SlideShare a Scribd company logo

Using metadata in filtered logs for prevention of database intrusion through owner level interaction

IAEME Publication
IAEME Publication

Using metadata in filtered logs for prevention of database intrusion through owner level interaction

Technology
1 of 6
Download to read offline
Proceedings of the International Conference on Emerging Trends in Engineering and Management (ICETEM14) 30 – 31, December 2014, Ernakulam, India 88 USING METADATA IN FILTERED LOGS FOR PREVENTION OF DATABASE INTRUSION THROUGH OWNER LEVEL INTERACTION Nayana Santhosh1 , Sachu.P.Sahi2 , Arun R3 1, 2, 3 Department of CSE, SNGCE, Kadayiruppu, Kerala, India ABSTRACT As the online activities increases, the chance for attacks also increases in a rapid manner. Among the different categories of attacks, database attacks are most popular, since the data residing on it are highly confidential. One of the main obstacles that we face while conducting forensics analysis is the huge amount of data that we need to analyze in which the required amount of information will be very less and the lack of evidence regarding the intrusion. So in this paper, we focus on a method to filter the bulk amount of log data using a reduction algorithm based on frequent attribute values. Then using metadata, evidence regarding the intrusion is retrieved and notifies the database user about the attempt to mitigate its effect by reversing the action performed by the intruder. Keywords: Log Evidence, Frequent Attribute Value, Metadata, Intrusion. 1. INTRODUCTION With the rapid development in the area of internet, technology and communication, the use of internet in day today activities like online payment e-banking, e-shopping etc. also increase in a vibrant manner. So the invent of internet made our routines much easier. Since everything has two faces, many disadvantages are also there by the usage of internet. Many fraudulent can occur while we use the internet. Different types of attacks like sql injection, reconnaissance attack, etc. are increasing in the world of internet. In almost all the online activities the database plays a very important role, because of that the intrusion in this area is also high. While carrying out the database forensics the major challenge that we face is the bulk amount of data that we need to analyze. In order to increase the availability of data, several redundant copies of data will be available in different logs such as audit logs, cache, and server artifacts etc. which increase the amount of information in which the forensic investigation is to be done. Forensic investigation is normally carried out after a crime or intrusion has been occurred. But in most of the cyber-crimes, the criminals are not being punished due to the lack of evidence. So, by using the metadata of the database we can retrieve information regarding the crime like, who does the crime, when it occurs, how this happens, which flaw in the database causes it etc., and it can be provided as an evidence. In this paper, we present a concept of live forensic analysis in which it detects and prevent the database intrusion. When a user performs submit or commit operation, the data is passed in to the database and information regarding the action performed will be stored in the different logs. At that time or at definite intervals, the logs are analyzed to identify the intrusion. These logs are automatically filtered using a reduction method based on the frequent pattern based outlier detection algorithm [1] . A rating is found for each of the record in the log using the Rscore algorithm [2] which indicates how redundant the data is. INTERNATIONAL JOURNAL OF COMPUTER ENGINEERING & TECHNOLOGY (IJCET) ISSN 0976 – 6367(Print) ISSN 0976 – 6375(Online) Volume 5, Issue 12, December (2014), pp. 88-93 © IAEME: www.iaeme.com/IJCET.asp Journal Impact Factor (2014): 8.5328 (Calculated by GISI) www.jifactor.com IJCET © I A E M E
Proceedings of the International Conference on Emerging Trends in Engineering and Management (ICETEM14) 30 – 31, December 2014, Ernakulam, India 89 That is, higher the value for Rscore means the record is redundant and it can be filtered out. Then the metadata related to the filtered data is taken to get the evidence regarding the intrusion attempt. If any fraudulent is identified, then a notification is given to the database owner to alert him about the intrusion. The database owner recovers details regarding the attempt using metadata and does the reverse action to cancel its effect. 2. RELATED WORK Database forensics is an important area in digital forensic analysis. Analyzing the large amount of data [3] is a tiresome job and is a major challenge in almost all the fields such as engineering, medicine, attack detection etc. Many data reduction methods are already available now, but are complex in nature. Besides handling the bulk amount of data, there are also many other challenges in the area of database forensics. The fact that the technologies used in digital forensics cannot be copied while conducting database forensics is one among them. The next challenge is that how we know whether a modification is occurred in a database or not [4] , and if occurred how we overcome it, from where we need to start the investigation etc. Another one is the different file format used in the database. The next is that, most of the tools used in database forensics are DBMS dependent. Another one is the anti-forensic attack which disrupts the forensic investigation process [5] . While we carry out the forensic investigation, the attackers or intruders will perform attack against the forensic investigation, or disturb the investigation process. This is known as anti-forensic attack. Trail Obfuscation, artifact wiping are examples of anti-forensic attack. Using metadata we can detect these anti-forensic attacks also. Overall, we can divide the database forensics process [4] into three stages as, data acquisition and preservation, collection and analysis of artifacts and database forensic investigation. There are different methods that can be used in each of these phases. For the first phase, we have three methods, Dead data acquisition, Live data acquisition and Hybrid data acquisition. In dead data acquisition [6] , the system is turned off and its hardware is removed. Then it is attached to a forensic tool to make a copy of it. The disadvantage is that, it can’t deal with encrypted data. But in the case of live data acquisition [6] , there is no need to go offline. The data is retrieved from the RAM when the system is on and it can defeat the hardware as well as the software encryption. The problem faced in this method is the data modification during the time of acquisition. In hybrid [6] , it has the advantage of both the dead and live data acquisition and can deal with different data format like ASCII, binary, etc. In the second phase, the artifacts for analysis can be collected from different logs such as webserver logs, transaction logs, trace files etc. and the final database forensic investigation process can be done using DBMS dependent tools like Oracle Log miner in Oracle, SQL Trace in SQL etc. and the Olivier’s method which divide the DBMS in to four different layers and finally Fowler’s method which analyze the volatile as well as non-volatile artifacts of the database. In the case of data reduction, most of the methods are based on false alert reduction mechanism. The methods available are the K Nearest Neighbors Classifier [7] method put forward by Law and Kwok, Naïve Bayesian’s method based on Statistical theory, in which it assumes that each attribute is independent of each other. Another one is the ALAC [8] for false alert reduction by classifying the alerts in to true and false put forward by Pietraszak. Next, based on the idea of data clustering in which the available data are classified in to different classes and their similarity or dissimilarity measure is calculated based on their attribute value. So compared to these methods, the reduction method presented in this paper based on relevant key attribute is much simpler and also the metadata provides explanatory information regarding an action performed as compared to other database forensic mechanisms. And also since we are using the metadata, this method is independent of the database. 3. AN ALGORITHM FOR THE SYSTEM The overall process of the system can be described as below (fig 1) • The users of the system perform some action and submit or commit it. • Filter the log evidence to avoid redundant data. • Using the metadata of the filtered data, check for the intrusion attempt. • If the intrusion happens ,inform the database owner to cancel its effect The system works as follows, A normal user will authenticate into the system and perform some actions. And when he submits or commits the action performed, a query is generated and passed to the database, which may contain an intrusion attempt. So, after performing a submit operation or in definite interval of time, the logs are automatically filtered based on an Rscore algorithm [1] to remove the redundant data. The log contains routine data as well as intrusion data, from which we need to remove the routine information. Routine data will be more in the overall available data and they occur frequently whereas the intrusion data will be less and occur infrequently.
Proceedings of the International Conference on Emerging Trends in Engineering and Management (ICETEM14) 30 – 31, December 2014, Ernakulam, India 90 After this, we retrieve the metadata of these filtered data and perform a pattern matching with the known set of attack library. If a match is occurred, a notification is given to the database owner regarding the attempt and the database owner will does the reverse action to cancel the effect of the action performed by the intruder. Fig 1: Algorithm for the system 4. FRAMEWORK OF THE SYSTEM The framework of the system mainly consist of three stages (fig 2) • Data Reduction • Analysis based on metadata • Intrusion Notification
Proceedings of the International Conference on Emerging Trends in Engineering and Management (ICETEM14) 30 – 31, December 2014, Ernakulam, India 91 4.1. Data Reduction Mechanism There are multiple logs in a database system. These logs are to be analyzed [9] to carry out the forensic activity. In order to reduce the data to be analyzed in the forensics analysis, first we need filter the unwanted contents. For that we should understand about the difference between the intrusion as well as routine data. Both of them are different in which the routine data is the one that occur repeatedly and in large quantity whereas the data occur infrequently. So we need to remove this redundant routine data. For that, in a transaction set, key attribute of each transaction set is taken and their support value [1] is calculated. The Frequent Itemset Redundant Factor (FIRF) is calculated based on this support value and then using this redundant score is calculated which indicates how redundant the data is. If the FIRF value is high then that particular data is redundant i.e., it doesn’t show any intrusion behavior so it is filtered out. This is done based on an Rscore algorithm which can be summarized as follows: We have a database D having n transactions and a set RF consisting of some redundant features. 1. For each item set X in each transaction t , do the following, i. If RF contains the item set X ii. totalsupport=totalsupport+ support (X) 2. Calculate FIRF as the average of the totalsupport 3. Calculate Redundant Score as the sum of totalsupport and FIRF 4. Add the redundant score in to the Redundant List Now after sorting the Redundant List in descending order, a threshold is set. Then, based on it the redundant data is filtered out. Fig 2: Framework of the system
Proceedings of the International Conference on Emerging Trends in Engineering and Management (ICETEM14) 30 – 31, December 2014, Ernakulam, India 92 4.2 Using Metadata In a database, each and every action performed on it are recorded in different logs like audit log, cache, trace files, webserver logs etc. (fig 3) It also contains metadata [10] that describes the data residing in these logs. So the term metadata refers to the “data about the data”. By analyzing the metadata we get information like that who performed a particular action, when it occurs, how is it done [11] etc. So when any abnormal behavior is identified this metadata can be used as evidence. Using metadata we can replay the events that had occurred. The metadata is retrieved from the log files [12] using the corresponding utility program of the DBMS used and is represented as an XML file, which is then used for pattern matching. Fig 3: Log Metadata file 5. CONCLUSION AND FUTURE WORK In this paper, we present a concept for the prevention of database intrusion through interaction. In this, the log data is first filtered using a reduction algorithm to avoid the redundant records and then using the metadata of the filtered data, the intrusion is detected. After that a notification is given to the database owner to cancel the effect of the attempt. And also the concept presented here is independent of the DBMS. Here, the intrusion is detected by performing a comparison with the inference rules regarding some known attacks. Since the threats are evolving in rapid manner, the existing inference rule won’t be sufficient. So a mechanism to overcome this can be considered as a future work. REFERENCES [1] Z. He, X., Xu J.Z. Huang, et al, “FP-Outlier: Frequent Pattern Based Outlier Detection”, Computer Science and Information System, 2005, 2(1), pp. 103-118. [2] Jian Zhang, Xiao Fu*, Xiaojiang Du, Bin Luo, Zhihing Zhao, “A Method to Automatically Filter Log Evidence for Intrusion Forensics”, 2013 IEEE 33rd International Conference on Distributed Computing Systems Workshops, pp. 39-44. [3] Ali Reza Arastch, Mourad Debbabi, Assaad Sakha, Mohamed Saleh, “Analyzing Multiple Logs for Forensic Evidence” Science Direct Digital investigation4s(2000) s82- s91. [4] O.M Fasan and M.S. Olivier, “On Dimensions of Reconstruction in Database Forensics” Seventh International workshop on Digital Forensics & Incident Analysis (WDFIA) 2012. [5] Slim Rekhis and Noureddine Boudriga, “A System for Formal Digital Forensic Investigation Aware of Anti- forensic Attacks” IEEE transactions on Information Forensics and Security, vol. 7. No.2 April 2012. [6] Seema Yadav, “Analysis of Digital Forensics and Investigation”, VSRD-IJCSIT, Vol.1 (3), 2011, 171-178. [7] Pietraszek, T:Using Adaptive Alert Classification to Reduce False Positives in Intrusion Detection., In:Jonsson, E, Valdes, A., Almgren, M. RAID 2004. LNCS, vol. 3325, pp 102-124, Spronger, Heidelberg (2004). DATABASE MANAGEMENT SYSTEM Trace Files Server Logs Cache Files Binary Files Log Metadata File Parse
Proceedings of the International Conference on Emerging Trends in Engineering and Management (ICETEM14) 30 – 31, December 2014, Ernakulam, India 93 [8] Pietraszek, T:Using Adaptive Alert Classification to Reduce False Positives in Intrusion Detection., In:Jonsson, E, Valdes, A., Almgren, M. RAID 2004. LNCS, vol. 3325, pp 102-124, Spronger, Heidelberg (2004). [9] Florian Buchholz, Eugene Spafford, “On the Role of File System Metadata in Digital Forensics” Digital Investigation (2004) 1, 298e309 Elsevier.com. [10] Harmeet Khanuja,mShraddha S. Suratkar, “Role of Metadata in Forensic Analysis of Database Attacks”, 2014 IEEE International Advance Computing Conference, pp. 457-462. [11] Nitin Agarwal, William J. Bolosky, John R. Douceur, and Jacob R. Lorch, “A Five-year Study of File-system Metadata” ACM Trans Storage 3(3):9:1-93:32-2007. [12] Martin S. Olivier, “On Metadata Context in Database Forensics” Science Direct Digital investigation 5(2009) 115-123. [13] Dr. Narayan A. Joshi and Dr. D. B. Choksi, “Implementation of Process Forensic for System Calls”, International Journal of Advanced Research in Engineering & Technology (IJARET), Volume 5, Issue 6, 2014, pp. 77 - 82, ISSN Print: 0976-6480, ISSN Online: 0976-6499.

