#-### title - PI - area #-### title - PI - area D D atabase atabase I I ntrusion ntrusion D D etection and etection and R R esponse esponse * * Ashish Kamra and Elisa Bertino [email protected] , [email protected] 1. Create profiles that succinctly represent user/application behavior interacting with a DBMS. 2. Develop efficient algorithms for detection of anomalous DB user/application behavior. 3. Develop novel strategies/mechanisms for responding to intrusions in context of a DBMS. 4. Implement our methods in the PostgreSQL DBMS and highlight implementation issues. * Supported by NSF under Grant No. 04302 System Architecture Query User Features Assessment Profile Creator Alarm Drop Query No Action Audit Log Training Queries TRAINING PHASE Detection Engine Response Engine Response Policy Base (Extended ECA Policies) Feature Selector Profiles Consult Contributions ON ---------{EVENT} IF-----------{CONDITIONS} THEN-------{ACTION} CONFIRM---{CONFIRMATION ACTION} ELSE--------{ALTERNATE ACTION} Supervised Learning: Roles as Classes Naïve Bayes Classifier Un-supervised Learning: Clustering methods Outlier Detection Test SQL QUERIES STORED AS ASSOCIATION RULES QUERY RULES query projection attributes => query selection attributes PREDICATE RULES LHS attributes => RHS attributes Future Work Detection Tasks