Data Warehouse (DW) security has always been a critical challenge for DW designers because of its global availability and accessibility. Over time, different researchers have suggested different DW security solutions, such as Role Based Access Controls (RBAC), Extended RBAC, Temporal RBAC (TRBAC), Risk-based access control, etc. Intrusion Detection System (IDS) and some other customized security solutions for DWs have also been proposed. Here, Risk-based access control provides additional security by utilizing risk value for each access decision. In RBAC systems, if an attacker obtains access to the system using some compromised credentials, the RBACs has no mechanism to secure DW elements which are accessible to the compromised user's role. The Intrusion Detection System (IDS) aims to solve this limitation; it monitors the user activities and alerts the system administrator whenever a user deviates from routine behavior. However, in the IDS solution for DWs, most of the real intrusions go undetected. In this work, we propose a second level authentication within the IDS, where a minute deviation from the user’s past behavior is detected. It brings more robustness to the user's historical profile and makes the system less susceptible to false negatives. The proposed solution has been implemented on standard TPC-H databases, and results indicate a significant decrease in undetected real intrusions, which is one of the main achievements of the proposed mechanism.

数据仓库（DW）的安全性一直是DW设计人员面临的严峻挑战，因为它具有全球可用性和可访问性。随着时间的推移，不同的研究人员提出了不同的DW安全解决方案，例如基于角色的访问控制（RBAC），扩展的RBAC，临时的RBAC（TRBAC），基于风险的访问控制等。入侵检测系统（IDS）和一些其他自定义的安全性还提出了DW的解决方案。在此，基于风险的访问控制通过为每个访问决策利用风险值来提供额外的安全性。在RBAC系统中，如果攻击者使用某些受到攻击的凭据获得对系统的访问权限，则RBAC不会保护受攻击用户角色可访问的DW元素的安全。入侵检测系统（IDS）旨在解决这一限制。它监视用户活动并在用户偏离常规行为时提醒系统管理员。但是，在DW的IDS解决方案中，大多数真正的入侵都未被发现。在这项工作中，我们提出了IDS内的第二级身份验证，其中检测到与用户过去行为的微小偏差。它为用户的历史资料带来了更高的鲁棒性，并使系统更不容易受到误报的影响。所提出的解决方案已在标准TPC-H数据库上实现，结果表明未检测到的真实入侵量显着减少，这是所提出机制的主要成就之一。我们建议在IDS中进行第二级身份验证，以检测到用户过去行为的微小偏差。它为用户的历史档案带来了更高的鲁棒性，并使系统不易受到误报的影响。所提出的解决方案已在标准TPC-H数据库上实现，结果表明未检测到的真实入侵量显着减少，这是所提出机制的主要成就之一。我们建议在IDS中进行第二级身份验证，以检测到用户过去行为的微小偏差。它为用户的历史档案带来了更高的鲁棒性，并使系统不易受到误报的影响。所提出的解决方案已在标准TPC-H数据库上实现，结果表明未检测到的真实入侵量显着减少，这是所提出机制的主要成就之一。