Recommended

A model to find the agent who responsible for data leakage
A model to find the agent who responsible for data leakageA model to find the agent who responsible for data leakage
A model to find the agent who responsible for data leakage
eSAT Publishing House
 
A model to find the agent who responsible for data leakage
A model to find the agent who responsible for data leakageA model to find the agent who responsible for data leakage
A model to find the agent who responsible for data leakage
eSAT Journals
 
C3602021025
C3602021025C3602021025
C3602021025
ijceronline
 
Final review m score
Final review m scoreFinal review m score
Final review m score
azhar4010
 
DLD_SYNOPSIS
DLD_SYNOPSISDLD_SYNOPSIS
DLD_SYNOPSIS
Nisha Jain
 
IRJET- Netreconner: An Innovative Method to Intrusion Detection using Regular...
IRJET- Netreconner: An Innovative Method to Intrusion Detection using Regular...IRJET- Netreconner: An Innovative Method to Intrusion Detection using Regular...
IRJET- Netreconner: An Innovative Method to Intrusion Detection using Regular...
IRJET Journal
 
Achieving Privacy in Publishing Search logs
Achieving Privacy in Publishing Search logsAchieving Privacy in Publishing Search logs
Achieving Privacy in Publishing Search logs
IOSR Journals
 
Comparative Analysis of K-Means Data Mining and Outlier Detection Approach fo...
Comparative Analysis of K-Means Data Mining and Outlier Detection Approach fo...Comparative Analysis of K-Means Data Mining and Outlier Detection Approach fo...
Comparative Analysis of K-Means Data Mining and Outlier Detection Approach fo...
IJCSIS Research Publications
 

Recommended

A model to find the agent who responsible for data leakage
A model to find the agent who responsible for data leakageA model to find the agent who responsible for data leakage
A model to find the agent who responsible for data leakage
eSAT Publishing House
 
A model to find the agent who responsible for data leakage
A model to find the agent who responsible for data leakageA model to find the agent who responsible for data leakage
A model to find the agent who responsible for data leakage
eSAT Journals
 
C3602021025
C3602021025C3602021025
C3602021025
ijceronline
 
Final review m score
Final review m scoreFinal review m score
Final review m score
azhar4010
 
DLD_SYNOPSIS
DLD_SYNOPSISDLD_SYNOPSIS
DLD_SYNOPSIS
Nisha Jain
 
IRJET- Netreconner: An Innovative Method to Intrusion Detection using Regular...
IRJET- Netreconner: An Innovative Method to Intrusion Detection using Regular...IRJET- Netreconner: An Innovative Method to Intrusion Detection using Regular...
IRJET- Netreconner: An Innovative Method to Intrusion Detection using Regular...
IRJET Journal
 
Achieving Privacy in Publishing Search logs
Achieving Privacy in Publishing Search logsAchieving Privacy in Publishing Search logs
Achieving Privacy in Publishing Search logs
IOSR Journals
 
Comparative Analysis of K-Means Data Mining and Outlier Detection Approach fo...
Comparative Analysis of K-Means Data Mining and Outlier Detection Approach fo...Comparative Analysis of K-Means Data Mining and Outlier Detection Approach fo...
Comparative Analysis of K-Means Data Mining and Outlier Detection Approach fo...
IJCSIS Research Publications
 
