Raid08 dbir
1
#-### title - PI - area #-### title - PI - area D D atabase atabase I I ntrusion ntrusion D D etection and etection and R R esponse esponse * * Ashish Kamra and Elisa Bertino [email protected] , [email protected] 1. Create profiles that succinctly represent user/application behavior interacting with a DBMS. 2. Develop efficient algorithms for detection of anomalous DB user/application behavior. 3. Develop novel strategies/mechanisms for responding to intrusions in context of a DBMS. 4. Implement our methods in the PostgreSQL DBMS and highlight implementation issues. * Supported by NSF under Grant No. 04302 System Architecture Query User Features Assessment Profile Creator Alarm Drop Query No Action Audit Log Training Queries TRAINING PHASE Detection Engine Response Engine Response Policy Base (Extended ECA Policies) Feature Selector Profiles Consult Contributions ON ---------{EVENT} IF-----------{CONDITIONS} THEN-------{ACTION} CONFIRM---{CONFIRMATION ACTION} ELSE--------{ALTERNATE ACTION} Supervised Learning: Roles as Classes Naïve Bayes Classifier Un-supervised Learning: Clustering methods Outlier Detection Test SQL QUERIES STORED AS ASSOCIATION RULES QUERY RULES query projection attributes => query selection attributes PREDICATE RULES LHS attributes => RHS attributes Future Work Detection Tasks
-
Upload
ashish-kamra -
Category
Technology
-
view
73 -
download
0
Transcript of Raid08 dbir
###-### title - PI - area###-### title - PI - area
DDatabase atabase IIntrusion ntrusion DDetection and etection and RResponseesponse**
Ashish Kamra and Elisa [email protected], [email protected]
1. Create profiles that succinctly represent user/application behavior interacting with a DBMS.
2. Develop efficient algorithms for detection of anomalous DB user/application behavior.
3. Develop novel strategies/mechanisms for responding to intrusions in context of a DBMS.
4. Implement our methods in the PostgreSQL DBMS and highlight implementation issues.
* Supported by NSF under Grant No. 0430274
System Architecture
Query
User
Features Assessment
Profile Creator
Alarm
Drop QueryNo Action
Audit Log
Training Queries
TRAINING PHASE
Detection Engine Response Engine
Response Policy Base(Extended ECA Policies)
Feature Selector
Profiles
Consult
Contributions
ON ---------{EVENT} IF-----------{CONDITIONS} THEN-------{ACTION} CONFIRM---{CONFIRMATION ACTION} ELSE--------{ALTERNATE ACTION}
Supervised Learning:Roles as Classes
Naïve Bayes ClassifierUn-supervised Learning:
Clustering methodsOutlier Detection Test
SQL QUERIES STORED ASASSOCIATION RULES
QUERY RULESquery projection attributes => query selection attributesPREDICATE RULESLHS attributes => RHS attributes
Future Work
Detection Tasks
