Abstract
Data Warehouse (DW) security has always been a critical challenge for DW designers because of its global availability and accessibility. Over time, different researchers have suggested different DW security solutions, such as Role Based Access Controls (RBAC), Extended RBAC, Temporal RBAC (TRBAC), Risk-based access control, etc. Intrusion Detection System (IDS) and some other customized security solutions for DWs have also been proposed. Here, Risk-based access control provides additional security by utilizing risk value for each access decision. In RBAC systems, if an attacker obtains access to the system using some compromised credentials, the RBACs has no mechanism to secure DW elements which are accessible to the compromised user's role. The Intrusion Detection System (IDS) aims to solve this limitation; it monitors the user activities and alerts the system administrator whenever a user deviates from routine behavior. However, in the IDS solution for DWs, most of the real intrusions go undetected. In this work, we propose a second level authentication within the IDS, where a minute deviation from the user’s past behavior is detected. It brings more robustness to the user's historical profile and makes the system less susceptible to false negatives. The proposed solution has been implemented on standard TPC-H databases, and results indicate a significant decrease in undetected real intrusions, which is one of the main achievements of the proposed mechanism.
Similar content being viewed by others
References
Inmon WH (1991) Building the data warehouse. Wiley and Sons, New York
Santos RJ, Bernardino J, Vieira M (2014) Approaches and challenges in database intrusion detection. ACM SIGMOD Rec 43:36–47
Debar H, Dacier M, Wespi A (1999) Towards a taxonomy of intrusion-detection systems. Springer, Heidelberg 31:805–822. https://doi.org/10.1016/S1389-1286(98)00017-6
Thuraisingham B, Iyer S (2007) Extended RBAC—based design and implementation for a secure data warehouse. ARES’07. IEEE, Vienna, pp 367–382
Santos RJ, Bernardino J, Vieira M (2013) DBMS application layer intrusion detection for data warehouses. In: Building sustainable information systems. Springer, Boston
Gosain A, Arora A (2015) Security issues in data warehouse: a systematic review. Elsevier, Amsterdam, pp 149–157
Sandhu R (1995) Issues in RBAC. In: RBAC ’95. ACM, New York, Gaithersburg, Maryland, USA, p 6
Emre U, Vijayalakshmi A, Jaideep V et al (2014) Security analysis for temporal role based access control. J Comput Secur 22:961–996
Ali S, Rauf A, Khusro S et al (2014) An authorization model to access the summarized data of data warehouse. Life Sci J 11:608–610
Shaikh RA, Adi K, Logrippo L (2012) Dynamic risk-based decision methods for access control systems. Comput Secur 31:447–464. https://doi.org/10.1016/j.cose.2012.02.006
Singh PB, Chugh U, Kathuria M (2019) A review on intrusion detection system. Int Res J Eng Technol (IRJET) 6:1351–1358
Pietraszek T (2004) Using adaptive alert classification to reduce false positives in intrusion detection. International workshop on recent advances in intrusion detection. Springer, Berlin, Heidelberg, pp 102–124
Pietraszek T, Tanner A (2005) Data mining and machine learning—towards reducing false positives in intrusion detection, vol 10. Elsevier, Amsterdam, pp 169–183. https://doi.org/10.1016/j.istr.2005.07.001
Hu Y, Panda B (2004) A data mining approach for database intrusion detection. In: SAC ’04: Proceedings of the 2004 ACM symposium on Applied computing. Association for Computing Machinery, New York, NY, United States, Nicosia, Cyprus, pp 711–716
Bockermann C, Apel M, Meier M (2009) Learning SQL for database intrusion detection using context-sensitive modelling. Detection of intrusions and malware, and vulnerability assessment, DIMVA 2009. Springer, Berlin, Heidelberg, pp 196–205
Ficke E, Schweitzer KM, Bateman RM, Xu S (2019) Analyzing Root Causes of Intrusion Detection False-Negatives: Methodology and Case Study. In: MILCOM 2019—2019 IEEE Military Communications Conference (MILCOM). pp 1–6
Joshi JBD, Bertino E, Latif U, Ghafoor A (2005) A generalized temporal role-based access control model. IEEE Trans Knowl Data Eng 17:4–23. https://doi.org/10.1109/TKDE.2005.1