Cluster Based Access Privilege Management Scheme for Databases
Cluster Based Access Privilege Management Scheme for DatabasesCluster Based Access Privilege Management Scheme for Databases
Cluster Based Access Privilege Management Scheme for Databases
Editor IJMTER
 
Cryptography for privacy preserving data mining
Cryptography for privacy preserving data miningCryptography for privacy preserving data mining
Cryptography for privacy preserving data mining
Mesbah Uddin Khan
 
50120140504006
5012014050400650120140504006
50120140504006
IAEME Publication
 
Sub1555
Sub1555Sub1555
Sub1555
International Journal of Science and Research (IJSR)
 
Using Randomized Response Techniques for Privacy-Preserving Data Mining
Using Randomized Response Techniques for Privacy-Preserving Data MiningUsing Randomized Response Techniques for Privacy-Preserving Data Mining
Using Randomized Response Techniques for Privacy-Preserving Data Mining
14894
 
2016 BE Final year Projects in chennai - 1 Crore Projects
2016 BE Final year Projects in chennai - 1 Crore Projects 2016 BE Final year Projects in chennai - 1 Crore Projects
2016 BE Final year Projects in chennai - 1 Crore Projects
1crore projects
 
Privacy Preserving Data Mining
Privacy Preserving Data MiningPrivacy Preserving Data Mining
Privacy Preserving Data Mining
Vrushali Malvadkar
 
Performance Analysis of Hybrid Approach for Privacy Preserving in Data Mining
Performance Analysis of Hybrid Approach for Privacy Preserving in Data MiningPerformance Analysis of Hybrid Approach for Privacy Preserving in Data Mining
Performance Analysis of Hybrid Approach for Privacy Preserving in Data Mining
idescitation
 
Data mining and privacy preserving in data mining
Data mining and privacy preserving in data miningData mining and privacy preserving in data mining
Data mining and privacy preserving in data mining
Needa Multani
 
A Review Study on the Privacy Preserving Data Mining Techniques and Approaches
A Review Study on the Privacy Preserving Data Mining Techniques and ApproachesA Review Study on the Privacy Preserving Data Mining Techniques and Approaches
A Review Study on the Privacy Preserving Data Mining Techniques and Approaches
14894
 
An efficeient privacy preserving ranked keyword search
An efficeient privacy preserving ranked keyword searchAn efficeient privacy preserving ranked keyword search
An efficeient privacy preserving ranked keyword search
redpel dot com
 
Privacy preservation techniques in data mining
Privacy preservation techniques in data miningPrivacy preservation techniques in data mining
Privacy preservation techniques in data mining
eSAT Publishing House
 
Privacy preserving in data mining with hybrid approach
Privacy preserving in data mining with hybrid approachPrivacy preserving in data mining with hybrid approach
Privacy preserving in data mining with hybrid approach
Narendra Dhadhal
 
INTRUSION DETECTION AND MARKING TRANSACTIONS IN A CLOUD OF DATABASES ENVIRONMENT
INTRUSION DETECTION AND MARKING TRANSACTIONS IN A CLOUD OF DATABASES ENVIRONMENTINTRUSION DETECTION AND MARKING TRANSACTIONS IN A CLOUD OF DATABASES ENVIRONMENT
INTRUSION DETECTION AND MARKING TRANSACTIONS IN A CLOUD OF DATABASES ENVIRONMENT
ijccsa
 
Implementation of Banker’s Algorithm Using Dynamic Modified Approach
Implementation of Banker’s Algorithm Using Dynamic Modified ApproachImplementation of Banker’s Algorithm Using Dynamic Modified Approach
Implementation of Banker’s Algorithm Using Dynamic Modified Approach
rahulmonikasharma
 
ISSC362_Research_Paper_Intindolo
ISSC362_Research_Paper_IntindoloISSC362_Research_Paper_Intindolo
ISSC362_Research_Paper_Intindolo
John Intindolo
 
Implementing Proof of Retriavaibility for Multiple Replica of Data File using...
Implementing Proof of Retriavaibility for Multiple Replica of Data File using...Implementing Proof of Retriavaibility for Multiple Replica of Data File using...
Implementing Proof of Retriavaibility for Multiple Replica of Data File using...
IRJET Journal
 
Privacy Preserving DB Systems
Privacy Preserving DB SystemsPrivacy Preserving DB Systems
Privacy Preserving DB Systems
Ashraf Bashir
 
CAO RESUME
CAO RESUMECAO RESUME
CAO RESUME
sarah mcfadden
 
Kent the house of purity
Kent the house of purityKent the house of purity
Kent the house of purity
KENT RO Systems Ltd.
 
OSAMA C.V
OSAMA C.VOSAMA C.V
OSAMA C.V
Osama Rabie
 
θανατική ποινή
θανατική ποινήθανατική ποινή
θανατική ποινή
popianna
 

More Related Content

What's hot

Cluster Based Access Privilege Management Scheme for Databases
Cluster Based Access Privilege Management Scheme for DatabasesCluster Based Access Privilege Management Scheme for Databases
Cluster Based Access Privilege Management Scheme for Databases
Editor IJMTER
 
Using Randomized Response Techniques for Privacy-Preserving Data Mining
Using Randomized Response Techniques for Privacy-Preserving Data MiningUsing Randomized Response Techniques for Privacy-Preserving Data Mining
Using Randomized Response Techniques for Privacy-Preserving Data Mining
14894
 
2016 BE Final year Projects in chennai - 1 Crore Projects
2016 BE Final year Projects in chennai - 1 Crore Projects 2016 BE Final year Projects in chennai - 1 Crore Projects
2016 BE Final year Projects in chennai - 1 Crore Projects
1crore projects
 
Performance Analysis of Hybrid Approach for Privacy Preserving in Data Mining
Performance Analysis of Hybrid Approach for Privacy Preserving in Data MiningPerformance Analysis of Hybrid Approach for Privacy Preserving in Data Mining
Performance Analysis of Hybrid Approach for Privacy Preserving in Data Mining
idescitation
 
Data mining and privacy preserving in data mining
Data mining and privacy preserving in data miningData mining and privacy preserving in data mining
Data mining and privacy preserving in data mining
Needa Multani
 
INTRUSION DETECTION AND MARKING TRANSACTIONS IN A CLOUD OF DATABASES ENVIRONMENT
INTRUSION DETECTION AND MARKING TRANSACTIONS IN A CLOUD OF DATABASES ENVIRONMENTINTRUSION DETECTION AND MARKING TRANSACTIONS IN A CLOUD OF DATABASES ENVIRONMENT
INTRUSION DETECTION AND MARKING TRANSACTIONS IN A CLOUD OF DATABASES ENVIRONMENT
ijccsa
 
Implementation of Banker’s Algorithm Using Dynamic Modified Approach
Implementation of Banker’s Algorithm Using Dynamic Modified ApproachImplementation of Banker’s Algorithm Using Dynamic Modified Approach
Implementation of Banker’s Algorithm Using Dynamic Modified Approach
rahulmonikasharma
 
ISSC362_Research_Paper_Intindolo
ISSC362_Research_Paper_IntindoloISSC362_Research_Paper_Intindolo
ISSC362_Research_Paper_Intindolo
John Intindolo
 

What's hot (18)

Cluster Based Access Privilege Management Scheme for Databases
Cluster Based Access Privilege Management Scheme for DatabasesCluster Based Access Privilege Management Scheme for Databases
Cluster Based Access Privilege Management Scheme for Databases
 
Cryptography for privacy preserving data mining
Cryptography for privacy preserving data miningCryptography for privacy preserving data mining
Cryptography for privacy preserving data mining
 
50120140504006
5012014050400650120140504006
50120140504006
 
Sub1555
Sub1555Sub1555
Sub1555
 
Using Randomized Response Techniques for Privacy-Preserving Data Mining
Using Randomized Response Techniques for Privacy-Preserving Data MiningUsing Randomized Response Techniques for Privacy-Preserving Data Mining
Using Randomized Response Techniques for Privacy-Preserving Data Mining
 
2016 BE Final year Projects in chennai - 1 Crore Projects
2016 BE Final year Projects in chennai - 1 Crore Projects 2016 BE Final year Projects in chennai - 1 Crore Projects
2016 BE Final year Projects in chennai - 1 Crore Projects
 
Privacy Preserving Data Mining
Privacy Preserving Data MiningPrivacy Preserving Data Mining
Privacy Preserving Data Mining
 
