The detection model of malignant query and personal information leakage based on log analysis

Abstract

Many behaviors happen in information protection control, threatening from unauthorized change, destruction, and exposure to integrity, confidentiality, and availability of database, which is the final and core object of control. Like this it approaches database through numerous paths like many applications and home pages and execute query which search, modify, and delete the data. Some of it executes normal queries, but sometimes it maliciously executes the queries for leakage of information, and gives load to database server by executing the query which uses large amount of hardware resources. Traditionally it has limits, using only to find the reason for the problems, such as malignant queries, by collecting security log. Analyzing malignant queries and personal information leakage in diversified views through multidimensional analysis of data is necessary in order to use security log in more various ways. Therefore, this treatise is going to design multidimensional analysis modeling and suggest the technology to analyze in diversified views as an application plan of existing security log so that we can detect malignant queries and personal information leakage through security log analysis. We established the standard of analysis as follows for various analyses. First, we made linkage analysis available, which we cannot know with only simple history search, through analysis of database examination history. Second, we analyze if it repeatedly approached important table for a long time through detection of abnormal pattern or long term leakage via database abnormal access analysis. Third, we understood the flow of elements and data which weigh impact on specific database assets through database impact analysis and made analysis of database assets correlation and data flow analysis available. For analysis this treatise analyzed the log collected by using OLAP tools and used experiment data and operation data in order to verify the efficiency of database security log analysis technology suggested. Also we showed that the analysis method suggested by this treatise is excellent in availability and credibility in detection of malignant queries and personal information leakage, by comparing traditional data analysis method and the analysis method suggested by this treatise. © 2015 SERSC.