DBMS Application Layer Intrusion Detection for Data Warehouses

Authors

Abstract

Data Warehouses (DWs) are used for producing business knowledge and aiding decision support. Since they store the secrets of the business, securing their data is critical. To accomplish this, several Database Intrusion Detection Systems (DIDS) have been proposed. However, when using DIDS in DWs, most solutions produce either too many false-positives (i.e., false alarms) that must be verified or too many false-negatives (i.e., true intrusions that pass undetected). Moreover, many approaches detect intrusions a posteriori which, given the sensitivity of DW data, may result in irreparable cost. To the best of our knowledge, no DIDS specifically tailored for DWs has been proposed. This paper examines intrusion detection from a data warehousing perspective and the reasons why traditional database security methods are not sufficient to avoid intrusions. We define the specific requirements for a DW DIDS and propose a conceptual approach for a real-time DIDS for DWs at the SQL command level that works transparently as an extension of the Database Management System (DBMS) between the user applications and the database server itself. A preliminary experimental evaluation using the TPC-H decision support benchmark is included to demonstrate the DIDS’ efficiency.

Book Chapter

Building Sustainable Information Systems, 10, pp. 493-507, Springer US 2013

DOI