Alogrithm to prevent and detect insider multi transaction malicious activity in database

Abstract

Almost all systems all over the world suffer from outsider and insider attacks. Outsider attacks are those that come from outside the system, however, insider attacks are those that are launched from insiders of the system. In this thesis is concentrated on insider attacks detection and prevention on the application level; database is our focus. Insiders have more knowledge about the underlying systems. Because of their knowledge and their privileges of the system resources; their risk can be greater and more severe. The insider execute multi transaction to inference the data, this is called multi transaction malicious. Several techniques have been proposed that tackled the insider multi transaction malicious problem, but most of them concentrate on insider threat detection in computer system level. We describe an algorithm for insider threat detection in database systems that handle multi transaction malicious activity. Our simulation results show resistance against multi transaction insider attack. Also, our results show good performance in terms of decreasing false alarms and increasing coverage detection.