Intrusion detection system for data warehouse with second level authentication

Abstract

Data Warehouse (DW) security has always been a critical challenge for DW designers because of its global availability and accessibility. Over time, different researchers have suggested different DW security solutions, such as Role Based Access Controls (RBAC), Extended RBAC, Temporal RBAC (TRBAC), Risk-based access control, etc. Intrusion Detection System (IDS) and some other customized security solutions for DWs have also been proposed. Here, Risk-based access control provides additional security by utilizing risk value for each access decision. In RBAC systems, if an attacker obtains access to the system using some compromised credentials, the RBACs has no mechanism to secure DW elements which are accessible to the compromised user's role. The Intrusion Detection System (IDS) aims to solve this limitation; it monitors the user activities and alerts the system administrator whenever a user deviates from routine behavior. However, in the IDS solution for DWs, most of the real intrusions go undetected. In this work, we propose a second level authentication within the IDS, where a minute deviation from the user’s past behavior is detected. It brings more robustness to the user's historical profile and makes the system less susceptible to false negatives. The proposed solution has been implemented on standard TPC-H databases, and results indicate a significant decrease in undetected real intrusions, which is one of the main achievements of the proposed mechanism.