Performance Analysis of Hybrid Approach for Privacy Preserving in Data Mining
Performance Analysis of Hybrid Approach for Privacy Preserving in Data MiningPerformance Analysis of Hybrid Approach for Privacy Preserving in Data Mining
Performance Analysis of Hybrid Approach for Privacy Preserving in Data Mining
 
Data mining and privacy preserving in data mining
Data mining and privacy preserving in data miningData mining and privacy preserving in data mining
Data mining and privacy preserving in data mining
 
A Review Study on the Privacy Preserving Data Mining Techniques and Approaches
A Review Study on the Privacy Preserving Data Mining Techniques and ApproachesA Review Study on the Privacy Preserving Data Mining Techniques and Approaches
A Review Study on the Privacy Preserving Data Mining Techniques and Approaches
 
An efficeient privacy preserving ranked keyword search
An efficeient privacy preserving ranked keyword searchAn efficeient privacy preserving ranked keyword search
An efficeient privacy preserving ranked keyword search
 
Privacy preservation techniques in data mining
Privacy preservation techniques in data miningPrivacy preservation techniques in data mining
Privacy preservation techniques in data mining
 
Privacy preserving in data mining with hybrid approach
Privacy preserving in data mining with hybrid approachPrivacy preserving in data mining with hybrid approach
Privacy preserving in data mining with hybrid approach
 
INTRUSION DETECTION AND MARKING TRANSACTIONS IN A CLOUD OF DATABASES ENVIRONMENT
INTRUSION DETECTION AND MARKING TRANSACTIONS IN A CLOUD OF DATABASES ENVIRONMENTINTRUSION DETECTION AND MARKING TRANSACTIONS IN A CLOUD OF DATABASES ENVIRONMENT
INTRUSION DETECTION AND MARKING TRANSACTIONS IN A CLOUD OF DATABASES ENVIRONMENT
 
Implementation of Banker’s Algorithm Using Dynamic Modified Approach
Implementation of Banker’s Algorithm Using Dynamic Modified ApproachImplementation of Banker’s Algorithm Using Dynamic Modified Approach
Implementation of Banker’s Algorithm Using Dynamic Modified Approach
 
ISSC362_Research_Paper_Intindolo
ISSC362_Research_Paper_IntindoloISSC362_Research_Paper_Intindolo
ISSC362_Research_Paper_Intindolo
 
Implementing Proof of Retriavaibility for Multiple Replica of Data File using...
Implementing Proof of Retriavaibility for Multiple Replica of Data File using...Implementing Proof of Retriavaibility for Multiple Replica of Data File using...
Implementing Proof of Retriavaibility for Multiple Replica of Data File using...
 
Privacy Preserving DB Systems
Privacy Preserving DB SystemsPrivacy Preserving DB Systems
Privacy Preserving DB Systems
 

Viewers also liked

θανατική ποινή
θανατική ποινήθανατική ποινή
θανατική ποινή
popianna
 
„Morska energetyka wiatrowa” - seminarium popularnonaukowe (24-25.10.2012), ...
„Morska energetyka wiatrowa” - seminarium popularnonaukowe (24-25.10.2012), ... „Morska energetyka wiatrowa” - seminarium popularnonaukowe (24-25.10.2012), ...
„Morska energetyka wiatrowa” - seminarium popularnonaukowe (24-25.10.2012), ...
Pomcert
 

Viewers also liked (11)

CAO RESUME
CAO RESUMECAO RESUME
CAO RESUME
 
Kent the house of purity
Kent the house of purityKent the house of purity
Kent the house of purity
 
OSAMA C.V
OSAMA C.VOSAMA C.V
OSAMA C.V
 
θανατική ποινή
θανατική ποινήθανατική ποινή
θανατική ποινή
 
EALD Staff Meeting November 2015
EALD Staff Meeting November 2015EALD Staff Meeting November 2015
EALD Staff Meeting November 2015
 
International festival
International festivalInternational festival
International festival
 
„Morska energetyka wiatrowa” - seminarium popularnonaukowe (24-25.10.2012), ...
„Morska energetyka wiatrowa” - seminarium popularnonaukowe (24-25.10.2012), ... „Morska energetyka wiatrowa” - seminarium popularnonaukowe (24-25.10.2012), ...
„Morska energetyka wiatrowa” - seminarium popularnonaukowe (24-25.10.2012), ...
 
Promocja organizacji non profit
Promocja organizacji non profitPromocja organizacji non profit
Promocja organizacji non profit
 
Aces 2010 Presentation: Power of Proofreading
Aces 2010 Presentation: Power of ProofreadingAces 2010 Presentation: Power of Proofreading
Aces 2010 Presentation: Power of Proofreading
 
Mark Clayton, QUBE Renewables
Mark Clayton, QUBE RenewablesMark Clayton, QUBE Renewables
Mark Clayton, QUBE Renewables
 
Dean Herron, Aqua Enviro
Dean Herron, Aqua EnviroDean Herron, Aqua Enviro
Dean Herron, Aqua Enviro
 

Similar to Using metadata in filtered logs for prevention of database intrusion through owner level interaction

Whitepaper- User Behavior-Based Anomaly Detection for Cyber Network Security
Whitepaper- User Behavior-Based Anomaly Detection for Cyber Network SecurityWhitepaper- User Behavior-Based Anomaly Detection for Cyber Network Security
Whitepaper- User Behavior-Based Anomaly Detection for Cyber Network Security
Happiest Minds Technologies
 
A DATABASE SYSTEM SECURITY FRAMEWORK
A DATABASE SYSTEM SECURITY FRAMEWORKA DATABASE SYSTEM SECURITY FRAMEWORK
A DATABASE SYSTEM SECURITY FRAMEWORK
ijcsit
 
Intrusion detection and anomaly detection system using sequential pattern mining
Intrusion detection and anomaly detection system using sequential pattern miningIntrusion detection and anomaly detection system using sequential pattern mining
Intrusion detection and anomaly detection system using sequential pattern mining
eSAT Journals
 
Intrusion detection and anomaly detection system using sequential pattern mining
Intrusion detection and anomaly detection system using sequential pattern miningIntrusion detection and anomaly detection system using sequential pattern mining
Intrusion detection and anomaly detection system using sequential pattern mining
eSAT Journals
 
Events Classification in Log Audit
Events Classification in Log Audit Events Classification in Log Audit
Events Classification in Log Audit
IJNSA Journal
 
Log management siem 5651 sayılı yasa
Log management siem 5651 sayılı yasaLog management siem 5651 sayılı yasa
Log management siem 5651 sayılı yasa
Ertugrul Akbas
 
Review of Intrusion and Anomaly Detection Techniques
Review of Intrusion and Anomaly Detection Techniques Review of Intrusion and Anomaly Detection Techniques
Review of Intrusion and Anomaly Detection Techniques
IJMER
 

Similar to Using metadata in filtered logs for prevention of database intrusion through owner level interaction (20)

Whitepaper- User Behavior-Based Anomaly Detection for Cyber Network Security
Whitepaper- User Behavior-Based Anomaly Detection for Cyber Network SecurityWhitepaper- User Behavior-Based Anomaly Detection for Cyber Network Security
Whitepaper- User Behavior-Based Anomaly Detection for Cyber Network Security
 
Kg2417521755
Kg2417521755Kg2417521755
Kg2417521755
 
Evidence Data Preprocessing for Forensic and Legal Analytics
Evidence Data Preprocessing for Forensic and Legal AnalyticsEvidence Data Preprocessing for Forensic and Legal Analytics
Evidence Data Preprocessing for Forensic and Legal Analytics
 
A Database System Security Framework
A Database System Security FrameworkA Database System Security Framework
A Database System Security Framework
 
A DATABASE SYSTEM SECURITY FRAMEWORK
A DATABASE SYSTEM SECURITY FRAMEWORKA DATABASE SYSTEM SECURITY FRAMEWORK
A DATABASE SYSTEM SECURITY FRAMEWORK
 
1639(pm proofreading)(tracked)
1639(pm proofreading)(tracked)1639(pm proofreading)(tracked)
1639(pm proofreading)(tracked)
 
Intrusion detection and anomaly detection system using sequential pattern mining
Intrusion detection and anomaly detection system using sequential pattern miningIntrusion detection and anomaly detection system using sequential pattern mining
Intrusion detection and anomaly detection system using sequential pattern mining
 
Intrusion detection and anomaly detection system using sequential pattern mining
Intrusion detection and anomaly detection system using sequential pattern miningIntrusion detection and anomaly detection system using sequential pattern mining
Intrusion detection and anomaly detection system using sequential pattern mining
 
