1. A novel intrusion detection system model for securing web-based database systems
- Author
-
Shu Wenhui and T.D.H. Tan
- Subjects
Database server ,business.industry ,Computer science ,Anomaly-based intrusion detection system ,Context (language use) ,System safety ,Intrusion detection system ,Computer security ,computer.software_genre ,Audit trail ,Information leakage ,False positive paradox ,The Internet ,Data mining ,Isolation (database systems) ,Intrusion prevention system ,business ,computer - Abstract
Intrusion detection (ID) has become an important technology for protecting information resources and databases from malicious attacks and information leakage. This paper proposes a novel two-layer mechanism to detect intrusions against a web-based database service. Layer one builds historical profiles based on audit trails and other log data provided by the web server and database server. Pre-alarms will be triggered if anomalies occurred. Layer two makes further analysis on the pre-alarms generated from Layer one. Such methods integrates the alarm context with the alarms themselves rather than a simple "analysis in isolation". This can reduce the error rates, especially false positives and greatly improve the accuracy of intrusion detection, alarm notification and hence more effective incident handling.
- Published
- 2002