A dubiety-determining based model for database cumulated anomaly intrusion

The concept of Cumulated Anomaly (CA), which describes a new type of database anomalies, is addressed. A typical CA intrusion is that when a user who is authorized to modify data records under certain constraints deliberately hides his/her intentions to change data beyond constraints in different operations and different transactions. It happens when some appearing to be authorized and normal transactions lead to certain accumulated results out of given thresholds. The existing intrusion techniques are unable to deal with CAs. This paper proposes a detection model, Dubiety-Determining Model (DDM), for Cumulated Anomaly. This model is mainly based on statistical theories and fuzzy set theories. It measures the dubiety degree, which is presented by a real number between 0 and 1, for each database transaction, to show the likelihood of a transaction to be intrusive. The algorithms used in the DDM are introduced. A DDM-based software architecture has been designed and implemented for monitoring database transactions. The experimental results show that the DDM method is feasible and effective

Statistical and fuzzy approach for database security

A new type of database anomaly is described by addressing the concept of Cumulated Anomaly in this paper. Dubiety-Determining Model (DDM), which is a detection model basing on statistical and fuzzy set theories for Cumulated Anomaly, is proposed. DDM can measure the dubiety degree of each database transaction quantitatively. Software system architecture to support the DDM for monitoring database transactions is designed. We also implemented the system and tested it. Our experimental results show that the DDM method is feasible and effective

IoT Sentinel: Automated Device-Type Identification for Security Enforcement in IoT

With the rapid growth of the Internet-of-Things (IoT), concerns about the security of IoT devices have become prominent. Several vendors are producing IP-connected devices for home and small office networks that often suffer from flawed security designs and implementations. They also tend to lack mechanisms for firmware updates or patches that can help eliminate security vulnerabilities. Securing networks where the presence of such vulnerable devices is given, requires a brownfield approach: applying necessary protection measures within the network so that potentially vulnerable devices can coexist without endangering the security of other devices in the same network. In this paper, we present IOT SENTINEL, a system capable of automatically identifying the types of devices being connected to an IoT network and enabling enforcement of rules for constraining the communications of vulnerable devices so as to minimize damage resulting from their compromise. We show that IOT SENTINEL is effective in identifying device types and has minimal performance overhead

Database Intrusion Detection Using Role Profiling

Insider threats cause the majority of computer system security problems and are also among the most challenging research topics in database security. An anomaly-based intrusion detection system (IDS), which can profile inside users’ normal behaviors and detect anomalies when a user’s behaviors deviate from his/her profiles, is effective to protect computer systems against insider threats since the IDS can profile each insider and then monitor them continuously. Although many IDSes have been developed at the network or host level since 1980s, there are still very few IDSes specifically tailored to database systems. We initially build our anomaly-based database IDS using two different profiling methods: one is to build profiles for each individual user (user profiling) and the other is to mine profiles for roles (role profiling). Detailed comparative evaluations between role profiling and user profiling are conducted, and we also analyze the reasons why role profiling is more effective and efficient than user profiling. Another contribution of this thesis is that we introduce role hierarchy into database IDS and remarkably reduce the false positive rate without increasing the false negative rate

Data Leak Detection As a Service: Challenges and Solutions

We describe a network-based data-leak detection (DLD) technique, the main feature of which is that the detection does not require the data owner to reveal the content of the sensitive data. Instead, only a small amount of specialized digests are needed. Our technique – referred to as the fuzzy fingerprint – can be used to detect accidental data leaks due to human errors or application flaws. The privacy-preserving feature of our algorithms minimizes the exposure of sensitive data and enables the data owner to safely delegate the detection to others.We describe how cloud providers can offer their customers data-leak detection as an add-on service with strong privacy guarantees. We perform extensive experimental evaluation on the privacy, efficiency, accuracy and noise tolerance of our techniques. Our evaluation results under various data-leak scenarios and setups show that our method can support accurate detection with very small number of false alarms, even when the presentation of the data has been transformed. It also indicates that the detection accuracy does not degrade when partial digests are used. We further provide a quantifiable method to measure the privacy guarantee offered by our fuzzy fingerprint framework

Optimizing security and flexibility by designing a high security system for e-government servers

E-government is one of the most popular applications in the Web base applications.It helps people to do those work online, access the government sites, apply for online jobs, access to important data from the government database, and on top of that it also helps the government employees to access cameras and sensors over the country. However there are many challenges to keep the government data safe and secure in an open environment (network).Therefore, this paper is proposed to discuss two issues.In the first stage how to keep the data in safe, where this paper introduces many applications that guarantee a very high security for accessing and editing of data.The paper also carries a new design for E-government servers in which the authors try to distribute the security service on each line to avoid any attack from out or inside. The second issue is to ensure the flexibility of the data flow from the servers to the user which is the second challenge in the design.The experiment shows a good expected result, with the new approach have a high security and at the same time flexible E-government access.This paper provides a different view and uses a mixture of technologies to achieve a high security rate that will not affect different user's access.E-Government environment is subject to multiple security challenges, thus this paper proposed a model on how to secure the servers and how to ensure the flexibility of the system, in a simple way balance between a lot of security tools and the appreciate protecting vs. granting the flexible data flow up and download to the user