Special Offers
- IGI Global’s New Emerging Topic e-Book Collections
  Acquire highly focused and affordable Cutting-Edge Peer-Reviewed Research Content through a selection of 17 topic-focused e-Book Collections discounted up to 90%, compared to list prices. Collection topics include Artificial Intelligence, Data Science, Language Learning, Marketing and Customer Relations, Sustainability, and many more. Hosted on the InfoSci^® platform, these collections feature no DRM, no additional cost for multi-user licensing, no embargo of content, full-text PDF & HTML format, and more.
  Learn More
- Open Access Book (Free Access) - Encyclopedia of Information Science and Technology, Sixth Edition (ISBN: 9781668473665)
  The Encyclopedia of Information Science and Technology, Sixth Edition) continues the legacy set forth by the first five editions by providing comprehensive coverage and up-to-date definitions of the most important issues, concepts, and trends pertaining to technological advancements and information management within a variety of settings and industries. The entire book is being published under open access.
  Read Now
- Open Access Book (Free Access) - Food Sustainability, Environmental Awareness, and Adaptation and Mitigation Strategies for Developing Countries (ISBN: 9781668456293)
  Food Sustainability, Environmental Awareness, and Adaptation and Mitigation Strategies for Developing Countries provides information on the recent technology, mitigation, and environmental protection that must be applied for food sustainability in developing countries. This book is being published under Platinum Open Access through funding from Diponegoro University, Indonesia.
  Read Now
- Open Access Book (Free Access) - New Models of Higher Education: Unbundled, Rebundled, Customized, and DIY (ISBN: 9781668438091)
  The Walmart Corporation and the Lumina Foundation have provided funding to make New Models of Higher Education: Unbundled, Rebundled, Customized, and DIY fully open access, completely removing any paywall between scholars in education and the latest research on new models for the future of higher education.
  Read Now
- Open Access Book (Free Access) - Handbook of Research on the Global View of Open Access and Scholarly Communications (ISBN: 9781799898054)
  Through a collaboration between IGI Global and the University of North Texas, the Handbook of Research on the Global View of Open Access and Scholarly Communications has been published as fully open access, completely removing any paywall between researchers of any field, and the latest research on the equitable and inclusive nature of Open Access and all of its complications.
  Read Now
Books
- - Books by Subject
  - Business, Administration, & Management
  - Scientific, Technical, & Medical (STM)
  - Education
  - Books by Field
Journals
- - Journals
  - OnDemand Journal Articles
  - Journals by Subject
  - Business, Administration, & Management
  - Scientific, Technical, & Medical (STM)
  - Education
  - Journals by Field
e-Collections
OnDemand
Open Access
- View All Open Access Opportunities
  Search across all of IGI Global’s available open access publishing opportunities to unleash your research potential.
  Find an Open Access Journal for Your Next Manuscript
  Search across all of IGI Global’s available open access publishing opportunities to unleash your research potential.
  Submit an Open Access Book Proposal
  Learn more about open access book publishing and how it can propel your research forward in the field.
  Convert Your Work to Open Access
  Already published? You can convert your work to open access to increase its impact through IGI Global’s Restrospective Open Access Program.
  Utilize Open Access Collection Database
  Open up your research potential by utilizing our open access content or integrating the open access collection into your library
  Consider Open Access Agreements
  For Libraries: consider no-cost or investment-level open access agreements with IGI Global to support your faculty's research endeavors.
  Search Funding Resources
  Looking for additional funding resources to support your open accesss endeavors? View industry resources compiled by our open access team.
  Review Open Access Policies & Ethical Guidelines
  Considering IGI Global to publish your work under open access? Review IGI Global’s open access policies and ethical guidelines
Publish with Us
Resources
- - Instructors
  - Course Adoption
  - Teaching Cases
  - K-12 Online Learning Collection
  - Authors and Editors
  - eEditorial Discovery^® System
  - Peer Review Process
  - Ethics and Malpractice
  - COPE Membership
  - Fair Use Policy
  - Open Access Publishing
  - FAQ
Catalogs
About Us

Methodology for Detecting Advanced Persistent Threats in Oracle Databases

Loye L. Ray, Henry Felch

Source Title: International Journal of Strategic Information Technology and Applications (IJSITA) 5(1)

