Upload File

enhancing detection rate

44
دا ام خ ه ن ب د دن رد ن ی ا ج ن گ ا ج ک ر ه رد خ د ی ل ک ن! را د ا سار دا ام خ ن ر1

Upload: nazi-asadpour

Post on 14-Apr-2017

268 views

Category:

Documents


0 download

Report

TRANSCRIPT

Slide 1

1

: Enhancing Detection Rate in Database IntrusionDetection System

: : 93

2

3

( ) : . .

4

False positive

False negative 5

log file : .Offline audit log file : Feature selector : (queries) .

6

Online audit log feature selector Profile transaction Detection engine DBMS .7

Detection Engine

FeatureSelectorDBMS Profile Creator

Alarm User raw queryRequested Features Online Audit trail Audit log ProfilesConsultInvalid Transaction Commit TransactionValid TransactionFigure.1: Architecture of Proposed Database IDS8

U_nameSes_idTrans_idSeq_noCmd_typeTarget_objsales14717selectOrdersales14718selectProductware13523updateStockware11325selectWaresales913insertOrdersales121236updateStockware11326selectProductware11327selectStocksales14721updateStockware13521selectWaresales14723updateStockWare13522selectstocksales14720insertOrder_linesales14722insertOrder_linesales14719insertproduct

9

21 select[ware]22 select[stock]23 update[stock]Transaction # 5[ware]25 select[ware]26 select[product]27 select[stock]Transaction # 3[ware]Authorized Transactions Profile10

17 select[order] 18 select[product] 19 insert[order] 20 insert [order-line] 21 update[stock] 22 insert[order-line] 23 update[stock] Transaction # 7[sales]Authorized Transactions Profile11

U_nameSes_idTrans_idSeq_noCmd_typeTarget_objsales14717selectOrdersales14718selectProductsales14719insertordersales14720insertOrder_linesales14721updateproductsales14722insertOrder_linesales14723updateStock

12

17 select[order] 18 select[product] 19 insert[order] 20 insert [order-line] 21 update[product]22 insert[order-line] 23 update[product]Transaction # 7[sales]Transaction Profile for Executable Transaction 13

17 select[order] 18 select[product] 19 insert[order] 20 insert [order-line] 21 update[stock] 22 insert[order-line] 23 update[stock] Transaction # 7[sales]Authorized Transactions ProfileTransaction Profile for Executable Transaction 17 select[order] 18 select[product] 19 insert[order] 20 insert [order-line] 21 update[product]22 insert[order-line] 23 update[product]Transaction # 7[sales]

14

sql IP query ... .

false negative false positive 15

1DB 1 1 16

UsernameSessionidSeq.no.CommandtypeTargetobjectAttributeinformationDB1719SelectProductPrice, NameDB1723updateCustomerBalance,Payment_cnt,DataDB1722updateStockQuantity, Order_cntDB1718SelectOrderC_id, Entry_d, Carrier_idDB1720InsertOrderD_id, W_id, C_id,Entry_d, Carrier_idDB1721InsertOrder_lineD_id, W_id, Number,I_id

TABLE I. OFFLINE AUDIT-LOG TABLE17

Fig. 1. Transaction profile for offline audit log data18

1 :1DB 2 2 .

19

UsernameSessionidSeq.no.CommandtypeTargetobjectAttributeinformationDB11444SelectOrderC_id, Entry_d, Carrier_idDB11449updateCustomerBalance, Payment_cnt,DataDB11448updateStockQuantity, Order_cntDB11445SelectProductPrice, NameDB11446InsertOrderD_id, W_id, C_id, Entry_d,Carrier_idDB11447InsertOrder_lineD_id, W_id, Number, I_id

TABLE II. OFFLINE AUDIT-LOG TABLE20

20

Fig. 2. Transaction profile for offline audit log data21

21

22

22

: select . . select

23

23

21DB 3 3 .

