Title

Database Intrusion Detection and Response

Abstract

Why is it important to have an intrusion detection (ID) mechanism tailored for a database management system (DBMS)? There are three main reasons for this. First, actions deemed malicious for a DBMS are not necessarily malicious for the underlying operating system or the network; thus ID systems designed for the latter may not be effective against database attacks. Second, organizations have stepped up data vigilance driven by various government regulations concerning data management such as SOX, GLBA, HIPAA and so forth. Third, and this is probably the most relevant reason, the problem of insider threats is being recognized as a major security threat; its solution requires among other techniques the adoption of mechanisms able to detect access anomalies by users internal to the organization owning the data.

Keywords

DBMS, intrusion detection, insider threats, security, access anomalies

Date of this Version

2008

Comments

Recent Advances in Intrusion Detection Lecture Notes in Computer Science, 2008, Volume 5230/2008, 400-401

Share

COinS