Efficient Anomalous Database Transaction Detection and Proposed Solutions

anomalous database transaction detection n.w
1 / 7
Embed
Share

Explore the challenges in detecting anomalous transactions in databases along with proposed solutions to reduce false positives, detection time, and handle new attributes effectively. The importance of addressing false alerts is highlighted, and a detailed methodology involving training and detection phases is presented. Future work includes adapting detection algorithms based on database workload and measuring alert impact for effective prioritization.

  • Database Security
  • Anomaly Detection
  • False Positives
  • Proposed Solutions
  • Data Sensitivity
rayaanacharya
haymond_k Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Anomalous Database Transaction Detection By Harshith Reddy Sarabudla

  2. Anomaly detection approaches Command-centric focus on attack syntax Mostly capture attack queries that have similar columns but process or display different row contents from those of normal queries Data-centric focus on semantics Mostly capture attack queries that are similar in both columns and resulting datasets

  3. Limitations SELECT Name, Salary FROM Employee WHERE ID = 102 AND Dept_id = 3; Conversely, suppose we rewrite the above query as follows SELECT Name, Salary FROM Employee WHERE ID = 102 AND Dept_id = 3 AND Name IS NOT NULL; Both queries are syntactically different but produces the same result. However, the second syntax is likely to be flagged as anomalous and ends up be a false positive.

  4. Importance of problem: Abundance of false alerts (most of them being false positive) makes it difficult for the security analyst to identify successful attacks and to take remedial actions.

  5. Challenging aspects We propose a solution for detecting anomalous transactions in the database more efficiently while Focusing on reducing the number of false positives Reducing the detection time window Handling detection for newly added attributes

  6. Proposed solution Training Phase: Features that represent the syntax of the queries are extracted for legitimate transactions taken collected from DBMS audit logs. Features: SQL operations, attributes, user role, number of commands and command execution time Signatures are created for all legitimate transactions Detection Phase: Stage 1 Syntax based detection Compare Incoming transaction signature with collected signatures Stage 2 Data usage-based detection Attributes are grouped according to their frequency of usage for each user role and compared Stage 3 - Data sensitivity-based detection Compare the amount of sensitive information the transaction returns

  7. Future work Anomaly detection algorithms may be modified according to the workload or data size of the database Measure the impact of alerts for admin to prioritize them in taking action

Related


No related presentations.

More Related Content