DOI: 10.4018/ijsita.2014010104

OnDemand:

(Individual Articles)

Available

$37.50

Current Special Offers

No Current Special Offers

Abstract

Advanced persistent threats (APTs) have become a big problem for computer systems. Databases are vulnerable to these threats and can give attackers access to an organizations sensitive data. Oracle databases are at greater risk due to their heavy use as back-ends to corporate applications such as enterprise resource planning software. This paper will describe a methodology for finding APTs that may be hiding or operating deep within an Oracle database system. Using a deep understanding of Oracle normal operations provides a baseline to assist in discovering APT behavior. Incorporating these into a database intrusion detection system can raise the ability for finding these threats.

Article Preview

Top

Introduction

Today’s attackers are skilled at using a vast amount of sophisticated tools to gather information and attack their targets (Tankard, 2011). These attackers are using Advanced Persistent Threat (APTs) techniques that are proving hard to detect with todays security appliances. The combination of stealth, zero-day exploits, social engineering and multiple techniques contributes to this problem. Oracle databases are a prime target for attackers using APTs because of their storage of sensitive data. To combat this threat, one needs to establish a means to detect these activities within the database.

This paper provides some methods that can help in detecting APTs hiding or operating within oracle databases. The first section briefly describes what APTs are to better understand their purpose and how they operate. The second section describes various techniques to use in detecting them hiding or operating within an Oracle database. Using a combination of these techniques can greatly improve the possibility of finding APTs.

Overview of APTs

Before one can determine how to detect APTs, they need to understand just what is an APT. Also their means of operating is important to determining how to detect them.

What are They?

APTs are sophisticated cyber attacks to get valuable information. They use custom malware to gain leverage within a network. They may use a wide variety of tools and techniques to gain access to the target. They can vary their tools and techniques used depending on the target. The attackers are persistent and adjust their tactics to get around any protection mechanism in their way. This makes them difficult to detect and stop.

How do They Work?

APT attackers use an exploitation life cycle composed of seven steps. These include reconnaissance, initial entry, escalate privilege and being persistent in the attack (CA Technologies, 2012; Mandiant, 2010). An attacker selects a target and acquires information about it that can be exploited. They use infiltration by surveillance to gain as much information about the target (Brill, 2010; Sood & Enbody, 2012). Social engineering is an easy way of getting this information. The initial entry into a database can be done using several methods. One way is by the use of Universal Serial Bus (USB) drives loaded with malware or key loggers to gain information (Brill, 2010). Also APT malware can copy itself to the USB stick and spread to other machines that the stick is placed in.

Another way is to establish a web site to store their malware and send emails to unsuspecting victims. When a user clicks on a URL they are sent to the attackers site and the malicious software is downloaded. Then the malware establishes a command and control (C&C) communications pathway back to the attacker. From here the attacker can perform actions to gather information, destroy data or deface a system. One of these actions is to update the malware code and infrastructure used in the attack. These C&C paths may be encrypted to prevent easy detection (Mandiant, 2010). Now the attacker can look around and establish higher privileges or obtain passwords. They would be interested in discovering administrator accounts since they have elevated privileges into many systems. Next the attacker can install various utilities for carrying out their attack. Now they can establish a foothold and begin stealing data and setting up staging servers. They can also create many infected sites to use. If an infected system is found and taken down, the attacker finds out and moves operations to any infected machine on the same network. They may have several infected systems to use to hide their operations. They can also rotate these around to keep from being found. Thus increasing the difficulty in detecting APTs.

Complete Article List

Search this Journal:

Reset

Open Access Articles: Forthcoming

Volume 10: 4 Issues (2019)

Volume 9: 4 Issues (2018)

Volume 8: 4 Issues (2017)

Volume 7: 4 Issues (2016)

Volume 6: 4 Issues (2015)

Volume 5: 4 Issues (2014)

Volume 4: 4 Issues (2013)

Volume 3: 4 Issues (2012)

Volume 2: 4 Issues (2011)

Volume 1: 4 Issues (2010)

View Complete Journal Contents Listing

MLA

APA

Chicago

Export Reference