Zhiping Wu

Date of Award

2009

Degree Type

Thesis

Degree Name

Master of Science

Program

Computer Science

Supervisor

Sylvia L. Osborn

Abstract

Insider threats cause the majority of computer system security problems and are also among the most challenging research topics in database security. An anomaly-based intrusion detection system (IDS), which can profile inside users’ normal behaviors and detect anomalies when a user’s behaviors deviate from his/her profiles, is effective to protect computer systems against insider threats since the IDS can profile each insider and then monitor them continuously. Although many IDSes have been developed at the network or host level since 1980s, there are still very few IDSes specifically tailored to database systems. We initially build our anomaly-based database IDS using two different profiling methods: one is to build profiles for each individual user (user profiling) and the other is to mine profiles for roles (role profiling). Detailed comparative evaluations between role profiling and user profiling are conducted, and we also analyze the reasons why role profiling is more effective and efficient than user profiling. Another contribution of this thesis is that we introduce role hierarchy into database IDS and remarkably reduce the false positive rate without increasing the false negative rate.

Download

Share

COinS
 
 

To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.