{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,25]],"date-time":"2026-02-25T01:00:47Z","timestamp":1771981247947,"version":"3.50.1"},"reference-count":33,"publisher":"Association for Computing Machinery (ACM)","issue":"3","license":[{"start":{"date-parts":[[2014,12,4]],"date-time":"2014-12-04T00:00:00Z","timestamp":1417651200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["SIGMOD Rec."],"published-print":{"date-parts":[[2014,12,4]]},"abstract":"<jats:p>Databases often support enterprise business and store its secrets. This means that securing them from data damage and information leakage is critical. In order to deal with intrusions against database systems, Database Intrusion Detection Systems (DIDS) are frequently used. This paper presents a survey on the main database intrusion detection techniques currently available and discusses the issues concerning their application at the database server layer. The identified weak spots show that most DIDS inadequately deal with many characteristics of specific database systems, such as ad hoc workloads and alert management issues in data warehousing environments, for example. Based on this analysis, research challenges are presented, and requirements and guidelines for the design of new or improved DIDS are proposed. The main finding is that the development and benchmarking of specifically tailored DIDS for the context in which they operate is a relevant issue, and remains a challenge. We trust this work provides a strong incentive to open the discussion between both the security and database research communities.<\/jats:p>","DOI":"10.1145\/2694428.2694435","type":"journal-article","created":{"date-parts":[[2014,12,8]],"date-time":"2014-12-08T16:17:14Z","timestamp":1418055434000},"page":"36-47","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":20,"title":["Approaches and Challenges in Database Intrusion Detection"],"prefix":"10.1145","volume":"43","author":[{"given":"Ricardo Jorge","family":"Santos","sequence":"first","affiliation":[{"name":"University of Coimbra, Portugal"}]},{"given":"Jorge","family":"Bernardino","sequence":"additional","affiliation":[{"name":"Polytechnic Institute of Coimbra, Portugal"}]},{"given":"Marco","family":"Vieira","sequence":"additional","affiliation":[{"name":"University of Coimbra, Portugal"}]}],"member":"320","published-online":{"date-parts":[[2014,12,4]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSAC.2005.33"},{"key":"e_1_2_1_2_1","volume-title":"International Conference on Knowledge Discovery and Machine Learning (KDML)","author":"Bockermann C.","year":"2009","unstructured":"Bockermann , C. , Apel, M. and M. Meier , \" Learning SQL for Database Intrusion Detection using Context-Sensitive Modeling \", International Conference on Knowledge Discovery and Machine Learning (KDML) , 2009 . Bockermann, C., Apel, M. and M. Meier, \"Learning SQL for Database Intrusion Detection using Context-Sensitive Modeling\", International Conference on Knowledge Discovery and Machine Learning (KDML), 2009."},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-009-0095-0"},{"key":"e_1_2_1_4_1","volume-title":"IFIP TC11 WG11.5 Conf. on Integrity and Internal Control in Information Systems","author":"Chung C. Y.","year":"1999","unstructured":"Chung , C. Y. , Gertz, M. and K. Levitt , \" DEMIDS: A Misuse Detection System for Database Systems \", IFIP TC11 WG11.5 Conf. on Integrity and Internal Control in Information Systems , Kluwer Academic Publishers , 1999 . Chung, C. Y., Gertz, M. and K. Levitt, \"DEMIDS: A Misuse Detection System for Database Systems\", IFIP TC11 WG11.5 Conf. on Integrity and Internal Control in Information Systems, Kluwer Academic Publishers, 1999."},{"key":"e_1_2_1_5_1","unstructured":"DARPA archive Task Description of the KDD99 Benchmark available at http:\/\/www.kdd.ics.uci.edu\/databases\/kddcup99\/task.html.  DARPA archive Task Description of the KDD99 Benchmark available at http:\/\/www.kdd.ics.uci.edu\/databases\/kddcup99\/task.html."},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.5555\/645839.670735"},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1007\/11602897_40"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2003.10.003"},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/1363686.1363921"},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/967900.968048"},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1007\/s00778-007-0051-4"},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/TKDE.2010.151"},{"key":"e_1_2_1_13_1","volume-title":"The Data Warehouse Toolkit","author":"Kimball R.","year":"2013","unstructured":"Kimball , R. and M. Ross , The Data Warehouse Toolkit , 3 rd Ed. Wiley & Sons, Inc. , 2013 . Kimball, R. and