Intrusion Handling Mechanism

Only available on StudyMode
  • Download(s) : 99
  • Published : February 2, 2013
Open Document
Text Preview
Intrusion Handling Mechanism For Relational Databases

A.Nushrath Fathima1 & S.Sheik Faritha Begum2

M.E/CSE Assistant Professor/CSE,

C.Abdul Hakeem College Of C.Abdul Hakeem College Of

Engineering & Technology, Engineering & Technology,

Melvisharam. Melvisharam.

Abstract

Intrusion handling mechanism has two components such as intrusion detection and response system.Response system issues suitable response to anomalous requests.The request is given in the form of response policies.The main problem in the response system is the administration of such policies.Here we propose a novel Joint Threshold Administration Model(JTAM) based on the principle of separation of duty.The key concept behind this JTAM is that a policy object is jointly administered by atleast k database administrators and changes made to a policy should be validated by those k administrators to become validated.

Index Terms

Databases, intrusion detection ,response, prevention, policies, threshold signatures, separation of duties.

Introduction

The intrusion response component of an overall intrusion detection system is responsible for issuing a suitable response to an anomalous request. We propose the notion of database response policies to support our intrusion response system tailored for a DBMS. Our interactive response policy language makes it very easy for the database administrators to specify appropriate response actions for different circumstances depending upon the nature of the anomalous request. The two main issues that we address in context of such response policies are that of policy matching, and policy administration.

We also extend the SQL DBMS with our policy matching mechanism, and report experimental results. The experimental evaluation shows that our techniques are very efficient. The other issue that we address is that of administration of response policies to prevent malicious modifications to policy objects from legitimate users.

We propose a novel Joint Threshold Administration Model (JTAM) that is based on the principle of separation of duty. The key idea in JTAM is that a policy object is jointly administered by at least k database administrator (DBAs), that is, any modification made to a policy object will be invalid unless it has been authorized by at least k DBAs. We present design details of JTAM which is based on a cryptographic threshold signature scheme, and show how JTAM prevents malicious modifications to policy objects from authorized users. Monitoring a database to detect potential intrusions, intrusion detection (ID), is a crucial technique of any comprehensive security solution for high-assurance database security.

The ID systems developed must be tailored for a Database Management System (DBMS) since database-related attacks such as SQL injection and data exfiltration are not malicious for the underlying operating system or the network. Our approach to an ID mechanism consists of two main elements, specifically tailored to a DBMS: an anomaly detection (AD) system and an anomaly response system.

The first element is based on the construction of database access profiles of roles and users, and on the use of such profiles for the AD task. A user-request that does not conform to the normal access profiles is characterized as anomalous. Profiles can record information of different levels of details; we refer the reader to for additional information and...
tracking img