Welcome to the InfoSci Platform
Reference Hub1
DBMS Log Analytics for Detecting Insider Threats in Contemporary Organizations

DBMS Log Analytics for Detecting Insider Threats in Contemporary Organizations

Muhammad Imran Khan, Simon N. Foley, Barry O'Sullivan
Copyright: © 2019 |Pages: 28
ISBN13: 9781522559849|ISBN10: 1522559841|ISBN13 Softcover: 9781522587880|EISBN13: 9781522559856
DOI: 10.4018/978-1-5225-5984-9.ch010
Cite Chapter Cite Chapter

MLA

Khan, Muhammad Imran, et al. "DBMS Log Analytics for Detecting Insider Threats in Contemporary Organizations." Security Frameworks in Contemporary Electronic Government, edited by Ryma Abassi and Aida Ben Chehida Douss, IGI Global, 2019, pp. 207-234. https://doi.org/10.4018/978-1-5225-5984-9.ch010

APA

Khan, M. I., Foley, S. N., & O'Sullivan, B. (2019). DBMS Log Analytics for Detecting Insider Threats in Contemporary Organizations. In R. Abassi & A. Ben Chehida Douss (Eds.), Security Frameworks in Contemporary Electronic Government (pp. 207-234). IGI Global. https://doi.org/10.4018/978-1-5225-5984-9.ch010

Chicago

Khan, Muhammad Imran, Simon N. Foley, and Barry O'Sullivan. "DBMS Log Analytics for Detecting Insider Threats in Contemporary Organizations." In Security Frameworks in Contemporary Electronic Government, edited by Ryma Abassi and Aida Ben Chehida Douss, 207-234. Hershey, PA: IGI Global, 2019. https://doi.org/10.4018/978-1-5225-5984-9.ch010

Export Reference

Mendeley
Favorite

Abstract

Insiders are legitimate users of a system; however, they pose a threat because of their granted access privileges. Anomaly-based intrusion detection approaches have been shown to be effective in the detection of insiders' malicious behavior. Database management systems (DBMS) are the core of any contemporary organization enabling them to store and manage their data. Yet insiders may misuse their privileges to access stored data via a DBMS with malicious intentions. In this chapter, a taxonomy of anomalous DBMS access detection systems is presented. Secondly, an anomaly-based mechanism that detects insider attacks within a DBMS framework is proposed whereby a model of normative behavior of insiders n-grams are used to capture normal query patterns in a log of SQL queries generated from a synthetic banking application system. It is demonstrated that n-grams do capture the short-term correlations inherent in the application. This chapter also outlines challenges pertaining to the design of more effective anomaly-based intrusion detection systems to detect insider attacks.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.