The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

Peter Mork - MITRE

Students: Spring 2024, unless noted otherwise, sessions will be virtual on Zoom.

Database Assurance: Anomaly Detection for Relational Databases

Sep 09, 2009

Download: Video Icon MP4 Video Size: 579.7MB  
Watch on Youtube Watch on YouTube

Abstract

Behind countless complex applications lurk trusty relational databases that are responsible for managing the data that fuel these applications. For example, relational databases are used to support electronic medical health record systems, timecard reporting systems, and transportation systems. Ideally, the relational database system has been sufficiently hardened to prevent exfiltration or modification of data. Unfortunately, adversaries often have insider access to the networks and machines on which the database is running and can easily circumvent such security measures. Therefore, in this research project, we create profiles of known, legitimate behavior so that we can flag any anomalous behavior as potentially illegitimate.

In this presentation, because SQL injection remains the #1 attack vector, I will first illustrate how SQL injection attacks can exfiltrate data from a database system. I will then discuss various locations within the database engine that one might monitor activity, highlighting the benefits of placing a monitor between the query optimizer and query execution engine. Next, I will describe how we use cross-feature analysis to generate profiles of legitimate behavior and how these profile are used at run-time to identify anomalous activity. Then, I will present experimental results both in terms of performance overhead and precision/recall. I will conclude with a discussion of when our techniques are most applicable and how a clever adversary might nevertheless elude our monitor.

About the Speaker

Dr. Peter Mork is a Senior Technology Advisor and Principal Database Research at The MITRE Corporation. At MITRE his research revolves around data management topics including metadata management, data discovery, privacy and security. He also advises the Department of Health and Human Services on strategies for sharing data, particularly in the presence of privacy constraints. He received his PhD in 2005 from the University of Washington on the topic of Peer Architectures for Knowledge Sharing.


Ways to Watch

YouTube

Watch Now!

Over 500 videos of our weekly seminar and symposia keynotes are available on our YouTube Channel. Also check out Spaf's YouTube Channel. Subscribe today!