You are here

Detecting anomalous behavior in DBMS logs

Authors: 

Imran Khan, Simon Foley

Publication Type: 
Refereed Conference Meeting Proceeding
Abstract: 
It is argued that anomaly-based techniques can be used to detect anomalous DBMS queries by insiders. An experiment is described whereby an n-gram model is used to capture normal query patterns in a log of SQL queries from a synthetic banking application system. Preliminary results demonstrate that n-grams do capture the short-term correlations inherent in the application.
Conference Name: 
The 11th International Conference on Risks and Security of Internet and Systems
Digital Object Identifer (DOI): 
10.1007/978-3-319-54876-0_12
Publication Date: 
07/09/2016
Conference Location: 
France
Institution: 
National University of Ireland, Cork (UCC)
Open access repository: 
No