A Real-Time Intrusion Prevention System For Databases and File Systems |
Modern intrusion detection systems are comprised of threebasically different approaches, host based, network based, and a thirdrelatively recent addition called procedural based detection. The first twohave been extremely popular in the commercial market for a number of years nowbecause they are relatively simple to use, understand and maintain. However,they fall prey to a number of shortcomings such as scaling with increasedtraffic requirements, use of complex and false positive prone signature databases,and their inability to detect novel intrusive attempts. This paper presents anoverview of our work in creating a practical database intrusion detectionsystem. Based on many years of Database Security Research, the proposedsolution detects a wide range of specific and general forms of misuse, providesdetailed reports, and has a low false-alarm rate. Traditional commercialimplementations of database security mechanisms are very limited in defendingsuccessful data attacks. Authorized but malicious transactions can make adatabase useless by impairing its integrity and availability. The proposedsolution offers the ability to detect misuse and subversion through the directmonitoring of database operations inside the database host, providing an importantcomplement to host-based and network-based surveillance.