

Shebaro, Bilal; Sallam, Asmaa; Kamra, Ashish; Bertino, Elisa

doi:10.1145/2452376.2452469

Cited by 11 publications

(6 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Since the safety of the RSA public key cryptography is already proven, a possible attack is to threaten PostgreSQL within the data processing node. The attack can be prevented by applying the solutions (e.g., PostgreSQL anomaly detector [31] and homogeneous encryption implementation for Relational DBMSs such as PostgreSQL [32]) that are DB security solutions to compensate for the security vulnerabilities of PostgreSQL DB. PostgreSQL also provides its own security solutions, such as access control lists (ACLs) [33] and encryption [34], which can be used to improve the key management security of our system.…”

Section: Secruity Analysismentioning

confidence: 99%

Development of User-Participatory Crowdsensing System for Improved Privacy Preservation

Kim

Yun

2020

Future Internet

View full text Add to dashboard Cite

Recently, crowdsensing, which can provide various sensing services using consumer mobile devices, is attracting considerable attention. The success of these services depends on active user participation and, thus, a proper incentive mechanism is essential. However, if the sensing information provided by a user includes personal information, and an attacker compromises the service provider, participation will be less active. Accordingly, personal information protection is an important element in crowdsensing services. In this study, we resolve this problem by separating the steps of sensing data processing and the reward payment process. An arbitrary node in a sensing data processing pool consisting of user nodes is selected for sensing data processing, and only the processing results are sent to the service provider server to reward the data providing node. The proposed user-participatory crowdsensing system is implemented on the Kaa Internet of things (IoT) platform to evaluate its performance and demonstrate its feasibility.

show abstract

Section: Secruity Analysismentioning

confidence: 99%

Development of User-Participatory Crowdsensing System for Improved Privacy Preservation

Kim

Yun

2020

Future Internet

View full text Add to dashboard Cite

show abstract

“…This attack can temporarily impair the availability of the DBMS during the recovery period. We rely on the existence of an IDS to detect the malicious transactions [7]. Note that the IDS alarm is received after the malicious transactions commit.…”

Section: Threat Modelmentioning

confidence: 99%

“…In this paper, we propose a new real-time response and recovery architecture, termed Partition-based Intrusion Management System (PIMS), for DBMSs. We assume that existing IDS, e.g., [4], [7], can be integrated with PIMS. PIMS is based on an adaptive access and admission control mechanism that responds to intrusions by selectively blocking segments of data that have been affected by the intrusion.…”

Section: Introductionmentioning

confidence: 99%

Design and Evaluation of A Data Partitioning-Based Intrusion Management Architecture for Database Systems

Felemban,

Javeed,

Kobes

et al. 2018

Preprint

View full text Add to dashboard Cite

Data-intensive applications exhibit increasing reliance on Database Management Systems (DBMSs, for short). With the growing cyber-security threats to government and commercial infrastructures, the need to develop high resilient cyber systems is becoming increasingly important. Cyber-attacks on DBMSs include intrusion attacks that may result in severe degradation in performance. Several efforts have been directed towards designing an integrated management system to detect, respond, and recover from malicious attacks. In this paper, we propose a data Partitioning-based Intrusion Management System (PIMS, for short) that can endure intense malicious intrusion attacks on DBMS. The novelty in PIMS is the ability to contain the damage into data partitions, termed Intrusion Boundaries (IBs, for short). The IB Demarcation Problem (IBDP, for short) is formulated as a mixed integer nonlinear programming. We prove that IBDP is NP-hard. Accordingly, two heuristic solutions for IBDP are introduced. The proposed architecture for PIMS includes novel IB-centric response and recovery mechanisms, which executes compensating transactions. PIMS is prototyped within PostgreSQL, an open-source DBMS. Finally, empirical and experimental performance evaluation of PIMS are conducted to demonstrate that intelligent partitioning of data tuples improves the overall availability of the DBMS under intrusion attacks.

show abstract

“…Syntax centric AD relies on the SQL query syntax to construct user profiles. Previous work by Kamra, Bertino et al proposed a role and user‐based syntax centric AD approach . Even though the methods proposed are computationally fast as they only need to parse the query in order to perform AD, some attributes of the query cannot be captured by relying upon the query syntax only, such as the size of the query result set and the characteristics of the portions of accessed tables that will show in the result.…”

Section: Related Workmentioning

confidence: 99%

Data and syntax centric anomaly detection for relational databases

Sallam

Fadolalkarim

Bertino

et al. 2016

WIREs Data Min & Knowl

Self Cite

View full text Add to dashboard Cite

Recent studies show that insider attacks that aim at exfiltrating data are very common and that these attacks are performed according to specific patterns. Protecting against such threats requires complementing existing security techniques, such as access control and encryption, with tools able to detect anomalies in data accesses. In this paper, we present a technique specifically tailored for detecting anomalous database accesses. Our technique extracts users’ access patterns based on both the syntax of the input queries and the amount of data in their output results. Our technique is based on mining SQL queries in database audit logs in order to form profiles of the normal users’ access patterns. New queries are checked upon these profiles, and deviations from these profiles are considered anomalous and thus indicative of possible attempts to exfiltrate or misuse the data. Our technique works under two application scenarios. The first is when the database has role‐based access control (RBAC) in place. Under an RBAC system, users belong to roles and privileges are associated with roles rather than individual users. For this scenario, we form profiles of roles which make our approach usable for database management systems (DBMSs) that have a large user population; in this scenario, we apply the naive Bayesian classifier which shows accurate results in practice. We also employ multilabeling classification to enhance accuracy when the access patterns are common to multiple roles. The second application scenario is when the DBMS does not apply RBAC. In this scenario, we apply the COBWEB clustering method. Experimental results indicate that our techniques are very effective. WIREs Data Mining Knowl Discov 2016, 6:231–239. doi: 10.1002/widm.1195 This article is categorized under: Application Areas > Science and Technology

show abstract

PostgreSQL anomalous query detector

Cited by 11 publications

References 8 publications

Development of User-Participatory Crowdsensing System for Improved Privacy Preservation

Development of User-Participatory Crowdsensing System for Improved Privacy Preservation

Design and Evaluation of A Data Partitioning-Based Intrusion Management Architecture for Database Systems

Data and syntax centric anomaly detection for relational databases

Contact Info

Product

Resources

About