24

24

UsernameSessionidSeq.no.CommandtypeTargetobjectAttributeinformationDB12133SelectProductPriceDB12137updateCustomerBalance, Payment_cnt,DataDB12136updateStockQuantity, Order_cntDB12132SelectOrderEntry_dDB12134InsertOrderD_id, W_id, C_id, Entry_d,Carrier_idDB12135InsertOrder_lineD_id, W_id, Number, I_id

TABLE III. OFFLINE AUDIT-LOG TABLE25

25

Fig. 3. Transaction profile for offline audit log data26

26

27

27

: select . .28

28

false positive . :Altered sequence of consecutive select commands Attribute subset access pattern

select . . 29

29

. ... .

.

30

30

OfflineLogHistoryOnlineAudit LogDBMSTransaction Profile Generator< UserID, SessionID, ReadSet, WriteSet >Transaction Profile GenerationOfflineTransactionProfilesFeature ExtractorCurrent SessionRaise AlarmDetectionOnline EngineCommitFig. 4. System architecture of proposed approachInvalidTransactionValidTransaction31

Username .SessionID session Identification of session established when the user connects to the database.

UserIDSessionIDRead SetsWrite Sets

32

Read sets : (Read, TB_Acc[],Attr_Acc[][])

Write sets : (Write,TB_Acc[],Attr_Acc[][])

Read/write read :0 write :1 TB_Acc[] ( ) Attr_Acc[][] N N () .33

33

1 = Attr_Acc[i][j] j i . : :

Altered sequence of consecutive select commands Attribute subset access pattern34

Altered sequence of consecutive select commands select select select commit detection engine .35

Attribute subset access pattern commit AND . commit 36

UserIDSessionIDRead/WriteTB-Acc[ ]Attr-Acc[ ][ ]17311

Cont.....Read/WriteTB-Acc[ ]Attr-Acc[ ][ ]

1

Read/WriteTB-Acc[ ]Attr-Acc[ ][ ]

0

Cont.....TABLE IV. VALID PROFILE37

UserIDSessionIDRead/WriteTB-Acc[ ]Attr-Acc[ ][ ]17131

Cont.....Read/WriteTB-Acc[ ]Attr-Acc[ ][ ]

1

Read/WriteTB-Acc[ ]Attr-Acc[ ][ ]

0

Cont.....TABLE V. PROFILE OF NEW TRANSACTION38

(10101100) ^(10000100)= 10000100

same39

(10101100) ^(10101011)= 10101000

and .40

Fig. 5. No. of Transactions vs. False Positive Rate41

Fig. 6. No. of Transactions vs. False Negative Rate42

Fig. 7. No. of Transactions vs. Recall43

17 select[order] 18 select[product] 19 insert[order] 20 insert [order-line] 21 update[stock] 22 insert[order-line] 23 update[stock] Transaction # 7[sales]17 select[order] 18 select[product] 19 insert[order] 20 insert [order-line] 21 update[product]22 insert[order-line] 23 update[product]Transaction # 7[sales]Authorized Transactions ProfileTransaction Profile for Executable Transaction 44


ELC ENHANCING DETECTION: GEORGIA TESTING …...ELC ENHANCING DETECTION: GEORGIA TESTING PLAN 5 future infection. Considering this guidance, we do not anticipate using COVID-19 serologic

Enhancing Public Health Disease Surveillance, Detection ...httpAssets... · Enhancing Public Health Disease Surveillance, Detection, Diagnosis and Containment Capability in Nigeria

Mutually Enhancing Community Detection and Sentiment Analysis on

Enhancing angular sampling rate of integral floating display using ...faculty.cas.usf.edu/mkkim/papers.pdf/2012 OX JHong.pdf · Enhancing angular sampling rate of integral floating

DISSOLUTION RATE ENHANCING TECHNIQUES

Enhancing Electrochemical Detection On

Enhancing Human Face Detection by Resampling Examples ...jiechen/paper/TSMC-PartA_2007.pdf · Enhancing Human Face Detection by Resampling Examples Through Manifolds Jie Chen, StudentMember,IEEE,

Heart Rate Variability Discovery: Algorithm for Detection of Heart Rate …cinc.org/archives/2014/pdf/0253.pdf · Heart Rate Variability Discovery: Algorithm for Detection of Heart

