DBMS Application Layer Intrusion Detection for Data Warehouses

Authors

Abstract

Data Warehouses (DWs) are used for producing business knowledge and aiding decision support. Since they store the secrets of the business, securing their data is critical. To accomplish this, several Database Intrusion Detection Systems (DIDS) have been proposed. However, when using DIDS in DWs, most solutions either produce too many false positives (i.e. false alarms) that must be verified or too many false negatives (i.e. true intrusions that pass undetected). Moreover, many approaches detect intrusions a posteriori which, given the sensitivity of DW data, may result in irreparable cost. To the best of our knowledge, no DIDS specifically tailored for DWs has been proposed. This pa-per examines intrusion detection from a data warehousing perspective and the reasons why traditional database security methods are not sufficient to avoid in-trusions. We define the specific requirements for a DW DIDS and propose a conceptual approach for a real-time DIDS for DWs at the SQL command level that works transparently as an extension of the DataBase Management System (DBMS) between the user applications and the database server itself. A prelim-inary experimental evaluation using the TPC-H decision support benchmark is included to demonstrate the DIDS’ efficiency.

Keywords

Database intrusion detection systems, Database security, Anomaly detection, Misuse detection, Data warehousing

Subject

Intrusion Detection in Data Warehouses

Conference

ISD 2012 - Information Systems Development, August 2012