A carregar...
Publicação
Deteção de acessos suspeitos de utilizadores nominais em BDs
| Nome: | Descrição: | Tamanho: | Formato: | |
|---|---|---|---|---|
| 13.74 MB | Adobe PDF |
Autores
Orientador(es)
Resumo(s)
The detection of suspicious access to data bases is essential to protect critical information in organizations within the Information and Communication Technologies (ICT) sector, such as MEO. With increasing digitalization, databases have become both strategic assets and potential targets for threats. In this context, the Cyber security Department (DCY) at MEO has prioritized the implementation of monitoring mechanisms that ensure the confidentiality, integrity, and availability of information. This project aimed to develop an automated solution to detect suspicious access by nominal users, combining continuous monitoring, behavioral analysis, incident reporting, and integration with rapid response capabilities. The solution was structured around three use cases: (1) HouseKeepingDB, designed to identify database accounts associated with employees who have left the company; (2) AccountSharing, focused on detecting improper use or credential sharing; and (3) DBAMonitoring, aimed at detecting access to critical data by database administrators. Each use case includes data collection and normalization, detection of suspicious behavior, and automatic generation of evidence and reports, forming a complete monitoring and alerting system. Validation of a real-world sample produced relevant results: in HouseKeepingDB, 13.51% of analyzed accounts belonged to former employees, with 3.11% still active; in AccountSharing, 99% of cases involved application accounts accessed by nominal users, with severity scores ranging from 2.5 to 6.25; and in DBA monitoring, one legitimate access to critical data was correctly flagged by the system. The results confirm the robustness and reliability of the proposed approach, strengthening information security, operational resilience, and compliance with the RGPD.
Descrição
Tese de Mestrado, Segurança Informática, 2025, Universidade de Lisboa, Faculdade de Ciências
Palavras-chave
Databases GDPR Suspicious accesses Automation