Hybrid detection for databases using SQL injection and insider misuse detection techniques

Abstract

The recent rapid proliferations of web based applications with databases at its back-end have further increased the risk of database exposure to the outside world. Nowadays, there are many reports on intrusion from external and internal threats that compromised the database system. For that reason, it is important for us to provide protection for database systems from significant threats that comes from outside and inside the organizations. Currently, research on database security has been taken seriously as many solutions have emerged. All solutions should address the security elements that make up a lifecycle categorized into three areas which are prevention, detection and response mechanisms. This research focuses on the detection mechanism by deploying intrusion detection system (IDS) within the database management system (DBMS). The objective of this research is to propose a hybrid detection technique in order to cater external and internal threats which can provide protection for DBMS. This hybrid detection technique is called SQL Injection and Insider Misuse Detection System (SIIMDS). The technique combines the misuse and anomaly detection technique that consists of Misuse Detection Module, Anomaly Detection Module, Database Audit Log and Response Module. A prototype of the system was designed, implemented and analyzed to evaluate its security and performance. The analysis of the result in this research proved that the employment of this hybrid detection technique has provided better protection for DBMS in terms of high detection rates and low false alarm rates.