A real-time intrusion prevention system for commercial enterprise databases and file systems
作者: Ulf T. Mattsson
DOI:
关键词: Engineering 、 Intrusion detection system 、 Intrusion tolerance 、 Host (network) 、 Database security 、 Computer security 、 Isolation (database systems) 、 Host-based intrusion detection system 、 Access control 、 Database 、 Database testing
摘要: Modern intrusion detection systems are comprised of three basically different approaches, host based, network and a third relatively recent addition called procedural based detection. The first two have been extremely popular in the commercial market for number years now because they simple to use, understand maintain. However, fall prey shortcomings such as scaling with increased traffic requirements, use complex false positive prone signature databases, their inability detect novel intrusive attempts. This system interacts access control deny further when occurs represent practical implementation addressing these other concerns. paper presents an overview our work creating database system. Based on many Database Security Research, proposed solution detects wide range specific general forms misuse, provides detailed reports, has low false-alarm rate. Traditional implementations security mechanisms very limited defending successful data attacks. Authorized but malicious transactions can make useless by impairing its integrity availability. offers ability misuse subversion through direct monitoring operations inside host, providing important complement host-based network-based surveillance. Suites may be deployed throughout network, alarms managed, correlated, acted remote or local subscribing services, thus helping address issues decentralized management.
tu-sofia.bg参考文章(40)
Timothy N. Newsham, Thomas H. Ptacek, Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection ,(1998)
Daniel Barbará, Rajni Goel, Sushil Jajodia, Using Checksums to Detect Data Corruption extending database technology. pp. 136- 149 ,(2000) , 10.1007/3-540-46439-5_9
Pramote Luenam, Peng Liu, ODAR: an on-the-fly damage assessment and repair system for commercial database applications Das'01 Proceedings of the fifteenth annual working conference on Database and application security. pp. 239- 252 ,(2001) , 10.1007/978-0-387-35587-0_17
Peng Liu, Sushil Jajodia, Catherine D. McCollum, Intrusion confinement by isolation in information systems Journal of Computer Security. ,vol. 8, pp. 243- 279 ,(2000) , 10.3233/JCS-2000-8402
Peter G. Neumann, Phillip A. Porras, Experience with EMERALD to Date ID'99 Proceedings of the 1st conference on Workshop on Intrusion Detection and Network Monitoring - Volume 1. pp. 73- 80 ,(1999)
Terry Mayfield, John M. Boone, Stephen R. Welke, INTEGRITY-ORIENTED CONTROL OBJECTIVES: PROPOSED REVISIONS TO THE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA (TCSEC), DoD 5200.28-STD National Computer Security Center (U.S.). ,(1991) , 10.21236/ADA253989
Nathan Goodman, Philip A. Bernstein, Vassco Hadzilacos, Concurrency Control and Recovery in Database Systems ,(1987)
Naji Habra, Baudouin Le Charlier, Abdelaziz Mounji, Isabelle Mathieu, ASAX: Software Architecture and Rule-Based Language for Universal Audit Trail Analysis european symposium on research in computer security. pp. 435- 450 ,(1992) , 10.1007/BFB0013912
Wenke Lee, S.J. Stolfo, K.W. Mok, A data mining framework for building intrusion detection models ieee symposium on security and privacy. pp. 120- 132 ,(1999) , 10.1109/SECPRI.1999.766909
Teresa F. Lunt, A survey of intrusion detection techniques Computers & Security. ,vol. 12, pp. 405- 418 ,(1993) , 10.1016/0167-4048(93)90029-5