A novel intrusion detection system model for securing web-based database systems

Abstract

Intrusion detection (ID) has become an important technology for protecting information resources and databases from malicious attacks and information leakage. This paper proposes a novel two-layer mechanism to detect intrusions against a web-based database service. Layer one builds historical profiles based on audit trails and other log data provided by the web server and database server. Pre-alarms will be triggered if anomalies occurred. Layer two makes further analysis on the pre-alarms generated from Layer one. Such methods integrates the alarm context with the alarms themselves rather than a simple "analysis in isolation". This can reduce the error rates, especially false positives and greatly improve the accuracy of intrusion detection, alarm notification and hence more effective incident handling.