Application of Data Mining Technique in Invasion Recognition
Application of Data Mining Technique in Invasion RecognitionApplication of Data Mining Technique in Invasion Recognition
Application of Data Mining Technique in Invasion Recognition
 
A Novel Methodology for Offline Forensics Triage in Windows Systems
A Novel Methodology for Offline Forensics Triage in Windows SystemsA Novel Methodology for Offline Forensics Triage in Windows Systems
A Novel Methodology for Offline Forensics Triage in Windows Systems
 
Events Classification in Log Audit
Events Classification in Log Audit Events Classification in Log Audit
Events Classification in Log Audit
 
Ijarcce 6
Ijarcce 6Ijarcce 6
Ijarcce 6
 
Log management siem 5651 sayılı yasa
Log management siem 5651 sayılı yasaLog management siem 5651 sayılı yasa
Log management siem 5651 sayılı yasa
 
Enhancing SIEM Correlation Rules Through Baselining
Enhancing SIEM Correlation Rules Through BaseliningEnhancing SIEM Correlation Rules Through Baselining
Enhancing SIEM Correlation Rules Through Baselining
 
Sub1582
Sub1582Sub1582
Sub1582
 
Analysis on different Data mining Techniques and algorithms used in IOT
Analysis on different Data mining Techniques and algorithms used in IOTAnalysis on different Data mining Techniques and algorithms used in IOT
Analysis on different Data mining Techniques and algorithms used in IOT
 
Network Forensic Investigation of HTTPS Protocol
Network Forensic Investigation of HTTPS ProtocolNetwork Forensic Investigation of HTTPS Protocol
Network Forensic Investigation of HTTPS Protocol
 
New Hybrid Intrusion Detection System Based On Data Mining Technique to Enhan...
New Hybrid Intrusion Detection System Based On Data Mining Technique to Enhan...New Hybrid Intrusion Detection System Based On Data Mining Technique to Enhan...
New Hybrid Intrusion Detection System Based On Data Mining Technique to Enhan...
 
New Hybrid Intrusion Detection System Based On Data Mining Technique to Enhan...
New Hybrid Intrusion Detection System Based On Data Mining Technique to Enhan...New Hybrid Intrusion Detection System Based On Data Mining Technique to Enhan...
New Hybrid Intrusion Detection System Based On Data Mining Technique to Enhan...
 
Review of Intrusion and Anomaly Detection Techniques
Review of Intrusion and Anomaly Detection Techniques Review of Intrusion and Anomaly Detection Techniques
Review of Intrusion and Anomaly Detection Techniques
 

More from IAEME Publication

MODELING AND ANALYSIS OF SURFACE ROUGHNESS AND WHITE LATER THICKNESS IN WIRE-...
MODELING AND ANALYSIS OF SURFACE ROUGHNESS AND WHITE LATER THICKNESS IN WIRE-...MODELING AND ANALYSIS OF SURFACE ROUGHNESS AND WHITE LATER THICKNESS IN WIRE-...
MODELING AND ANALYSIS OF SURFACE ROUGHNESS AND WHITE LATER THICKNESS IN WIRE-...
IAEME Publication
 
A STUDY ON THE REASONS FOR TRANSGENDER TO BECOME ENTREPRENEURS
A STUDY ON THE REASONS FOR TRANSGENDER TO BECOME ENTREPRENEURSA STUDY ON THE REASONS FOR TRANSGENDER TO BECOME ENTREPRENEURS
A STUDY ON THE REASONS FOR TRANSGENDER TO BECOME ENTREPRENEURS
IAEME Publication
 
BROAD UNEXPOSED SKILLS OF TRANSGENDER ENTREPRENEURS
BROAD UNEXPOSED SKILLS OF TRANSGENDER ENTREPRENEURSBROAD UNEXPOSED SKILLS OF TRANSGENDER ENTREPRENEURS
BROAD UNEXPOSED SKILLS OF TRANSGENDER ENTREPRENEURS
IAEME Publication
 
DETERMINANTS AFFECTING THE USER'S INTENTION TO USE MOBILE BANKING APPLICATIONS
DETERMINANTS AFFECTING THE USER'S INTENTION TO USE MOBILE BANKING APPLICATIONSDETERMINANTS AFFECTING THE USER'S INTENTION TO USE MOBILE BANKING APPLICATIONS
DETERMINANTS AFFECTING THE USER'S INTENTION TO USE MOBILE BANKING APPLICATIONS
IAEME Publication
 
ANALYSE THE USER PREDILECTION ON GPAY AND PHONEPE FOR DIGITAL TRANSACTIONS
ANALYSE THE USER PREDILECTION ON GPAY AND PHONEPE FOR DIGITAL TRANSACTIONSANALYSE THE USER PREDILECTION ON GPAY AND PHONEPE FOR DIGITAL TRANSACTIONS
ANALYSE THE USER PREDILECTION ON GPAY AND PHONEPE FOR DIGITAL TRANSACTIONS
IAEME Publication
 
IMPACT OF EMOTIONAL INTELLIGENCE ON HUMAN RESOURCE MANAGEMENT PRACTICES AMONG...
IMPACT OF EMOTIONAL INTELLIGENCE ON HUMAN RESOURCE MANAGEMENT PRACTICES AMONG...IMPACT OF EMOTIONAL INTELLIGENCE ON HUMAN RESOURCE MANAGEMENT PRACTICES AMONG...
IMPACT OF EMOTIONAL INTELLIGENCE ON HUMAN RESOURCE MANAGEMENT PRACTICES AMONG...
IAEME Publication
 
A STUDY ON THE IMPACT OF ORGANIZATIONAL CULTURE ON THE EFFECTIVENESS OF PERFO...
A STUDY ON THE IMPACT OF ORGANIZATIONAL CULTURE ON THE EFFECTIVENESS OF PERFO...A STUDY ON THE IMPACT OF ORGANIZATIONAL CULTURE ON THE EFFECTIVENESS OF PERFO...
A STUDY ON THE IMPACT OF ORGANIZATIONAL CULTURE ON THE EFFECTIVENESS OF PERFO...
IAEME Publication
 
GANDHI ON NON-VIOLENT POLICE
GANDHI ON NON-VIOLENT POLICEGANDHI ON NON-VIOLENT POLICE
GANDHI ON NON-VIOLENT POLICE
IAEME Publication
 
A STUDY ON TALENT MANAGEMENT AND ITS IMPACT ON EMPLOYEE RETENTION IN SELECTED...
A STUDY ON TALENT MANAGEMENT AND ITS IMPACT ON EMPLOYEE RETENTION IN SELECTED...A STUDY ON TALENT MANAGEMENT AND ITS IMPACT ON EMPLOYEE RETENTION IN SELECTED...
A STUDY ON TALENT MANAGEMENT AND ITS IMPACT ON EMPLOYEE RETENTION IN SELECTED...
IAEME Publication
 
ATTRITION IN THE IT INDUSTRY DURING COVID-19 PANDEMIC: LINKING EMOTIONAL INTE...
ATTRITION IN THE IT INDUSTRY DURING COVID-19 PANDEMIC: LINKING EMOTIONAL INTE...ATTRITION IN THE IT INDUSTRY DURING COVID-19 PANDEMIC: LINKING EMOTIONAL INTE...
ATTRITION IN THE IT INDUSTRY DURING COVID-19 PANDEMIC: LINKING EMOTIONAL INTE...
IAEME Publication
 
INFLUENCE OF TALENT MANAGEMENT PRACTICES ON ORGANIZATIONAL PERFORMANCE A STUD...
INFLUENCE OF TALENT MANAGEMENT PRACTICES ON ORGANIZATIONAL PERFORMANCE A STUD...INFLUENCE OF TALENT MANAGEMENT PRACTICES ON ORGANIZATIONAL PERFORMANCE A STUD...
INFLUENCE OF TALENT MANAGEMENT PRACTICES ON ORGANIZATIONAL PERFORMANCE A STUD...
IAEME Publication
 
A STUDY OF VARIOUS TYPES OF LOANS OF SELECTED PUBLIC AND PRIVATE SECTOR BANKS...
A STUDY OF VARIOUS TYPES OF LOANS OF SELECTED PUBLIC AND PRIVATE SECTOR BANKS...A STUDY OF VARIOUS TYPES OF LOANS OF SELECTED PUBLIC AND PRIVATE SECTOR BANKS...
A STUDY OF VARIOUS TYPES OF LOANS OF SELECTED PUBLIC AND PRIVATE SECTOR BANKS...
IAEME Publication
 
