MITRE > 2009 MITRE Innovation Exchange > Projects

Description

All MITRE Projects (with summaries and presentations where available)

Database Assurance

Primary Investigator: Mork, Peter D.S.

Problems:

The Database Assurance research project seeks to ensure that data stored in relational database systems can not beexfiltrated or modified by an adversary. Behind countless complex applications lurk trusty relational databases that are responsible for managing the data that fuel these applications. For example, relational databases are used to support electronic medical health record systems, timecard reporting systems, and transportation systems. Ideally, the relational database system has been sufficiently hardened to prevent exfiltration or modification of data. Unfortunately, adversaries often have insider access to the networks and machines on which the database is running and can easily circumvent such security measures. Therefore, in this project, we create profiles of known, legitimate behavior so that we can flag any anomalous behavior as potentially illegitimate.

Objectives:

The ultimate goal of this project is to develop techniques and tools for monitoring database activity so that we can automatically alert the database administrators of unexpected (and likely illegitimate) behavior. We hypothesize that we can accomplish this goal by a) developing profiles of normal, legitimate database activity and b) subsequently monitoring for significant deviations from these profiles, regardless of the adversary’s attack vector. We will consider our approach to be a success if we can detect at least 80% of all attacks with negligible false positives and minimal impact on query performance.

Activities:

Our first step was to identify suitable machine-learning techniques for building profiles of legitimate activity. In essence, we need to build a classifier that can determine if a new query request matches previous behavior or is novel; we cannot use a standard classifier for this task because we have such relatively few examples of illegitimate activity. Second, we determined that by inserting our monitoring software between the ...

Original URL

http://www.mitre.org/news/events/exchange09/5.html

http://www.mitre.org/news/events/exchange09/5.html