DBMS Application Layer Intrusion Detection for Data Warehouses

  • Ricardo Jorge SantosEmail author
  • Jorge Bernardino
  • Marco Vieira
Conference paper


Data Warehouses (DWs) are used for producing business knowledge and aiding decision support. Since they store the secrets of the business, securing their data is critical. To accomplish this, several Database Intrusion Detection Systems (DIDS) have been proposed. However, when using DIDS in DWs, most solutions produce either too many false-positives (i.e., false alarms) that must be verified or too many false-negatives (i.e., true intrusions that pass undetected). Moreover, many approaches detect intrusions a posteriori which, given the sensitivity of DW data, may result in irreparable cost. To the best of our knowledge, no DIDS specifically tailored for DWs has been proposed. This paper examines intrusion detection from a data warehousing perspective and the reasons why traditional database security methods are not sufficient to avoid intrusions. We define the specific requirements for a DW DIDS and propose a conceptual approach for a real-time DIDS for DWs at the SQL command level that works transparently as an extension of the Database Management System (DBMS) between the user applications and the database server itself. A preliminary experimental evaluation using the TPC-H decision support benchmark is included to demonstrate the DIDS’ efficiency.


Intrusion Detection Risk Exposure Anomaly Detection Intrusion Detection System User Command 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Bockermann C, Apel M, Meier M (2009) Learning sql for database intrusion detection using context-sensitive modelling. In: Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 196–205). Springer Berlin HeidelbergGoogle Scholar
  2. 2.
    Fonseca J, Vieira M, Madeira H (2008, March). Online detection of malicious data access using DBMS auditing. In: Proceedings of the 2008 ACM symposium on Applied computing (pp. 1013–1020). ACMGoogle Scholar
  3. 3.
    Hu Y, Panda B (2004, March). A data mining approach for database intrusion detection. In: Proceedings of the 2004 ACM symposium on Applied computing (pp. 711–716). ACMGoogle Scholar
  4. 4.
    Jin X, Osborn SL (2007) Architecture for data collection in database intrusion detection systems. In: Secure data management (pp. 96–107). Springer Berlin HeidelbergGoogle Scholar
  5. 5.
    Kamra A, Terzi E, Bertino E (2008) Detecting anomalous access patterns in relational databases. Springer VLDB J 17(5):1063–1077CrossRefGoogle Scholar
  6. 6.
    Kimball R, Ross M (2002) The data warehouse toolkit, 2nd edn. Wiley, New YorkGoogle Scholar
  7. 7.
    Kundu A, Sural S, Majumdar AK (2010) Database intrusion detection using sequence alignment. Int J Inform Secur (9), 2010Google Scholar
  8. 8.
    Lee SY, Low WL, Wong PY (2002) Learning fingerprints for a database intrusion detection system. In: Computer Security—ESORICS 2002 (pp. 264–279). Springer Berlin HeidelbergGoogle Scholar
  9. 9.
    Lee VC, Stankovic JA, Son SH (2000) Intrusion detection in real-time database systems via time signatures. In: Real-Time Technology and Applications Symposium, 2000. RTAS 2000. Proceedings. Sixth IEEE (pp. 124–133). IEEEGoogle Scholar
  10. 10.
    Mathew S, Petropoulos M, Ngo HQ, Upadhyaya S (2010, January). A data-centric approach to insider attack detection in database systems. In: Recent Advances in Intrusion Detection (pp. 382–401). Springer Berlin HeidelbergGoogle Scholar
  11. 11.
    Newman AC (2011) Intrusion detection and security auditing in Oracle. Application Security Inc. White paperGoogle Scholar
  12. 12.
    Pietraszek T (2004, January). Using adaptive alert classification to reduce false positives in intrusion detection. In Recent Advances in Intrusion Detection (pp. 102–124). Springer Berlin HeidelbergGoogle Scholar
  13. 13.
    Pietraszek T, Tanner A (2005) Data mining and machine learning – towards reducing false positives in intrusion detection. Inform Secur Tech Rep 10(3):169–183CrossRefGoogle Scholar
  14. 14.
    Rao UP, Sahani GJ, Patel DR (2010) Clustering based machine learning approach for detecting intrusions in RBAC enabled databases. IJCNS 2(6)Google Scholar
  15. 15.
    Spalka A, Lehnhardt J (2005) A comprehensive approach to anomaly detection in relational databases. In: Data and Applications Security XIX (pp. 207–221). Springer Berlin HeidelbergGoogle Scholar
  16. 16.
    Srivastava A, Sural S, Majumdar AK (2006) Database intrusion detection using weighted sequence mining. J Computer 1(4)Google Scholar
  17. 17.
    Transaction Processing Council. Decision support benchmark TPC-H,
  18. 18.
    Treinen JJ, Thurimella R (2006, January). A framework for the application of association rule mining in large intrusion detection infrastructures. In: Recent Advances in Intrusion Detection (pp. 1–18). Springer Berlin HeidelbergGoogle Scholar
  19. 19.
    Yu Z, Tsai JP, Weigert T (2007) An automatically tuning intrusion detection system. IEEE T Syst Man Cy 37(2)Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2013

Authors and Affiliations

  • Ricardo Jorge Santos
    • 1
    Email author
  • Jorge Bernardino
    • 2
  • Marco Vieira
    • 1
  1. 1.CISUC – DEI – FCTUCUniversity of CoimbraCoimbraPortugal
  2. 2.CISUC – DEIS – ISECPolytechnic Institute of CoimbraCoimbraPortugal

Personalised recommendations