Customized Intrusion Detection Based on a Database Audit Log

10 pages•Published: March 13, 2019

Thomas Le, William Mitchell and Behnam Arad

Abstract

The Internet enables world-wide communication for all areas of human activity. To deal with the massive data involved, companies deploy database products such as Oracle® Database, MySQL, Microsoft® SQL Server, and IBM® DB2. Databases are continuously under attack by intruders who probe for valuable customer and corporate information. Commercial databases have auditing support that facilitates after-the-fact review and analysis of data access. However, audit data collected has vendor-specific structure and content. Tools are needed to optimize response to security incidents and to proactively mine audit logs for vulnerabilities. This paper1 demonstrates some database-independent techniques aimed toward automating the management of a site’s audit information.

Keyphrases: database audit, incident tracking, intrusion detection, oracle® database, reporting, security

In: Gordon Lee and Ying Jin (editors). Proceedings of 34th International Conference on Computers and Their Applications, vol 58, pages 117-126.

Links:	https://easychair.org/publications/paper/JMgP
	https://doi.org/10.29007/8sb6

BibTeX entry

@inproceedings{CATA2019:Customized_Intrusion_Detection_Based,
  author    = {Thomas Le and William Mitchell and Behnam Arad},
  title     = {Customized Intrusion Detection Based on a Database Audit Log},
  booktitle = {Proceedings of 34th International Conference on Computers and Their Applications},
  editor    = {Gordon Lee and Ying Jin},
  series    = {EPiC Series in Computing},
  volume    = {58},
  publisher = {EasyChair},
  bibsource = {EasyChair, https://easychair.org},
  issn      = {2398-7340},
  url       = {/publications/paper/JMgP},
  doi       = {10.29007/8sb6},
  pages     = {117-126},
  year      = {2019}}

Download PDF Open PDF in browser