基于web的数据库系统入侵检测模型

25th Annual International Computer Software and Applications Conference. COMPSAC 2001 Pub Date : 2001-10-08 DOI:10.1109/CMPSAC.2001.960624

Shu Wenhui, Daniel T. H. Tan

{"title":"基于web的数据库系统入侵检测模型","authors":"Shu Wenhui, Daniel T. H. Tan","doi":"10.1109/CMPSAC.2001.960624","DOIUrl":null,"url":null,"abstract":"Intrusion detection (ID) has become an important technology for protecting information resources and databases from malicious attacks and information leakage. This paper proposes a novel two-layer mechanism to detect intrusions against a web-based database service. Layer one builds historical profiles based on audit trails and other log data provided by the web server and database server. Pre-alarms will be triggered if anomalies occurred. Layer two makes further analysis on the pre-alarms generated from Layer one. Such methods integrates the alarm context with the alarms themselves rather than a simple \"analysis in isolation\". This can reduce the error rates, especially false positives and greatly improve the accuracy of intrusion detection, alarm notification and hence more effective incident handling.","PeriodicalId":269568,"journal":{"name":"25th Annual International Computer Software and Applications Conference. COMPSAC 2001","volume":"469 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2001-10-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"34","resultStr":"{\"title\":\"A novel intrusion detection system model for securing web-based database systems\",\"authors\":\"Shu Wenhui, Daniel T. H. Tan\",\"doi\":\"10.1109/CMPSAC.2001.960624\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Intrusion detection (ID) has become an important technology for protecting information resources and databases from malicious attacks and information leakage. This paper proposes a novel two-layer mechanism to detect intrusions against a web-based database service. Layer one builds historical profiles based on audit trails and other log data provided by the web server and database server. Pre-alarms will be triggered if anomalies occurred. Layer two makes further analysis on the pre-alarms generated from Layer one. Such methods integrates the alarm context with the alarms themselves rather than a simple \\\"analysis in isolation\\\". This can reduce the error rates, especially false positives and greatly improve the accuracy of intrusion detection, alarm notification and hence more effective incident handling.\",\"PeriodicalId\":269568,\"journal\":{\"name\":\"25th Annual International Computer Software and Applications Conference. COMPSAC 2001\",\"volume\":\"469 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2001-10-08\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"34\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"25th Annual International Computer Software and Applications Conference. COMPSAC 2001\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CMPSAC.2001.960624\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"25th Annual International Computer Software and Applications Conference. COMPSAC 2001","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CMPSAC.2001.960624","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 34

摘要

入侵检测(ID)已成为保护信息资源和数据库免受恶意攻击和信息泄露的重要技术。本文提出了一种新的两层机制来检测对基于web的数据库服务的入侵。第一层基于web服务器和数据库服务器提供的审计跟踪和其他日志数据构建历史配置文件。如果发生异常，将触发预告警。第二层对第一层产生的预警进行进一步分析。这些方法将警报上下文与警报本身结合起来，而不是简单的“孤立分析”。这可以降低错误率，特别是误报，并大大提高入侵检测和警报通知的准确性，从而更有效地处理事件。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A novel intrusion detection system model for securing web-based database systems

Intrusion detection (ID) has become an important technology for protecting information resources and databases from malicious attacks and information leakage. This paper proposes a novel two-layer mechanism to detect intrusions against a web-based database service. Layer one builds historical profiles based on audit trails and other log data provided by the web server and database server. Pre-alarms will be triggered if anomalies occurred. Layer two makes further analysis on the pre-alarms generated from Layer one. Such methods integrates the alarm context with the alarms themselves rather than a simple "analysis in isolation". This can reduce the error rates, especially false positives and greatly improve the accuracy of intrusion detection, alarm notification and hence more effective incident handling.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

25th Annual International Computer Software and Applications Conference. COMPSAC 2001

自引率

0.00%

发文量