EXPERIMENTAL STUDY OF MECHANICAL AND TRIBOLOGICAL RELATION OF NYLON/BaSO4 POL...
EXPERIMENTAL STUDY OF MECHANICAL AND TRIBOLOGICAL RELATION OF NYLON/BaSO4 POL...EXPERIMENTAL STUDY OF MECHANICAL AND TRIBOLOGICAL RELATION OF NYLON/BaSO4 POL...
EXPERIMENTAL STUDY OF MECHANICAL AND TRIBOLOGICAL RELATION OF NYLON/BaSO4 POL...
IAEME Publication
 
ROLE OF SOCIAL ENTREPRENEURSHIP IN RURAL DEVELOPMENT OF INDIA - PROBLEMS AND ...
ROLE OF SOCIAL ENTREPRENEURSHIP IN RURAL DEVELOPMENT OF INDIA - PROBLEMS AND ...ROLE OF SOCIAL ENTREPRENEURSHIP IN RURAL DEVELOPMENT OF INDIA - PROBLEMS AND ...
ROLE OF SOCIAL ENTREPRENEURSHIP IN RURAL DEVELOPMENT OF INDIA - PROBLEMS AND ...
IAEME Publication
 
OPTIMAL RECONFIGURATION OF POWER DISTRIBUTION RADIAL NETWORK USING HYBRID MET...
OPTIMAL RECONFIGURATION OF POWER DISTRIBUTION RADIAL NETWORK USING HYBRID MET...OPTIMAL RECONFIGURATION OF POWER DISTRIBUTION RADIAL NETWORK USING HYBRID MET...
OPTIMAL RECONFIGURATION OF POWER DISTRIBUTION RADIAL NETWORK USING HYBRID MET...
IAEME Publication
 
APPLICATION OF FRUGAL APPROACH FOR PRODUCTIVITY IMPROVEMENT - A CASE STUDY OF...
APPLICATION OF FRUGAL APPROACH FOR PRODUCTIVITY IMPROVEMENT - A CASE STUDY OF...APPLICATION OF FRUGAL APPROACH FOR PRODUCTIVITY IMPROVEMENT - A CASE STUDY OF...
APPLICATION OF FRUGAL APPROACH FOR PRODUCTIVITY IMPROVEMENT - A CASE STUDY OF...
IAEME Publication
 

More from IAEME Publication (20)

IAEME_Publication_Call_for_Paper_September_2022.pdf
IAEME_Publication_Call_for_Paper_September_2022.pdfIAEME_Publication_Call_for_Paper_September_2022.pdf
IAEME_Publication_Call_for_Paper_September_2022.pdf
 
MODELING AND ANALYSIS OF SURFACE ROUGHNESS AND WHITE LATER THICKNESS IN WIRE-...
MODELING AND ANALYSIS OF SURFACE ROUGHNESS AND WHITE LATER THICKNESS IN WIRE-...MODELING AND ANALYSIS OF SURFACE ROUGHNESS AND WHITE LATER THICKNESS IN WIRE-...
MODELING AND ANALYSIS OF SURFACE ROUGHNESS AND WHITE LATER THICKNESS IN WIRE-...
 
A STUDY ON THE REASONS FOR TRANSGENDER TO BECOME ENTREPRENEURS
A STUDY ON THE REASONS FOR TRANSGENDER TO BECOME ENTREPRENEURSA STUDY ON THE REASONS FOR TRANSGENDER TO BECOME ENTREPRENEURS
A STUDY ON THE REASONS FOR TRANSGENDER TO BECOME ENTREPRENEURS
 
BROAD UNEXPOSED SKILLS OF TRANSGENDER ENTREPRENEURS
BROAD UNEXPOSED SKILLS OF TRANSGENDER ENTREPRENEURSBROAD UNEXPOSED SKILLS OF TRANSGENDER ENTREPRENEURS
BROAD UNEXPOSED SKILLS OF TRANSGENDER ENTREPRENEURS
 
DETERMINANTS AFFECTING THE USER'S INTENTION TO USE MOBILE BANKING APPLICATIONS
DETERMINANTS AFFECTING THE USER'S INTENTION TO USE MOBILE BANKING APPLICATIONSDETERMINANTS AFFECTING THE USER'S INTENTION TO USE MOBILE BANKING APPLICATIONS
DETERMINANTS AFFECTING THE USER'S INTENTION TO USE MOBILE BANKING APPLICATIONS
 
ANALYSE THE USER PREDILECTION ON GPAY AND PHONEPE FOR DIGITAL TRANSACTIONS
ANALYSE THE USER PREDILECTION ON GPAY AND PHONEPE FOR DIGITAL TRANSACTIONSANALYSE THE USER PREDILECTION ON GPAY AND PHONEPE FOR DIGITAL TRANSACTIONS
ANALYSE THE USER PREDILECTION ON GPAY AND PHONEPE FOR DIGITAL TRANSACTIONS
 
VOICE BASED ATM FOR VISUALLY IMPAIRED USING ARDUINO
VOICE BASED ATM FOR VISUALLY IMPAIRED USING ARDUINOVOICE BASED ATM FOR VISUALLY IMPAIRED USING ARDUINO
VOICE BASED ATM FOR VISUALLY IMPAIRED USING ARDUINO
 
IMPACT OF EMOTIONAL INTELLIGENCE ON HUMAN RESOURCE MANAGEMENT PRACTICES AMONG...
IMPACT OF EMOTIONAL INTELLIGENCE ON HUMAN RESOURCE MANAGEMENT PRACTICES AMONG...IMPACT OF EMOTIONAL INTELLIGENCE ON HUMAN RESOURCE MANAGEMENT PRACTICES AMONG...
IMPACT OF EMOTIONAL INTELLIGENCE ON HUMAN RESOURCE MANAGEMENT PRACTICES AMONG...
 
VISUALISING AGING PARENTS & THEIR CLOSE CARERS LIFE JOURNEY IN AGING ECONOMY
VISUALISING AGING PARENTS & THEIR CLOSE CARERS LIFE JOURNEY IN AGING ECONOMYVISUALISING AGING PARENTS & THEIR CLOSE CARERS LIFE JOURNEY IN AGING ECONOMY
VISUALISING AGING PARENTS & THEIR CLOSE CARERS LIFE JOURNEY IN AGING ECONOMY
 
A STUDY ON THE IMPACT OF ORGANIZATIONAL CULTURE ON THE EFFECTIVENESS OF PERFO...
A STUDY ON THE IMPACT OF ORGANIZATIONAL CULTURE ON THE EFFECTIVENESS OF PERFO...A STUDY ON THE IMPACT OF ORGANIZATIONAL CULTURE ON THE EFFECTIVENESS OF PERFO...
A STUDY ON THE IMPACT OF ORGANIZATIONAL CULTURE ON THE EFFECTIVENESS OF PERFO...
 
GANDHI ON NON-VIOLENT POLICE
GANDHI ON NON-VIOLENT POLICEGANDHI ON NON-VIOLENT POLICE
GANDHI ON NON-VIOLENT POLICE
 
A STUDY ON TALENT MANAGEMENT AND ITS IMPACT ON EMPLOYEE RETENTION IN SELECTED...
A STUDY ON TALENT MANAGEMENT AND ITS IMPACT ON EMPLOYEE RETENTION IN SELECTED...A STUDY ON TALENT MANAGEMENT AND ITS IMPACT ON EMPLOYEE RETENTION IN SELECTED...
A STUDY ON TALENT MANAGEMENT AND ITS IMPACT ON EMPLOYEE RETENTION IN SELECTED...
 
ATTRITION IN THE IT INDUSTRY DURING COVID-19 PANDEMIC: LINKING EMOTIONAL INTE...
ATTRITION IN THE IT INDUSTRY DURING COVID-19 PANDEMIC: LINKING EMOTIONAL INTE...ATTRITION IN THE IT INDUSTRY DURING COVID-19 PANDEMIC: LINKING EMOTIONAL INTE...
ATTRITION IN THE IT INDUSTRY DURING COVID-19 PANDEMIC: LINKING EMOTIONAL INTE...
 
INFLUENCE OF TALENT MANAGEMENT PRACTICES ON ORGANIZATIONAL PERFORMANCE A STUD...
INFLUENCE OF TALENT MANAGEMENT PRACTICES ON ORGANIZATIONAL PERFORMANCE A STUD...INFLUENCE OF TALENT MANAGEMENT PRACTICES ON ORGANIZATIONAL PERFORMANCE A STUD...
INFLUENCE OF TALENT MANAGEMENT PRACTICES ON ORGANIZATIONAL PERFORMANCE A STUD...
 