ELC ENHANCING DETECTION: NEBRASKA TESTING PLAN 2020 … · 2020-07-09 · ELC ENHANCING DETECTION: NEBRASKA TESTING PLAN 1 2020 Overarching Jurisdictional SARS-COV-2 Testing Strategy

Complete Event Trend Detection in High-Rate Event …web.cs.wpi.edu/~chuanlei/papers/sigmod17.pdf · Complete Event Trend Detection in High-Rate Event Streams ... tems consume high-rate

Hevle Enhancing Pipeline Integrity With Early Detection of Internal

Enhancing Deep Learning DGA Detection Models Using ... COMM… · Enhancing Deep Learning DGA Detection Models Using Separate Character Embedding Vikash Yadav Data Scientist, Royal

False Alarm Rate Detection Statistic90 Chapter 7 False Alarm Rate Detection Statistic In this chapter, we describe the development of the false alarm rate (FAR) as the detection statistic

Stairs Detection for Enhancing Wheelchair Capabilities Based ...Stairs Detection for Enhancing Wheelchair Capabilities Based on Radar Sensors Sherif Abdulatif , Bernhard Kleiner ,

ELC ENHANCING DETECTION: INDIANA TESTING PLAN ...ELC ENHANCING DETECTION: INDIANA TESTING PLAN 4 7% of Indiana’s total population, but includes 18.0% of the African American, 20.0%

Detection Rate Test - August 2011

A Enhancing Transmission Collision Detection for ...bbcr.uwaterloo.ca/~wzhuang/papers/collisionDetection_v3.pdf · Enhancing Transmission Collision Detection for D-TDMA in VANETs

PAH8001EI-2G: Optical Heart Rate Detection · PDF filePAH8001EI-2G Product Brief PixArt Imaging Inc. Optical Heart Rate Detection Sensor PAH8001EI-2G: Optical Heart Rate Detection

Thermal Imaging for Enhancing Inspection Reliability: Detection

Rapid Detection of Constant-Packet-Rate Flows

ELC ENHANCING DETECTION: PHILADELPHIA TESTING PLAN … · ELC ENHANCING DETECTION: PHILADELPHIA TESTING PLAN 4 Additionally, established relationships between PDPH’s Acute Communicable

ENHANCING FAKE PRODUCT DETECTION USING DEEP …

Enhancing biological signals and detection rates in single ......2 days ago  · Enhancing biological signals and detection rates in single-cell RNA-seq experiments with cDNA library

Ogata and Katsura (1993, GJIOgata and Katsura (1993, GJI) b-value change P - value change V - value change Detection Rate Detection Rate Detection Rate M t1.5 M t1.0 M t0.5 TIME (days)

Double NS: Detection Rate and Stochastic Background

ENHANCING DETECTION.... ENHANCING YOUR PRACTICE ENHANCING DETECTION.... ENHANCING YOUR PRACTICE

Enhancing Security in 802.11 and 802.1 X Networks with Intrusion Detection

A Failure Detection and Prediction Mechanism for Enhancing

Instantaneous Heart Rate Detection using Smart Phones

ELC ENHANCING DETECTION: COLORADO TESTING PLAN 2020 ... · ELC ENHANCING DETECTION: COLORADO TESTING PLAN 4 Table #1a: Number of individuals planned to be tested, by month BY MONTH:

RATE-BASED FAILURE DETECTION FOR CRITICAL …iv RATE-BASED FAILURE DETECTION FOR CRITICAL-INFRASTRUCTURE SENSOR NETWORKS Abstract ... failures. By exploiting GridStat’s rate-based

ELC ENHANCING DETECTION: NEW YORK TESTING PLAN 2020

Enhancing Human Detection using Crowd Density Measures and … · 2020. 9. 13. · Enhancing Human Detection using Crowd Density Measures and an adaptive Correction Filter Volker

Enhancing terahertz molecular fingerprint detection by a

Enhancing the Reliability of Coating Flaw Detection for