Skip to main content
Log in

Intrusion detection system for data warehouse with second level authentication

  • Original Research
  • Published:
International Journal of Information Technology Aims and scope Submit manuscript

Abstract

Data Warehouse (DW) security has always been a critical challenge for DW designers because of its global availability and accessibility. Over time, different researchers have suggested different DW security solutions, such as Role Based Access Controls (RBAC), Extended RBAC, Temporal RBAC (TRBAC), Risk-based access control, etc. Intrusion Detection System (IDS) and some other customized security solutions for DWs have also been proposed. Here, Risk-based access control provides additional security by utilizing risk value for each access decision. In RBAC systems, if an attacker obtains access to the system using some compromised credentials, the RBACs has no mechanism to secure DW elements which are accessible to the compromised user's role. The Intrusion Detection System (IDS) aims to solve this limitation; it monitors the user activities and alerts the system administrator whenever a user deviates from routine behavior. However, in the IDS solution for DWs, most of the real intrusions go undetected. In this work, we propose a second level authentication within the IDS, where a minute deviation from the user’s past behavior is detected. It brings more robustness to the user's historical profile and makes the system less susceptible to false negatives. The proposed solution has been implemented on standard TPC-H databases, and results indicate a significant decrease in undetected real intrusions, which is one of the main achievements of the proposed mechanism.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

References

  1. Inmon WH (1991) Building the data warehouse. Wiley and Sons, New York

    Google Scholar 

  2. Santos RJ, Bernardino J, Vieira M (2014) Approaches and challenges in database intrusion detection. ACM SIGMOD Rec 43:36–47

    Article  Google Scholar 

  3. Debar H, Dacier M, Wespi A (1999) Towards a taxonomy of intrusion-detection systems. Springer, Heidelberg 31:805–822. https://doi.org/10.1016/S1389-1286(98)00017-6

  4. Thuraisingham B, Iyer S (2007) Extended RBAC—based design and implementation for a secure data warehouse. ARES’07. IEEE, Vienna, pp 367–382

    Google Scholar 

  5. Santos RJ, Bernardino J, Vieira M (2013) DBMS application layer intrusion detection for data warehouses. In: Building sustainable information systems. Springer, Boston

  6. Gosain A, Arora A (2015) Security issues in data warehouse: a systematic review. Elsevier, Amsterdam, pp 149–157

    Google Scholar 

  7. Sandhu R (1995) Issues in RBAC. In: RBAC ’95. ACM, New York, Gaithersburg, Maryland, USA, p 6

  8. Emre U, Vijayalakshmi A, Jaideep V et al (2014) Security analysis for temporal role based access control. J Comput Secur 22:961–996

    Article  Google Scholar 

  9. Ali S, Rauf A, Khusro S et al (2014) An authorization model to access the summarized data of data warehouse. Life Sci J 11:608–610

    Google Scholar 

  10. Shaikh RA, Adi K, Logrippo L (2012) Dynamic risk-based decision methods for access control systems. Comput Secur 31:447–464. https://doi.org/10.1016/j.cose.2012.02.006

    Article  Google Scholar 

  11. Singh PB, Chugh U, Kathuria M (2019) A review on intrusion detection system. Int Res J Eng Technol (IRJET) 6:1351–1358

    Google Scholar 

  12. Pietraszek T (2004) Using adaptive alert classification to reduce false positives in intrusion detection. International workshop on recent advances in intrusion detection. Springer, Berlin, Heidelberg, pp 102–124

    Chapter  Google Scholar 

  13. Pietraszek T, Tanner A (2005) Data mining and machine learning—towards reducing false positives in intrusion detection, vol 10. Elsevier, Amsterdam, pp 169–183. https://doi.org/10.1016/j.istr.2005.07.001

    Book  Google Scholar 

  14. Hu Y, Panda B (2004) A data mining approach for database intrusion detection. In: SAC ’04: Proceedings of the 2004 ACM symposium on Applied computing. Association for Computing Machinery, New York, NY, United States, Nicosia, Cyprus, pp 711–716

  15. Bockermann C, Apel M, Meier M (2009) Learning SQL for database intrusion detection using context-sensitive modelling. Detection of intrusions and malware, and vulnerability assessment, DIMVA 2009. Springer, Berlin, Heidelberg, pp 196–205

    Chapter  Google Scholar 

  16. Ficke E, Schweitzer KM, Bateman RM, Xu S (2019) Analyzing Root Causes of Intrusion Detection False-Negatives: Methodology and Case Study. In: MILCOM 2019—2019 IEEE Military Communications Conference (MILCOM). pp 1–6

  17. Joshi JBD, Bertino E, Latif U, Ghafoor A (2005) A generalized temporal role-based access control model. IEEE Trans Knowl Data Eng 17:4–23. https://doi.org/10.1109/TKDE.2005.1