M. Ross, The Data Warehouse Toolkit, 3rd Ed. Wiley & Sons, Inc., 2013.","edition":"3"},{"issue":"2","key":"e_1_2_1_14_1","doi-asserted-by":"crossref","DOI":"10.17762\/ijcnis.v5i2.364","article-title":"A Detailed Survey on Various Aspects of SQL Injection: Vulnerabilities, Innovative Attacks and Remedies","volume":"5","author":"Kindy D. A.","year":"2013","unstructured":"Kindy , D. A. and A. K. Pathan , \" A Detailed Survey on Various Aspects of SQL Injection: Vulnerabilities, Innovative Attacks and Remedies \", Int. Journal of Communication Networks and Information Security (IJCNIS) , Vol. 5 , No. 2 , August 2013 . Kindy, D. A. and A. K. Pathan, \"A Detailed Survey on Various Aspects of SQL Injection: Vulnerabilities, Innovative Attacks and Remedies\", Int. Journal of Communication Networks and Information Security (IJCNIS), Vol. 5, No. 2, August 2013.","journal-title":"Int. Journal of Communication Networks and Information Security (IJCNIS)"},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-010-0102-5"},{"key":"e_1_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.5555\/646649.699488"},{"key":"e_1_2_1_17_1","volume-title":"IEEE Symposium on Security and Privacy","author":"Lee W.","year":"2001","unstructured":"Lee , W. and D. Xiang , \" Information-Theoretic Measures for Anomaly Detection \", IEEE Symposium on Security and Privacy , 2001 . Lee, W. and D. Xiang, \"Information-Theoretic Measures for Anomaly Detection\", IEEE Symposium on Security and Privacy, 2001."},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.5555\/518908.828467"},{"key":"e_1_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.5555\/1894166.1894192"},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDE.2008.4497437"},{"key":"e_1_2_1_21_1","volume-title":"White Paper","author":"Newman A. C.","year":"2011","unstructured":"Newman , A. C. , \"Intrusion Detection and Security Auditing in Oracle\". Application Security Inc . White Paper , 2011 . Newman, A. C., \"Intrusion Detection and Security Auditing in Oracle\". Application Security Inc. White Paper, 2011."},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.5555\/1754701.1754709"},{"key":"e_1_2_1_23_1","volume-title":"Int. Conf. on Data Engineering (ICDE)","author":"Pei J.","year":"2004","unstructured":"Pei , J. , Upadhyaya, S. J. , Farooq , F. and V. Govindaraju , \" Data Mining for Intrusion Detection: Techniques, Applications and Systems \", Int. Conf. on Data Engineering (ICDE) , 2004 . Pei, J., Upadhyaya, S. J., Farooq, F. and V. Govindaraju, \"Data Mining for Intrusion Detection: Techniques, Applications and Systems\", Int. Conf. on Data Engineering (ICDE), 2004."},{"key":"e_1_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1016\/S0895-7177(01)00109-1"},{"key":"e_1_2_1_25_1","volume-title":"Int. Conf. on Recent Advances in Intrusion Detection (RAID)","author":"Pietraszek T.","year":"2004","unstructured":"Pietraszek , T. , \"Using Adaptive Alert Classification to Reduce False Positives in Intrusion Detection\". Int. Conf. on Recent Advances in Intrusion Detection (RAID) , 2004 . Pietraszek, T., \"Using Adaptive Alert Classification to Reduce False Positives in Intrusion Detection\". Int. Conf. on Recent Advances in Intrusion Detection (RAID), 2004."},{"key":"e_1_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.istr.2005.07.001"},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1007\/11535706_16"},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.4304\/jcp.1.4.8-17"},{"key":"e_1_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1007\/11731139_71"},{"key":"e_1_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1007\/11856214_1"},{"key":"e_1_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.5555\/645839.670734"},{"key":"e_1_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSMCB.2006.885306"},{"key":"e_1_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/1046290.1046340"}],"container-title":["ACM SIGMOD Record"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2694428.2694435","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2694428.2694435","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T06:12:20Z","timestamp":1750227140000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2694428.2694435"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014,12,4]]},"references-count":33,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2014,12,4]]}},"alternative-id":["10.1145\/2694428.2694435"],"URL":"https:\/\/doi.org\/10.1145\/2694428.2694435","relation":{},"ISSN":["0163-5808"],"issn-type":[{"value":"0163-5808","type":"print"}],"subject":[],"published":{"date-parts":[[2014,12,4]]},"assertion":[{"value":"2014-12-04","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}