Mitigating Malicious Updates: Prevention of Insider Threat to Databases

Abstract

Insider threats cause serious damage to data in any organization and is considered as a grave issue. In spite of the presence of threat prevention mechanisms, insiders can continue to attack a database by figuring out the dependency relationships among data items. Thus, examining write operations performed by an insider by taking advantage of dependencies aids in mitigating insider threats. We have developed two attack prevention models, which involve logs and dependency graphs respectively, to monitor data items and prevent malicious operations on them. The developed algorithms have been implemented on a simulated database and the results show that the models effectively mitigate insider threats arising from write operations.