Abstract
There are many Intrusion Detection Systems (IDS) for networks and operating systems and there are few for Databases- despite the fact that the most valuable resources of every organization are in its databases. The number of database attacks has grown, especially since most databases are accessible from the web and satisfactory solutions to these kinds of attacks are still lacking.
We present DIWeDa - a practical solution for detecting intrusions to web databases. Contrary to any existing database intrusion detection method, our method works at the session level and not at the SQL statement or transaction level. We use a novel SQL Session Content Anomaly intrusion classifier and this enables us to detect not only most known attacks such as SQL Injections, but also more complex kinds of attacks such as Business Logic Violations. Our experiments implemented the proposed intrusion detection system prototype and showed its feasibility and effectiveness.
Chapter PDF
Similar content being viewed by others
References
Berkhin, P.: Survey of Clustering Data Mining Techniques. Tech. rep., In Accrue Software, San Jose, CA (2002)
Bertino, E., Terzi, E., Kamra, A., Vakali, A.: Intrusion Detection in RBAC-administered Databases. In: Proceeding of 21st Computer Security Applications Conference, USA (2005)
Buehrer, T., Weide, B.W., Sivilotti, P.A.G.: Using Parse Tree Validation to Prevent SQL Injection Attacks. In: Proceedings of the 5th international workshop on Software Engineering and Middleware, Portugal (2005)
Chung, C., Gertz, M., Levitt, K.: Demids: A misuse detection system for database systems. In: Proceedings of IFIP TC11 WG11 Third Working Conference (1999)
Halfond, W., Orso, A.: Preventing SQL Injection Attacks Using AMNESIA. In: Proceedings of 28th International Conference on Software Engineering, China (2006)
Hu, Y., Panda, B.: A Data Mining Approach for Database Intrusion Detection. In: Proceedings of the ACM Symposium on Applied computing, Cyprus, pp. 711–716 (2004)
Low, W.L., Lee, S.Y., Teoh, P.: DIDAFIT: Detecting Intrusions in Databases Through Fingerprinting. In: Proceedings of the 4th International Conference on Enterprise Information Systems (2002)
Mirkovic, J., Dietrich, S., Dittrich, D., Reiher, P.: Internet Denial of Service: Attack and Defense Mechanisms. Prentice Hall, Englewood Cliffs (2005)
Raskutti, B., Leckie, C.: An Evaluation of Criteria for Measuring the Quality of Clusters. In: Proceedings of the Sixteenth International Joint Conference on Artificial Intelligence, Sweden (1999)
Roichman, A., Gudes, E.: Fine-grained Access Control to Web Databases. In: Proceeding of 12th SACMAT Symposium, France (2007)
Seo, J., Shneiderman, B.: Understanding Hierarchical Clustering Results by Interactive Exploration of Dendrograms. A Case Study with Genomic Microarray Data, Tech. rep. IEEE Computer Society Press, Los Alamitos (2002)
Srivastava, A., Reddy, S.R.: Intertransaction Data Dependency for Intrusion Detection in Database Systems. Part of Information and System Security course, School of Information Technology. IIT Kharagpur (2005)
Tran, S., Mohan, M.: Use trusted context in DB2 client applications (2006), http://www.ibm.com/developerworks/db2/library/techarticle/dm-0609mohan/index.html
Woo, J., Lee, S., Zoltowski, C.: Database Auditing, http://www.cs.purdue.edu/homes/akamra/cs541/DB_auditing_survey_paper.pdf
Controlling Database Access, Oracle9i Database Concepts Release 2, http://download-west.oracle.com/docs/cd/B10501_01/server.920/a96524/c23acces.htm
Online Book-Store application. The open source from, http://www.gotocode.com/apps.asp?app_id=3&
Acunetix, http://www.acunetix.com/
Connection Pool, http://en.wikipedia.org/wiki/Connection_pool
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 IFIP International Federation for Information Processing
About this paper
Cite this paper
Roichman, A., Gudes, E. (2008). DIWeDa - Detecting Intrusions in Web Databases. In: Atluri, V. (eds) Data and Applications Security XXII. DBSec 2008. Lecture Notes in Computer Science, vol 5094. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-70567-3_24
Download citation
DOI: https://doi.org/10.1007/978-3-540-70567-3_24
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-70566-6
Online ISBN: 978-3-540-70567-3
eBook Packages: Computer ScienceComputer Science (R0)