This paper is published in Volume-6, Issue-3, 2020
Area
Computer Science Engineering
Author
Mohammed Ahmed Raza, Divya K., Kavya Jain B. S., Harsha N., Basavaraj Neelagund
Org/Univ
Don Bosco Institute of Technology, Bengaluru, Karnataka, India
Pub. Date
16 June, 2020
Paper ID
V6I3-1551
Publisher
Keywords
Data Owner, Application Server, Signature Generator, Signature Comparator, End User, Attacker

Citationsacebook

IEEE
Mohammed Ahmed Raza, Divya K., Kavya Jain B. S., Harsha N., Basavaraj Neelagund. A system for profiling and monitoring database access patterns for application programs by anomaly detection, International Journal of Advance Research, Ideas and Innovations in Technology, www.IJARIIT.com.

APA
Mohammed Ahmed Raza, Divya K., Kavya Jain B. S., Harsha N., Basavaraj Neelagund (2020). A system for profiling and monitoring database access patterns for application programs by anomaly detection. International Journal of Advance Research, Ideas and Innovations in Technology, 6(3) www.IJARIIT.com.

MLA
Mohammed Ahmed Raza, Divya K., Kavya Jain B. S., Harsha N., Basavaraj Neelagund. "A system for profiling and monitoring database access patterns for application programs by anomaly detection." International Journal of Advance Research, Ideas and Innovations in Technology 6.3 (2020). www.IJARIIT.com.

Abstract

Database Management Systems (DBMSs) provide access control mechanisms that allow database administrators (DBAs) to grant application programs access privileges to databases. Though such mechanisms are powerful, in practice finer-grained access control mechanism tailored to the semantics of the data stored in the DMBS is required as a first-class defense mechanism against smart attackers. Hence, custom-written applications that access databases implement an additional layer of access control. Therefore, securing a database alone is not enough for such applications, as attackers aiming at stealing data can take advantage of vulnerabilities in the privileged applications and make these applications to issue malicious database queries. An access control mechanism can only prevent application programs from accessing the data to which the programs are not authorized, but it is unable to prevent misuse of the data to which application programs are authorized for access. Hence, we need a mechanism able to detect malicious behavior resulting from previously authorized applications. In this paper, we present the architecture of an anomaly detection mechanism, DetAnom, that aims to solve such a problem. Our approach is based on the analysis and profiling of the application in order to create a succinct representation of its interaction with the database. Such a profile keeps a signature for every submitted query and also the corresponding constraints that the application program must satisfy to submit the query. Later, in the detection phase, whenever the application issues a query, a module captures the query before it reaches the database and verifies the corresponding signature and constraints against the current context of the application. If there is a mismatch, the query is marked as anomalous. The main advantage of our anomaly detection mechanism is that, in order to build the application profiles, we need neither any previous knowledge of application vulnerabilities nor any example of possible attacks. As a result, our mechanism is able to protect the data from attacks tailored to database applications such as code modification attacks, SQL injections, and also from other data-centric attacks as well. If the data is attacked by the insider and he modifies the data, we could be able to recover the original file with the help of our mechanism. We have implemented our mechanism with a software testing technique called consoles testing and the PostgreSQL DBMS. Experimental results show that our profiling technique is close to accurate, requires an acceptable amount of time, and the detection mechanism incurs low run-time overhead.