    Article  Google Scholar 

  18. Atluri V, Gal A (2002) An authorization model for temporal and derived data: securing information portals. ACM Trans Inf Syst Secur 5:62–94. https://doi.org/10.1145/504909.504912

    Article  Google Scholar 

  19. Ray I, Toahchoodee M (2007) A spatio-temporal role-based access control Model. In: Barker S, Ahn G-J (eds) Data and applications security XXI. Springer, Berlin Heidelberg, pp 211–226

    Chapter  Google Scholar 

  20. Uzun E, Atluri V, Vaidya J et al (2014) Security analysis for temporal role based access control. J Comput Secur 22:961–996. https://doi.org/10.3233/JCS-140510

    Article  Google Scholar 

  21. Atlam HF, Azad MA, Alassafi MO et al (2020) Risk-based access control model: a systematic literature review. Future Internet 12:103

    Article  Google Scholar 

  22. Anil S, Remya R (2013) A hybrid method based on genetic algorithm, self-organised feature map, and support vector machine for better network anomaly detection. In: 2013 Fourth International Conference on Computing, Communications and Networking Technologies (ICCCNT). IEEE, pp 1–5

  23. Divya T, Muniasamy K (2015) Real-time intrusion prediction using hidden markov model with genetic algorithm. In: Suresh LP, Dash SS, Panigrahi BK (eds) Artificial Intelligence and evolutionary algorithms in engineering systems. Springer India, New Delhi, pp 731–736

    Chapter  Google Scholar 

  24. Ramachandran R, Arya P, Jayanthi PG (2017) A novel method for intrusion detection in relational databases. In: 2017 International Conference on Advances in Computing, Communications and Informatics (ICACCI). IEEE, Udupi, India

  25. Ramachandran R, Nidhin R, Shogil PP (2018) Anomaly detection in role administered relational databases—a novel method. In: 2018 International conference on advances in computing, communications and informatics (ICACCI). IEEE, Bangalore, India

  26. Rao UP, Sahani GJ, Patel DR (2010) Machine learning proposed approach for detecting database intrusions in RBAC enabled databases. In: 2010 second international conference on computing, communication and networking technologies. pp 1–4

  27. Darwish SM, Guirguis SK, Ghozlan MM (2013) Intrusion detection in role administrated database: transaction-based approach. In: 2013 8th international conference on computer engineering systems (ICCES). pp 73–79

  28. Darwish SM (2016) Machine learning approach to detect intruders in database based on hexplet data structure. J Electr Syst Inf Technol 3:261–269. https://doi.org/10.1016/j.jesit.2015.12.001

    Article  Google Scholar 

  29. Mathew S, Petropoulos M, Ngo HQ, Upadhyaya S (2010) A data-centric approach to insider attack detection in database systems. In: Jha S, Sommer R, Kreibich C (eds) Recent advances in intrusion detection. Springer, Berlin Heidelberg, Berlin, Heidelberg, pp 382–401

    Chapter  Google Scholar 

  30. Anderson RH, Brackney RC (2004) Understanding the insider threat. In: Proceedings of a March 2004 workshop. RAND CORP SANTA MONICA CA

  31. Kamra A, Terzi E, Bertino E (2008) Detecting anomalous access patterns in relational databases. Springer-Verlag 17:1063–1077. https://doi.org/10.1007/s00778-007-0051-4

  32. Parmar J, Jain P (2013) A different approach of intrusion detection and Response System for Relational Databases. In: 2013 International Conference on Green Computing, Communication and Conservation of Energy (ICGCE). pp 894–899

  33. dos Santos DR, Marinho R, Schmitt GR et al (2016) A framework and risk assessment approaches for risk-based access control in the cloud. J Netw Comput Appl 74:86–97. https://doi.org/10.1016/j.jnca.2016.08.013

    Article  Google Scholar 

  34. Gosain A, Arora A (2016) Two Level Signature Based Authorization Model for Secure Data Warehouse. Springer, Singapore, pp 251–257

    Google Scholar 

  35. Anuar NB, Sallehudin H, Gani A, Zakaria O (2008) Identifying false alarm for network intrusion detection system using hybrid data mining and decision tree. Malays J Comput Sci 21:101–115

    Article  Google Scholar 

  36. Gowadia V, Farkas C, Valtorta M (2005) PAID: a probabilistic agent-based intrusion detection system. Comput Secur 24:529–545. https://doi.org/10.1016/j.cose.2005.06.008

    Article  Google Scholar 

  37. TPC (2018) TPC Benchmark H, Decision Support Benchmark. In: TPC-H. http://www.tpc.org/tpch/. Accessed 26 Mar 2020

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Amar Arora.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Arora, A., Gosain, A. Intrusion detection system for data warehouse with second level authentication. Int. j. inf. tecnol. 13, 877–887 (2021). https://doi.org/10.1007/s41870-021-00659-1

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s41870-021-00659-1

Keywords

Navigation