Investigative Data Warehousing and Mining for Database Security

Areej Yassin, Donald J. Berndt, Monica Chiarini Tremblay
2006 Americas Conference on Information Systems  
In this study a preliminary investigative data warehouse is developed to integrate and store very detailed audit data from multiple data sources to support a comprehensive view of database usage and potential security breaches. The data warehouse was populated with real usage data collected from over a year of database use by students in a variety of classes. This data was extracted and seeded with some unusual usage patterns that represent potential intrusions into database systems or misuse
more » ... insiders. A pivot table interface is shown as an example of a human-in-the-loop navigation tool for investigating unusual activity at a very detailed level. Market basket analysis is explored as a potential data mining technique for uncovering rare usage patterns. The resulting rules identified most of the seeded patterns demonstrating the potential of such automated techniques in detecting malicious or unauthorized activities.
dblp:conf/amcis/YassinBT06 fatcat:beeqaz4q75gengbpxcxpjw66wi