CERIAS - Center for Education and Research in Information Assurance and Security

Skip Navigation
Purdue University - Discovery Park
Center for Education and Research in Information Assurance and Security

Database Assurance: Anomaly Detection for Relational Databases

Peter Mork - MITRE

Sep 09, 2009

Size: 579.7MB

Download: Video Icon MP4 Video  
Watch in your Browser   Watch on Youtube Watch on YouTube


Behind countless complex applications lurk trusty relational databases that are responsible for managing the data that fuel these applications. For example, relational databases are used to support electronic medical health record systems, timecard reporting systems, and transportation systems. Ideally, the relational database system has been sufficiently hardened to prevent exfiltration or modification of data. Unfortunately, adversaries often have insider access to the networks and machines on which the database is running and can easily circumvent such security measures. Therefore, in this research project, we create profiles of known, legitimate behavior so that we can flag any anomalous behavior as potentially illegitimate.

In this presentation, because SQL injection remains the #1 attack vector, I will first illustrate how SQL injection attacks can exfiltrate data from a database system. I will then discuss various locations within the database engine that one might monitor activity, highlighting the benefits of placing a monitor between the query optimizer and query execution engine. Next, I will describe how we use cross-feature analysis to generate profiles of legitimate behavior and how these profile are used at run-time to identify anomalous activity. Then, I will present experimental results both in terms of performance overhead and precision/recall. I will conclude with a discussion of when our techniques are most applicable and how a clever adversary might nevertheless elude our monitor.

About the Speaker

Dr. Peter Mork is a Senior Technology Advisor and Principal Database Research at The MITRE Corporation. At MITRE his research revolves around data management topics including metadata management, data discovery, privacy and security. He also advises the Department of Health and Human Services on strategies for sharing data, particularly in the presence of privacy constraints. He received his PhD in 2005 from the University of Washington on the topic of Peer Architectures for Knowledge Sharing.

Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M. STEW G52 (Suite 050B), West Lafayette Campus. More information...


The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.