DBSAFE - An Anomaly Detection System to Protect Databases From Exfiltration Attempts

Asmaa Sallam, Elisa Bertino, Syed Rafiul Hussain, David Landers, R. Michael Lefler, Donald Steiner

    Research output: Contribution to journalArticlepeer-review

    12 Scopus citations

    Abstract

    Attempts by insiders to exfiltrate data have become a severe threat to the enterprise. Conventional data security techniques, such as access control and encryption, must be augmented with techniques to detect anomalies in data access that may indicate exfiltration attempts. In this paper, we present the design and evaluation of DBSAFE, a system to detect, alert on, and respond to anomalies in database access designed specifically for relational database management systems (DBMS). The system automatically builds and maintains profiles of normal user and application behavior, based on their interaction with the monitored database during a training phase. The system then uses these profiles to detect anomalous behavior that deviates from normality. Once an anomaly is detected, the system uses predetermined policies guiding automated and/or human response to the anomaly. The DBSAFE architecture does not impose any restrictions on the type of the monitored DBMS. Evaluation results indicate that the proposed techniques are indeed effective in detecting anomalies.

    Original languageEnglish (US)
    Pages (from-to)483-493
    Number of pages11
    JournalIEEE Systems Journal
    Volume11
    Issue number2
    DOIs
    StatePublished - Jun 2017

    All Science Journal Classification (ASJC) codes

    • Control and Systems Engineering
    • Information Systems
    • Computer Science Applications
    • Computer Networks and Communications
    • Electrical and Electronic Engineering

    Fingerprint Dive into the research topics of 'DBSAFE - An Anomaly Detection System to Protect Databases From Exfiltration Attempts'. Together they form a unique fingerprint.

    Cite this