TY - GEN
T1 - DIWeDa - Detecting intrusions in web databases
AU - Roichman, Alex
AU - Gudes, Ehud
PY - 2008/9/1
Y1 - 2008/9/1
N2 - There are many Intrusion Detection Systems (IDS) for networks and operating systems and there are few for Databases- despite the fact that the most valuable resources of every organization are in its databases. The number of database attacks has grown, especially since most databases are accessible from the web and satisfactory solutions to these kinds of attacks are still lacking. We present DIWeDa - a practical solution for detecting intrusions to web databases. Contrary to any existing database intrusion detection method, our method works at the session level and not at the SQL statement or transaction level. We use a novel SQL Session Content Anomaly intrusion classifier and this enables us to detect not only most known attacks such as SQL Injections, but also more complex kinds of attacks such as Business Logic Violations. Our experiments implemented the proposed intrusion detection system prototype and showed its feasibility and effectiveness.
AB - There are many Intrusion Detection Systems (IDS) for networks and operating systems and there are few for Databases- despite the fact that the most valuable resources of every organization are in its databases. The number of database attacks has grown, especially since most databases are accessible from the web and satisfactory solutions to these kinds of attacks are still lacking. We present DIWeDa - a practical solution for detecting intrusions to web databases. Contrary to any existing database intrusion detection method, our method works at the session level and not at the SQL statement or transaction level. We use a novel SQL Session Content Anomaly intrusion classifier and this enables us to detect not only most known attacks such as SQL Injections, but also more complex kinds of attacks such as Business Logic Violations. Our experiments implemented the proposed intrusion detection system prototype and showed its feasibility and effectiveness.
KW - Database vulnerability
KW - Intrusion detection
KW - SQL content classification
KW - Web database security
UR - http://www.scopus.com/inward/record.url?scp=50249084452&partnerID=8YFLogxK
U2 - 10.1007/978-3-540-70567-3_24
DO - 10.1007/978-3-540-70567-3_24
M3 - Conference contribution
AN - SCOPUS:50249084452
SN - 354070566X
SN - 9783540705666
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 313
EP - 329
BT - Data and Applications Security XXII - 22nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security, Proceedings
T2 - 22nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security
Y2 - 13 July 2008 through 16 July 2008
ER -