Detecting anomalous behavior in DBMS logs
Refereed Conference Meeting Proceeding
It is argued that anomaly-based techniques can be used to detect anomalous DBMS queries by insiders. An experiment is described whereby an n-gram model is used to capture normal query patterns in a log of SQL queries from a synthetic banking application system. Preliminary results demonstrate that n-grams do capture the short-term correlations inherent in the application.
The 11th International Conference on Risks and Security of Internet and Systems
Digital Object Identifer (DOI):
National University of Ireland, Cork (UCC)
Open access repository: