DBSAFE - An Anomaly Detection System to Protect Databases From Exfiltration Attempts

Asmaa Sallam, Elisa Bertino, Syed Rafiul Hussain, David Landers, R. Michael Lefler, Donald Steiner

Research output: Contribution to journalArticlepeer-review

19 Scopus citations

Abstract

Attempts by insiders to exfiltrate data have become a severe threat to the enterprise. Conventional data security techniques, such as access control and encryption, must be augmented with techniques to detect anomalies in data access that may indicate exfiltration attempts. In this paper, we present the design and evaluation of DBSAFE, a system to detect, alert on, and respond to anomalies in database access designed specifically for relational database management systems (DBMS). The system automatically builds and maintains profiles of normal user and application behavior, based on their interaction with the monitored database during a training phase. The system then uses these profiles to detect anomalous behavior that deviates from normality. Once an anomaly is detected, the system uses predetermined policies guiding automated and/or human response to the anomaly. The DBSAFE architecture does not impose any restrictions on the type of the monitored DBMS. Evaluation results indicate that the proposed techniques are indeed effective in detecting anomalies.

Original languageEnglish (US)
Pages (from-to)483-493
Number of pages11
JournalIEEE Systems Journal
Volume11
Issue number2
DOIs
StatePublished - Jun 2017

All Science Journal Classification (ASJC) codes

  • Control and Systems Engineering
  • Information Systems
  • Computer Science Applications
  • Computer Networks and Communications
  • Electrical and Electronic Engineering

Fingerprint

Dive into the research topics of 'DBSAFE - An Anomaly Detection System to Protect Databases From Exfiltration Attempts'. Together they form a unique fingerprint.

Cite this