Database Intrusion Detection and Response


Why is it important to have an intrusion detection (ID) mechanism tailored for a database management system (DBMS)? There are three main reasons for this. First, actions deemed malicious for a DBMS are not necessarily malicious for the underlying operating system or the network; thus ID systems designed for the latter may not be effective against database attacks. Second, organizations have stepped up data vigilance driven by various government regulations concerning data management such as SOX, GLBA, HIPAA and so forth. Third, and this is probably the most relevant reason, the problem of insider threats is being recognized as a major security threat; its solution requires among other techniques the adoption of mechanisms able to detect access anomalies by users internal to the organization owning the data.


DBMS, intrusion detection, insider threats, security, access anomalies

Date of this Version



Recent Advances in Intrusion Detection Lecture Notes in Computer Science, 2008, Volume 5230/2008, 400-401