| Title | Towards Modelling Insiders Behaviour as Rare Behaviour to Detect Malicious RDBMS Access |
| Publication Type | Conference Paper |
| Year of Publication | 2018 |
| Authors | Khan, Muhammad Imran, O’Sullivan, Barry, Foley, Simon N. |
| Conference Name | 2018 IEEE International Conference on Big Data (Big Data) |
| Keywords | access control mechanisms, and Data mining, anomaly-based Intrusion Detection Systems, application data, authorisation, Big Data, composability, data leakage, data mining, Data models, Database intrusion detection, Database monitoring, detect malicious RDBMS access, Human Behavior, insider attacks, insider threats, malicious access, malicious insiders, malicious RDBMS accesses, Metrics, Organizations, persistent concern, pubcrawl, query processing, RDBMS, relational database management systems, relational database security, relational databases, Resiliency, security of data, SQL, SQL queries, towards modelling insiders, Training, unauthorized employees |
| Abstract | The heart of any enterprise is its databases where the application data is stored. Organizations frequently place certain access control mechanisms to prevent access by unauthorized employees. However, there is persistent concern about malicious insiders. Anomaly-based intrusion detection systems are known to have the potential to detect insider attacks. Accurate modelling of insiders behaviour within the framework of Relational Database Management Systems (RDBMS) requires attention. The majority of past research considers SQL queries in isolation when modelling insiders behaviour. However, a query in isolation can be safe, while a sequence of queries might result in malicious access. In this work, we consider sequences of SQL queries when modelling behaviours to detect malicious RDBMS accesses using frequent and rare item-sets mining. Preliminary results demonstrate that the proposed approach has the potential to detect malicious RDBMS accesses by insiders. |
| DOI | 10.1109/BigData.2018.8622047 |
| Citation Key | khan_towards_2018 |
Towards Modelling Insiders Behaviour as Rare Behaviour to Detect Malicious RDBMS Access