Atluri V, Gal A (2002) An authorization model for temporal and derived data: securing information portals. ACM Trans Inf Syst Secur 5:62–94. https://doi.org/10.1145/504909.504912
Ray I, Toahchoodee M (2007) A spatio-temporal role-based access control Model. In: Barker S, Ahn G-J (eds) Data and applications security XXI. Springer, Berlin Heidelberg, pp 211–226
Uzun E, Atluri V, Vaidya J et al (2014) Security analysis for temporal role based access control. J Comput Secur 22:961–996. https://doi.org/10.3233/JCS-140510
Atlam HF, Azad MA, Alassafi MO et al (2020) Risk-based access control model: a systematic literature review. Future Internet 12:103
Anil S, Remya R (2013) A hybrid method based on genetic algorithm, self-organised feature map, and support vector machine for better network anomaly detection. In: 2013 Fourth International Conference on Computing, Communications and Networking Technologies (ICCCNT). IEEE, pp 1–5
Divya T, Muniasamy K (2015) Real-time intrusion prediction using hidden markov model with genetic algorithm. In: Suresh LP, Dash SS, Panigrahi BK (eds) Artificial Intelligence and evolutionary algorithms in engineering systems. Springer India, New Delhi, pp 731–736
Ramachandran R, Arya P, Jayanthi PG (2017) A novel method for intrusion detection in relational databases. In: 2017 International Conference on Advances in Computing, Communications and Informatics (ICACCI). IEEE, Udupi, India
Ramachandran R, Nidhin R, Shogil PP (2018) Anomaly detection in role administered relational databases—a novel method. In: 2018 International conference on advances in computing, communications and informatics (ICACCI). IEEE, Bangalore, India
Rao UP, Sahani GJ, Patel DR (2010) Machine learning proposed approach for detecting database intrusions in RBAC enabled databases. In: 2010 second international conference on computing, communication and networking technologies. pp 1–4
Darwish SM, Guirguis SK, Ghozlan MM (2013) Intrusion detection in role administrated database: transaction-based approach. In: 2013 8th international conference on computer engineering systems (ICCES). pp 73–79
Darwish SM (2016) Machine learning approach to detect intruders in database based on hexplet data structure. J Electr Syst Inf Technol 3:261–269. https://doi.org/10.1016/j.jesit.2015.12.001
Mathew S, Petropoulos M, Ngo HQ, Upadhyaya S (2010) A data-centric approach to insider attack detection in database systems. In: Jha S, Sommer R, Kreibich C (eds) Recent advances in intrusion detection. Springer, Berlin Heidelberg, Berlin, Heidelberg, pp 382–401
Anderson RH, Brackney RC (2004) Understanding the insider threat. In: Proceedings of a March 2004 workshop. RAND CORP SANTA MONICA CA
Kamra A, Terzi E, Bertino E (2008) Detecting anomalous access patterns in relational databases. Springer-Verlag 17:1063–1077. https://doi.org/10.1007/s00778-007-0051-4
Parmar J, Jain P (2013) A different approach of intrusion detection and Response System for Relational Databases. In: 2013 International Conference on Green Computing, Communication and Conservation of Energy (ICGCE). pp 894–899
dos Santos DR, Marinho R, Schmitt GR et al (2016) A framework and risk assessment approaches for risk-based access control in the cloud. J Netw Comput Appl 74:86–97. https://doi.org/10.1016/j.jnca.2016.08.013
Gosain A, Arora A (2016) Two Level Signature Based Authorization Model for Secure Data Warehouse. Springer, Singapore, pp 251–257
Anuar NB, Sallehudin H, Gani A, Zakaria O (2008) Identifying false alarm for network intrusion detection system using hybrid data mining and decision tree. Malays J Comput Sci 21:101–115
Gowadia V, Farkas C, Valtorta M (2005) PAID: a probabilistic agent-based intrusion detection system. Comput Secur 24:529–545. https://doi.org/10.1016/j.cose.2005.06.008
TPC (2018) TPC Benchmark H, Decision Support Benchmark. In: TPC-H. http://www.tpc.org/tpch/. Accessed 26 Mar 2020
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Arora, A., Gosain, A. Intrusion detection system for data warehouse with second level authentication. Int. j. inf. tecnol. 13, 877–887 (2021). https://doi.org/10.1007/s41870-021-00659-1
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s41870-021-00659-1