Optimism and consistency in partitioned distributed database systems
ACM Transactions on Database Systems (TODS)
Concurrency control and recovery in database systems
Concurrency control and recovery in database systems
IEEE Transactions on Software Engineering - Special issue on computer security and privacy
Security-control methods for statistical databases: a comparative study
ACM Computing Surveys (CSUR)
A model of authorization for next-generation database systems
ACM Transactions on Database Systems (TODS)
A survey of intrusion detection techniques
Computers and Security
Formal query languages for secure relational databases
ACM Transactions on Database Systems (TODS)
State Transition Analysis: A Rule-Based Intrusion Detection Approach
IEEE Transactions on Software Engineering
A unified framework for enforcing multiple access control policies
SIGMOD '97 Proceedings of the 1997 ACM SIGMOD international conference on Management of data
Proceedings of the ninth annual IFIP TC11 WG11.3 working conference on Database security IX : status and prospects: status and prospects
Temporal sequence learning and data reduction for anomaly detection
CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
The multilevel relational (MLR) data model
ACM Transactions on Information and System Security (TISSEC)
An authorization mechanism for a relational database system
ACM Transactions on Database Systems (TODS)
Intrusion confinement by isolation in information systems
Journal of Computer Security - Special issue on database security
On a Pattern-Oriented Model for Intrusion Detection
IEEE Transactions on Knowledge and Data Engineering
Recovery from Malicious Transactions
IEEE Transactions on Knowledge and Data Engineering
Statistical Foundations of Audit Trail Analysis for the Detection of Computer Misuse
IEEE Transactions on Software Engineering
ASAX: Software Architecture and Rule-Based Language for Universal Audit Trail Analysis
ESORICS '92 Proceedings of the Second European Symposium on Research in Computer Security
Experience with EMERALD to Date
Proceedings of the Workshop on Intrusion Detection and Network Monitoring
Towards a model of storage jamming
CSFW '96 Proceedings of the 9th IEEE workshop on Computer Security Foundations
ODAR: an on-the-fly damage assessment and repair system for commercial database applications
Das'01 Proceedings of the fifteenth annual working conference on Database and application security
USTAT: A Real-Time Intrusion Detection System for UNIX
SP '93 Proceedings of the 1993 IEEE Symposium on Security and Privacy
IDAMN: an intrusion detection architecture for mobile networks
IEEE Journal on Selected Areas in Communications
Hi-index | 0.00 |
Modern intrusion detection systems are comprised of three basically different approaches, host based, network based, and a third relatively recent addition called procedural based detection. The first two have been extremely popular in the commercial market for a number of years now because they are relatively simple to use, understand and maintain. However, they fall prey to a number of shortcomings such as scaling with increased traffic requirements, use of complex and false positive prone signature databases, and their inability to detect novel intrusive attempts. This intrusion detection system interacts with the access control system to deny further access when detection occurs and represent a practical implementation addressing these and other concerns. This paper presents an overview of our work in creating a practical database intrusion detection system. Based on many years of Database Security Research, the proposed solution detects a wide range of specific and general forms of misuse, provides detailed reports, and has a low false-alarm rate. Traditional commercial implementations of database security mechanisms are very limited in defending successful data attacks. Authorized but malicious transactions can make a database useless by impairing its integrity and availability. The proposed solution offers the ability to detect misuse and subversion through the direct monitoring of database operations inside the database host, providing an important complement to host-based and network-based surveillance. Suites of the proposed solution may be deployed throughout a network, and their alarms managed, correlated, and acted on by remote or local subscribing security services, thus helping to address issues of decentralized management.