Detecting Malicious Insider Threats using a Null Affinity Temporal Three Dimensional Matrix Relation

Jonathan White, Brajendra Panda, Quassai Yassen, Khanh Nguyen, Weihan Li

2009

Abstract

A new approach for detecting malicious access to a database system is proposed and tested in this work. The proposed method relies upon manipulating usage information from database logs into three dimensional null-related matrix clusters that reveals new information about which sets of data items should never be related during defined temporal time frames across several applications. If access is detected in these three dimensional null-related clusters, this is an indication of illicit behavior, and further security procedures should occur. In this paper, we describe the null affinity algorithm and illustrate by several examples its use for problem decomposition and access control to data items which should not be accessed together, resulting in a new and novel way to detect malicious access that has never been proposed before.

References

  1. Gordon, L. Loeb, M., Lucyshyn, W. and Richardson, R. Computer Security Institute. Computer crime and security survey, 2006.
  2. Fonseca, J., Vieira, M., and Madeira, H. Online detection of malicious data access using DBMS auditing. In Proceedings of the 2008 ACM Symposium on Applied Computing. SAC 7808. ACM, New York, NY, 1013-1020, 2008.
  3. Chung, C. Y., Gertz, M., Levitt, K. DEMIDS: a misuse detection system for database systems. In integrity and internal Control information Systems: Strategic Views on the Need For Control, Norwell, MA, 159-178, 2000.
  4. Lee, S. Y., Low, W. L., and Wong, P. Y. Learning Fingerprints for a Database IDS. In Proceedings of the 7th European Symposium on Research in Comp. Security. LNCS, vol. 2502. Springer-Verlag, London, 264-280, 2002.
  5. Hu,Y. and Panda, B. Identification of Malicious Transactions in Database Systems. In ideas,pp.329. 7th Intl. Database Engineering and Applications Symposium (IDEAS'03), 2003
  6. McCormick W., Schweitzer P., White, T. Problem Decomposition and Data Reorganization by a Clustering Technique, Operations Research. 993-1009, 1972.
  7. Navathe, S., Ceri, S., Wiederhold, G., and Dou, J. Vertical partitioning algorithms for database design. ACM Trans. Database Syst. 9, pp. 680-710, 1984.
  8. Ramakrishnan, R. and Gehrke, J. Database Management Systems. 3rd. McGraw-Hill. 2002
  9. Vieira, M. and Madeira, H. Detection of Malicious Transactions in DBMS. In Proceedings of the 11th Pacific Rim international Symposium on Dependable Computing (December 12 - 14, 2005). PRDC. IEEE Computer Society, Washington, DC, 350-357, 2005
  10. Bertino, E., Kamra, A., Terzi, E., and Vakali, A. 2005. Intrusion Detection in RBACadministered Databases. In Proceedings of the 21st Annual Computer Security Applications Conference. ACSAC. IEEE Computer Society, Washington, DC, 170-182, 2005
  11. Schonlau, M. and Theus, M. Detecting masquerades in intrusion detection based on unpopular commands. In Information Processing Letters, vol. 76, 33-38, 2000.
  12. Dewri, R., Nayot, P., Indrajit, R., Whitley, D.: Optimal security hardening using multiobjective optimization on attack tree models of networks. In ACM Conference on Computer and Communications Security, 204-213, 2007.
  13. Ray, I., and Poolsappasit, N. Using Attack Trees to Identify Malicious Attacks from Authorized Insiders. In ESORICS 2005, Milan, Italy, pp. 231-246, 2005.
  14. Poolsappasit, N., Ray, I. A Systematic Approach for Forensic Investigations of Computer Attacks Using Attack Trees. In Proceedings of the 3rd IFIP WG 11.9 International Conference on Digital Forensics, Orlando, Florida, 2007.
Download


Paper Citation


in Harvard Style

White J., Panda B., Yassen Q., Nguyen K. and Li W. (2009). Detecting Malicious Insider Threats using a Null Affinity Temporal Three Dimensional Matrix Relation . In Proceedings of the 7th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2009) ISBN 978-989-8111-91-3, pages 93-102. DOI: 10.5220/0002199000930102


in Bibtex Style

@conference{wosis09,
author={Jonathan White and Brajendra Panda and Quassai Yassen and Khanh Nguyen and Weihan Li},
title={Detecting Malicious Insider Threats using a Null Affinity Temporal Three Dimensional Matrix Relation},
booktitle={Proceedings of the 7th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2009)},
year={2009},
pages={93-102},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002199000930102},
isbn={978-989-8111-91-3},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 7th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2009)
TI - Detecting Malicious Insider Threats using a Null Affinity Temporal Three Dimensional Matrix Relation
SN - 978-989-8111-91-3
AU - White J.
AU - Panda B.
AU - Yassen Q.
AU - Nguyen K.
AU - Li W.
PY - 2009
SP - 93
EP - 102
DO - 10.5220/0002199000930102