DIWeDa - Detecting intrusions in web databases

Alex Roichman, Ehud Gudes

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

20 Scopus citations

Abstract

There are many Intrusion Detection Systems (IDS) for networks and operating systems and there are few for Databases- despite the fact that the most valuable resources of every organization are in its databases. The number of database attacks has grown, especially since most databases are accessible from the web and satisfactory solutions to these kinds of attacks are still lacking. We present DIWeDa - a practical solution for detecting intrusions to web databases. Contrary to any existing database intrusion detection method, our method works at the session level and not at the SQL statement or transaction level. We use a novel SQL Session Content Anomaly intrusion classifier and this enables us to detect not only most known attacks such as SQL Injections, but also more complex kinds of attacks such as Business Logic Violations. Our experiments implemented the proposed intrusion detection system prototype and showed its feasibility and effectiveness.

Original languageEnglish
Title of host publicationData and Applications Security XXII - 22nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security, Proceedings
Pages313-329
Number of pages17
DOIs
StatePublished - 1 Sep 2008
Event22nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security - London, United Kingdom
Duration: 13 Jul 200816 Jul 2008

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume5094 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference22nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security
Country/TerritoryUnited Kingdom
CityLondon
Period13/07/0816/07/08

Keywords

  • Database vulnerability
  • Intrusion detection
  • SQL content classification
  • Web database security

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science

Fingerprint

Dive into the research topics of 'DIWeDa - Detecting intrusions in web databases'. Together they form a unique fingerprint.

Cite this