Simulating User Activity for Assessing Effect of Sampling on DB Activity Monitoring Anomaly Detection

Hagit Grushka-Cohen, Ofer Biller, Oded Sofer, Lior Rokach, Bracha Shapira

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

1 Scopus citations

Abstract

Monitoring database activity is useful for identifying and preventing data breaches. Such database activity monitoring (DAM) systems use anomaly detection algorithms to alert security officers to possible infractions. However, the sheer number of transactions makes it impossible to track each transaction. Instead, solutions use manually crafted policies to decide which transactions to monitor and log. Creating a smart data-driven policy for monitoring transactions requires moving beyond manual policies. In this paper, we describe a novel simulation method for user activity. We introduce events of change in the user transaction profile and assess the impact of sampling on the anomaly detection algorithm. We found that looking for anomalies in a fixed subset of the data using a static policy misses most of these events since low-risk users are ignored. A Bayesian sampling policy identified 67% of the anomalies while sampling only 10% of the data, compared to a baseline of using all of the data.

Original languageEnglish
Title of host publicationPolicy-Based Autonomic Data Governance
EditorsSeraphin Calo, Dinesh Verma, Elisa Bertino
PublisherSpringer Verlag
Pages82-90
Number of pages9
ISBN (Electronic)978-3-030-17277-0
ISBN (Print)9783030172763
DOIs
StatePublished - 25 Apr 2019
Event2nd International Workshop on Policy-based Autonomic Data Governance, PADG 2018 in conjunction with the 23rd European Symposium on Research in Computer Security, ESORICS 2018 - Barcelona, Spain
Duration: 3 Sep 20187 Sep 2018

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11550 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference2nd International Workshop on Policy-based Autonomic Data Governance, PADG 2018 in conjunction with the 23rd European Symposium on Research in Computer Security, ESORICS 2018
Country/TerritorySpain
CityBarcelona
Period3/09/187/09/18

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science

Fingerprint

Dive into the research topics of 'Simulating User Activity for Assessing Effect of Sampling on DB Activity Monitoring Anomaly Detection'. Together they form a unique fingerprint.

Cite this