A STUDY OF VARIOUS TYPES OF LOANS OF SELECTED PUBLIC AND PRIVATE SECTOR BANKS...
A STUDY OF VARIOUS TYPES OF LOANS OF SELECTED PUBLIC AND PRIVATE SECTOR BANKS...A STUDY OF VARIOUS TYPES OF LOANS OF SELECTED PUBLIC AND PRIVATE SECTOR BANKS...
A STUDY OF VARIOUS TYPES OF LOANS OF SELECTED PUBLIC AND PRIVATE SECTOR BANKS...
 
EXPERIMENTAL STUDY OF MECHANICAL AND TRIBOLOGICAL RELATION OF NYLON/BaSO4 POL...
EXPERIMENTAL STUDY OF MECHANICAL AND TRIBOLOGICAL RELATION OF NYLON/BaSO4 POL...EXPERIMENTAL STUDY OF MECHANICAL AND TRIBOLOGICAL RELATION OF NYLON/BaSO4 POL...
EXPERIMENTAL STUDY OF MECHANICAL AND TRIBOLOGICAL RELATION OF NYLON/BaSO4 POL...
 
ROLE OF SOCIAL ENTREPRENEURSHIP IN RURAL DEVELOPMENT OF INDIA - PROBLEMS AND ...
ROLE OF SOCIAL ENTREPRENEURSHIP IN RURAL DEVELOPMENT OF INDIA - PROBLEMS AND ...ROLE OF SOCIAL ENTREPRENEURSHIP IN RURAL DEVELOPMENT OF INDIA - PROBLEMS AND ...
ROLE OF SOCIAL ENTREPRENEURSHIP IN RURAL DEVELOPMENT OF INDIA - PROBLEMS AND ...
 
OPTIMAL RECONFIGURATION OF POWER DISTRIBUTION RADIAL NETWORK USING HYBRID MET...
OPTIMAL RECONFIGURATION OF POWER DISTRIBUTION RADIAL NETWORK USING HYBRID MET...OPTIMAL RECONFIGURATION OF POWER DISTRIBUTION RADIAL NETWORK USING HYBRID MET...
OPTIMAL RECONFIGURATION OF POWER DISTRIBUTION RADIAL NETWORK USING HYBRID MET...
 
APPLICATION OF FRUGAL APPROACH FOR PRODUCTIVITY IMPROVEMENT - A CASE STUDY OF...
APPLICATION OF FRUGAL APPROACH FOR PRODUCTIVITY IMPROVEMENT - A CASE STUDY OF...APPLICATION OF FRUGAL APPROACH FOR PRODUCTIVITY IMPROVEMENT - A CASE STUDY OF...
APPLICATION OF FRUGAL APPROACH FOR PRODUCTIVITY IMPROVEMENT - A CASE STUDY OF...
 
A MULTIPLE – CHANNEL QUEUING MODELS ON FUZZY ENVIRONMENT
A MULTIPLE – CHANNEL QUEUING MODELS ON FUZZY ENVIRONMENTA MULTIPLE – CHANNEL QUEUING MODELS ON FUZZY ENVIRONMENT
A MULTIPLE – CHANNEL QUEUING MODELS ON FUZZY ENVIRONMENT
 

Recently uploaded

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 

Recently uploaded (20)

GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 

Using metadata in filtered logs for prevention of database intrusion through owner level interaction

