A Study on Database Intrusion Detection Based on Query Execution Plans

Tadeusz Morzy; Maciej Zakrzewicz

doi:10.1007/978-3-031-68323-7_30

Scientific Information System of the Poznań University of Technology

PL EN

Main page / Publications / A Study on Database Intrusion Detection Based on Query Execution Plans

Submit a comment

Chapter

Download BibTeX

Title

A Study on Database Intrusion Detection Based on Query Execution Plans

Authors

Tadeusz Morzy (WIiT) ^{[ 1 ][ 2.3 ][ P ]}
Maciej Zakrzewicz (WIiT) ^{[ 1 ][ 2.3 ][ P ]}

^{[ 1 ]} Instytut Informatyki, Wydział Informatyki i Telekomunikacji, Politechnika Poznańska | ^{[ P ]} employee

Scientific discipline (Law 2.0)

[2.3] Information and communication technology

Year of publication

2024

Chapter type

chapter in monograph / paper

Publication language

english

Keywords

EN

databases
security

Abstract

EN Database Intrusion Detection (DID) is critical to systems that do not fully apply the Principle of Least Privilege and users are able to use their privileges to compromise data privacy. Existing DID tools focus on analyzing SQL texts and they miss the cases of query equivalence and do not reveal data sources hidden behind views, synonyms, aliases. We propose to use Query Execution Plans (QEPs) to detect misuse queries and we describe a QEP-based DID System.

Date of online publication

18.08.2024

Pages (from - to)

353 - 358

DOI

10.1007/978-3-031-68323-7_30

URL

https://link.springer.com/chapter/10.1007/978-3-031-68323-7_30

Book

Big Data Analytics and Knowledge Discovery : 26th International Conference, DaWaK 2024, Naples, Italy, August 26–28, 2024, Proceedings

Presented on

26th International Conference on Big Data Analytics and Knowledge Discovery DAWAK 2024, 26-28.08.2024, Naples, Italy