Attacks Scenarios in a Correlated Anomalies Context: Case of Medical System Database Application

Pierrette Evina, Faouzi Jaidi, Faouzi Jaidi, Faten Ayachi, Adel Bouhoula

Abstract

In Information Systems (IS) and specifically in databases, both internal and external attacks require a lot of attention. Due to inadequate manipulations in these systems, the access control policy (ACP) which is designed to control and protect resources from non-authorized users, may be subject to diverse alterations in its expression with significant anomalies. In the present paper, we study and establish basic scenarios that are encountered in such circumstances. We discuss other advanced scenarios based on correlation cases between basic ones. We mainly consider three basic concepts: Hidden User, Corrupted User and ACP vulnerability. Our contribution consists in the definition of a vulnerability mask, which makes it possible to calculate all the critical objects and to classify malicious users. This allows fine and reliable configuration of the risk management systems and the audit system as well as an objective and optimized analysis of log files and audit data. We present the architecture of our approach for the detection of anomalies in a correlated risk management context. Our contribution specifically considers groups of anomalies for which occurrences are linked both temporally and spatially.

Download


Paper Citation


in Harvard Style

Evina P., Jaidi F., Ayachi F. and Bouhoula A. (2021). Attacks Scenarios in a Correlated Anomalies Context: Case of Medical System Database Application. In Proceedings of the 16th International Conference on Evaluation of Novel Approaches to Software Engineering - Volume 1: ENASE, ISBN 978-989-758-508-1, pages 348-355. DOI: 10.5220/0010475303480355


in Bibtex Style

@conference{enase21,
author={Pierrette Evina and Faouzi Jaidi and Faten Ayachi and Adel Bouhoula},
title={Attacks Scenarios in a Correlated Anomalies Context: Case of Medical System Database Application},
booktitle={Proceedings of the 16th International Conference on Evaluation of Novel Approaches to Software Engineering - Volume 1: ENASE,},
year={2021},
pages={348-355},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010475303480355},
isbn={978-989-758-508-1},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 16th International Conference on Evaluation of Novel Approaches to Software Engineering - Volume 1: ENASE,
TI - Attacks Scenarios in a Correlated Anomalies Context: Case of Medical System Database Application
SN - 978-989-758-508-1
AU - Evina P.
AU - Jaidi F.
AU - Ayachi F.
AU - Bouhoula A.
PY - 2021
SP - 348
EP - 355
DO - 10.5220/0010475303480355