  • 1. Proceedings of the International Conference on Emerging Trends in Engineering and Management (ICETEM14) 30 – 31, December 2014, Ernakulam, India 88 USING METADATA IN FILTERED LOGS FOR PREVENTION OF DATABASE INTRUSION THROUGH OWNER LEVEL INTERACTION Nayana Santhosh1 , Sachu.P.Sahi2 , Arun R3 1, 2, 3 Department of CSE, SNGCE, Kadayiruppu, Kerala, India ABSTRACT As the online activities increases, the chance for attacks also increases in a rapid manner. Among the different categories of attacks, database attacks are most popular, since the data residing on it are highly confidential. One of the main obstacles that we face while conducting forensics analysis is the huge amount of data that we need to analyze in which the required amount of information will be very less and the lack of evidence regarding the intrusion. So in this paper, we focus on a method to filter the bulk amount of log data using a reduction algorithm based on frequent attribute values. Then using metadata, evidence regarding the intrusion is retrieved and notifies the database user about the attempt to mitigate its effect by reversing the action performed by the intruder. Keywords: Log Evidence, Frequent Attribute Value, Metadata, Intrusion. 1. INTRODUCTION With the rapid development in the area of internet, technology and communication, the use of internet in day today activities like online payment e-banking, e-shopping etc. also increase in a vibrant manner. So the invent of internet made our routines much easier. Since everything has two faces, many disadvantages are also there by the usage of internet. Many fraudulent can occur while we use the internet. Different types of attacks like sql injection, reconnaissance attack, etc. are increasing in the world of internet. In almost all the online activities the database plays a very important role, because of that the intrusion in this area is also high. While carrying out the database forensics the major challenge that we face is the bulk amount of data that we need to analyze. In order to increase the availability of data, several redundant copies of data will be available in different logs such as audit logs, cache, and server artifacts etc. which increase the amount of information in which the forensic investigation is to be done. Forensic investigation is normally carried out after a crime or intrusion has been occurred. But in most of the cyber-crimes, the criminals are not being punished due to the lack of evidence. So, by using the metadata of the database we can retrieve information regarding the crime like, who does the crime, when it occurs, how this happens, which flaw in the database causes it etc., and it can be provided as an evidence. In this paper, we present a concept of live forensic analysis in which it detects and prevent the database intrusion. When a user performs submit or commit operation, the data is passed in to the database and information regarding the action performed will be stored in the different logs. At that time or at definite intervals, the logs are analyzed to identify the intrusion. These logs are automatically filtered using a reduction method based on the frequent pattern based outlier detection algorithm [1] . A rating is found for each of the record in the log using the Rscore algorithm [2] which indicates how redundant the data is. INTERNATIONAL JOURNAL OF COMPUTER ENGINEERING & TECHNOLOGY (IJCET) ISSN 0976 – 6367(Print) ISSN 0976 – 6375(Online) Volume 5, Issue 12, December (2014), pp. 88-93 © IAEME: www.iaeme.com/IJCET.asp Journal Impact Factor (2014): 8.5328 (Calculated by GISI) www.jifactor.com IJCET © I A E M E
  • 2. Proceedings of the International Conference on Emerging Trends in Engineering and Management (ICETEM14) 30 – 31, December 2014, Ernakulam, India 89 That is, higher the value for Rscore means the record is redundant and it can be filtered out. Then the metadata related to the filtered data is taken to get the evidence regarding the intrusion attempt. If any fraudulent is identified, then a notification is given to the database owner to alert him about the intrusion. The database owner recovers details regarding the attempt using metadata and does the reverse action to cancel its effect. 2. RELATED WORK Database forensics is an important area in digital forensic analysis. Analyzing the large amount of data [3] is a tiresome job and is a major challenge in almost all the fields such as engineering, medicine, attack detection etc. Many data reduction methods are already available now, but are complex in nature. Besides handling the bulk amount of data, there are also many other challenges in the area of database forensics. The fact that the technologies used in digital forensics cannot be copied while conducting database forensics is one among them. The next challenge is that how we know whether a modification is occurred in a database or not [4] , and if occurred how we overcome it, from where we need to start the investigation etc. Another one is the different file format used in the database. The next is that, most of the tools used in database forensics are DBMS dependent. Another one is the anti-forensic attack which disrupts the forensic investigation process [5] . While we carry out the forensic investigation, the attackers or intruders will perform attack against the forensic investigation, or disturb the investigation process. This is known as anti-forensic attack. Trail Obfuscation, artifact wiping are examples of anti-forensic attack. Using metadata we can detect these anti-forensic attacks also. Overall, we can divide the database forensics process [4] into three stages as, data acquisition and preservation, collection and analysis of artifacts and database forensic investigation. There are different methods that can be used in each of these phases. For the first phase, we have three methods, Dead data acquisition, Live data acquisition and Hybrid data acquisition. In dead data acquisition [6] , the system is turned off and its hardware is removed. Then it is attached to a forensic tool to make a copy of it. The disadvantage is that, it can’t deal with encrypted data. But in the case of live data acquisition [6] , there is no need to go offline. The data is retrieved from the RAM when the system is on and it can defeat the hardware as well as the software encryption. The problem faced in this method is the data modification during the time of acquisition. In hybrid [6] , it has the advantage of both the dead and live data acquisition and can deal with different data format like ASCII, binary, etc. In the second phase, the artifacts for analysis can be collected from different logs such as webserver logs, transaction logs, trace files etc. and the final database forensic investigation process can be done using DBMS dependent tools like Oracle Log miner in Oracle, SQL Trace in SQL etc. and the Olivier’s method which divide the DBMS in to four different layers and finally Fowler’s method which analyze the volatile as well as non-volatile artifacts of the database. In the case of data reduction, most of the methods are based on false alert reduction mechanism. The methods available are the K Nearest Neighbors Classifier [7] method put forward by Law and Kwok, Naïve Bayesian’s method based on Statistical theory, in which it assumes that each attribute is independent of each other. Another one is the ALAC [8] for false alert reduction by classifying the alerts in to true and false put forward by Pietraszak. Next, based on the idea of data clustering in which the available data are classified in to different classes and their similarity or dissimilarity measure is calculated based on their attribute value. So compared to these methods, the reduction method presented in this paper based on relevant key attribute is much simpler and also the metadata provides explanatory information regarding an action performed as compared to other database forensic mechanisms. And also since we are using the metadata, this method is independent of the database. 3. AN ALGORITHM FOR THE SYSTEM The overall process of the system can be described as below (fig 1) • The users of the system perform some action and submit or commit it. • Filter the log evidence to avoid redundant data. • Using the metadata of the filtered data, check for the intrusion attempt. • If the intrusion happens ,inform the database owner to cancel its effect The system works as follows, A normal user will authenticate into the system and perform some actions. And when he submits or commits the action performed, a query is generated and passed to the database, which may contain an intrusion attempt. So, after performing a submit operation or in definite interval of time, the logs are automatically filtered based on an Rscore algorithm [1] to remove the redundant data. The log contains routine data as well as intrusion data, from which we need to remove the routine information. Routine data will be more in the overall available data and they occur frequently whereas the intrusion data will be less and occur infrequently.
  • 3. Proceedings of the International Conference on Emerging Trends in Engineering and Management (ICETEM14) 30 – 31, December 2014, Ernakulam, India 90 After this, we retrieve the metadata of these filtered data and perform a pattern matching with the known set of attack library. If a match is occurred, a notification is given to the database owner regarding the attempt and the database owner will does the reverse action to cancel the effect of the action performed by the intruder. Fig 1: Algorithm for the system 4. FRAMEWORK OF THE SYSTEM The framework of the system mainly consist of three stages (fig 2) • Data Reduction • Analysis based on metadata • Intrusion Notification
  • 4. Proceedings of the International Conference on Emerging Trends in Engineering and Management (ICETEM14) 30 – 31, December 2014, Ernakulam, India 91 4.1. Data Reduction Mechanism There are multiple logs in a database system. These logs are to be analyzed [9] to carry out the forensic activity. In order to reduce the data to be analyzed in the forensics analysis, first we need filter the unwanted contents. For that we should understand about the difference between the intrusion as well as routine data. Both of them are different in which the routine data is the one that occur repeatedly and in large quantity whereas the data occur infrequently. So we need to remove this redundant routine data. For that, in a transaction set, key attribute of each transaction set is taken and their support value [1] is calculated. The Frequent Itemset Redundant Factor (FIRF) is calculated based on this support value and then using this redundant score is calculated which indicates how redundant the data is. If the FIRF value is high then that particular data is redundant i.e., it doesn’t show any intrusion behavior so it is filtered out. This is done based on an Rscore algorithm which can be summarized as follows: We have a database D having n transactions and a set RF consisting of some redundant features. 1. For each item set X in each transaction t , do the following, i. If RF contains the item set X ii. totalsupport=totalsupport+ support (X) 2. Calculate FIRF as the average of the totalsupport 3. Calculate Redundant Score as the sum of totalsupport and FIRF 4. Add the redundant score in to the Redundant List Now after sorting the Redundant List in descending order, a threshold is set. Then, based on it the redundant data is filtered out. Fig 2: Framework of the system
  • 5. Proceedings of the International Conference on Emerging Trends in Engineering and Management (ICETEM14) 30 – 31, December 2014, Ernakulam, India 92 4.2 Using Metadata In a database, each and every action performed on it are recorded in different logs like audit log, cache, trace files, webserver logs etc. (fig 3) It also contains metadata [10] that describes the data residing in these logs. So the term metadata refers to the “data about the data”. By analyzing the metadata we get information like that who performed a particular action, when it occurs, how is it done [11] etc. So when any abnormal behavior is identified this metadata can be used as evidence. Using metadata we can replay the events that had occurred. The metadata is retrieved from the log files [12] using the corresponding utility program of the DBMS used and is represented as an XML file, which is then used for pattern matching. Fig 3: Log Metadata file 5. CONCLUSION AND FUTURE WORK In this paper, we present a concept for the prevention of database intrusion through interaction. In this, the log data is first filtered using a reduction algorithm to avoid the redundant records and then using the metadata of the filtered data, the intrusion is detected. After that a notification is given to the database owner to cancel the effect of the attempt. And also the concept presented here is independent of the DBMS. Here, the intrusion is detected by performing a comparison with the inference rules regarding some known attacks. Since the threats are evolving in rapid manner, the existing inference rule won’t be sufficient. So a mechanism to overcome this can be considered as a future work. REFERENCES [1] Z. He, X., Xu J.Z. Huang, et al, “FP-Outlier: Frequent Pattern Based Outlier Detection”, Computer Science and Information System, 2005, 2(1), pp. 103-118. [2] Jian Zhang, Xiao Fu*, Xiaojiang Du, Bin Luo, Zhihing Zhao, “A Method to Automatically Filter Log Evidence for Intrusion Forensics”, 2013 IEEE 33rd International Conference on Distributed Computing Systems Workshops, pp. 39-44. [3] Ali Reza Arastch, Mourad Debbabi, Assaad Sakha, Mohamed Saleh, “Analyzing Multiple Logs for Forensic Evidence” Science Direct Digital investigation4s(2000) s82- s91. [4] O.M Fasan and M.S. Olivier, “On Dimensions of Reconstruction in Database Forensics” Seventh International workshop on Digital Forensics & Incident Analysis (WDFIA) 2012. [5] Slim Rekhis and Noureddine Boudriga, “A System for Formal Digital Forensic Investigation Aware of Anti- forensic Attacks” IEEE transactions on Information Forensics and Security, vol. 7. No.2 April 2012. [6] Seema Yadav, “Analysis of Digital Forensics and Investigation”, VSRD-IJCSIT, Vol.1 (3), 2011, 171-178. [7] Pietraszek, T:Using Adaptive Alert Classification to Reduce False Positives in Intrusion Detection., In:Jonsson, E, Valdes, A., Almgren, M. RAID 2004. LNCS, vol. 3325, pp 102-124, Spronger, Heidelberg (2004). DATABASE MANAGEMENT SYSTEM Trace Files Server Logs Cache Files Binary Files Log Metadata File Parse
  • 6. Proceedings of the International Conference on Emerging Trends in Engineering and Management (ICETEM14) 30 – 31, December 2014, Ernakulam, India 93 [8] Pietraszek, T:Using Adaptive Alert Classification to Reduce False Positives in Intrusion Detection., In:Jonsson, E, Valdes, A., Almgren, M. RAID 2004. LNCS, vol. 3325, pp 102-124, Spronger, Heidelberg (2004). [9] Florian Buchholz, Eugene Spafford, “On the Role of File System Metadata in Digital Forensics” Digital Investigation (2004) 1, 298e309 Elsevier.com. [10] Harmeet Khanuja,mShraddha S. Suratkar, “Role of Metadata in Forensic Analysis of Database Attacks”, 2014 IEEE International Advance Computing Conference, pp. 457-462. [11] Nitin Agarwal, William J. Bolosky, John R. Douceur, and Jacob R. Lorch, “A Five-year Study of File-system Metadata” ACM Trans Storage 3(3):9:1-93:32-2007. [12] Martin S. Olivier, “On Metadata Context in Database Forensics” Science Direct Digital investigation 5(2009) 115-123. [13] Dr. Narayan A. Joshi and Dr. D. B. Choksi, “Implementation of Process Forensic for System Calls”, International Journal of Advanced Research in Engineering & Technology (IJARET), Volume 5, Issue 6, 2014, pp. 77 - 82, ISSN Print: 0976-6480, ISSN Online: 0976-6499.