A Real-Time Intrusion Prevention System For Databases and File Systems |
Modernintrusion detection systems are comprised of three basically differentapproaches, host based, network based, and a third relatively recent additioncalled procedural based detection. The first two have been extremely popular inthe commercial market for a number of years now because they are relativelysimple to use, understand and maintain. However, they fall prey to a number ofshortcomings such as scaling with increased traffic requirements, use ofcomplex and false positive prone signature databases, and their inability todetect novel intrusive attempts. This paper presents an overview of our work increating a practical database intrusion detection system. Based on many yearsof Database Security Research, the proposed solution detects a wide range ofspecific and general forms of misuse, provides detailed reports, and has a lowfalse-alarm rate. Traditional commercial implementations of database securitymechanisms are very limited in defending successful data attacks. Authorizedbut malicious transactions can make a database useless by impairing itsintegrity and availability. The proposed solution offers the ability to detectmisuse and subversion through the direct monitoring of database operationsinside the database host, providing an important complement to host-based andnetwork-based surveillance.