||Techniques for detection of anomalies in accesses to database systems accesses have been widely investigated. Existing techniques operate in two main phases. The rest phase is a training phase during which profiles of the database subjects are created based on historical data representing past users actions. New actions are then checked upon these profiles to detect deviations from the expected normal behavior. Such deviations are considered indicators of possible attacks and may thus require further analyses. The existing techniques have considered different categories of features to describe users actions and followed different methodologies and algorithms to build access proles and track users behaviors. In this chapter, we review the prominent techniques and systems for anomaly detection in database systems. We discuss the attacks they help detecting as well as their limitations and possible extensions. We also give directions on potential future research.
- Asmaa Sallam (Purdue)
- Elisa Bertino (Purdue)
||Policy-Based Autonomic Data Governance. Springer, Cham, 2019. 113-133 [link]