Techniques and Systems for Anomaly Detection in Database Systems

Abstract Techniques for detection of anomalies in accesses to database systems accesses have been widely investigated. Existing techniques operate in two main phases. The rest phase is a training phase during which profi les of the database subjects are created based on historical data representing past users actions. New actions are then checked upon these profi les to detect deviations from the expected normal behavior. Such deviations are considered indicators of possible attacks and may thus require further analyses. The existing techniques have considered different categories of features to describe users actions and followed different methodologies and algorithms to build access pro les and track users behaviors. In this chapter, we review the prominent techniques and systems for anomaly detection in database systems. We discuss the attacks they help detecting as well as their limitations and possible extensions. We also give directions on potential future research.
  • Asmaa Sallam (Purdue)
  • Elisa Bertino (Purdue)
Date Apr-2019
Venue Policy-Based Autonomic Data Governance. Springer, Cham, 2019. 113-133 [link]