raid08 dbir
TRANSCRIPT
###-### title - PI - area###-### title - PI - area
DDatabase atabase IIntrusion ntrusion DDetection and etection and RResponseesponse**
Ashish Kamra and Elisa [email protected], [email protected]
1. Create profiles that succinctly represent user/application behavior interacting with a DBMS.
2. Develop efficient algorithms for detection of anomalous DB user/application behavior.
3. Develop novel strategies/mechanisms for responding to intrusions in context of a DBMS.
4. Implement our methods in the PostgreSQL DBMS and highlight implementation issues.
* Supported by NSF under Grant No. 0430274
System Architecture
Query
User
Features Assessment
Profile Creator
Alarm
Drop QueryNo Action
Audit Log
Training Queries
TRAINING PHASE
Detection Engine Response Engine
Response Policy Base(Extended ECA Policies)
Feature Selector
Profiles
Consult
Contributions
ON ---------{EVENT} IF-----------{CONDITIONS} THEN-------{ACTION} CONFIRM---{CONFIRMATION ACTION} ELSE--------{ALTERNATE ACTION}
Supervised Learning:Roles as Classes
Naïve Bayes ClassifierUn-supervised Learning:
Clustering methodsOutlier Detection Test
SQL QUERIES STORED ASASSOCIATION RULES
QUERY RULESquery projection attributes => query selection attributesPREDICATE RULESLHS attributes => RHS attributes
Future Work
Detection Tasks