18-05-2012, 04:19 PM
Intrusion Detection System for Relational Database
Abstract:
Intrusion detection (ID) is a type of security management system for computers and networks. An ID system gathers and analyzes information from various areas within a computer or a network to identify possible security breaches, which include both intrusions (attacks from outside the organization) and misuse (attacks from within the organization). ID uses vulnerability assessment (sometimes referred to as scanning), which is a technology developed to assess the security of a computer system or network. We propose the notion of database response policies to support our intrusion response system tailored for a DBMS. Our interactive response policy language makes it very easy for the database administrators to specify appropriate response actions for different circumstances depending upon the nature of the anomalous request. We present design JTAM which is based on a cryptographic threshold signature scheme, and show how to prevents malicious modifications to policy objects from authorized users.
Existing system:
Organizations have also come to realize that current attack techniques are more sophisticated, organized, and targeted than the broad-based hacking days of past. Often, it is the sensitive and proprietary data that is the real target of attackers. Also, with greater data integration, aggregation and disclosure, preventing data theft, from both inside and outside organizations, has become a major challenge. Standard database security mechanisms, such as access control, authentication, and encryption, are not of much help when it comes to preventing data theft from insiders . Such threats have thus forced organizations to reevaluate security strategies for their internal databases. Monitoring a database to detect potential intrusions, intrusion detection (ID), is a crucial technique that has to be part of any comprehensive security solution for high-assurance database security.
Proposed system:
The first element is based on the construction of database access profiles of roles and users, and on the use of such profiles for the Attack. A user-request that does not conform to the normal access profiles is characterized as anomalous. Profiles can record information of different levels of details; we refer the reader to for additional information and experimental results. The second element of our approach is in charge of taking some actions once an anomaly is detected. There are three main types of response actions that we refer to, respectively, as conservative actions, fine-grained actions, and aggressive actions. The conservative actions, such as sending an alert, allow the anomalous request to go through, whereas the aggressive actions can effectively block the anomalous request. Fine-grained response actions, on the other hand, are neither conservative nor aggressive. Such actions may suspend or taint an anomalous request .A suspended request is simply put on hold, until some specific actions are executed by the user, such as the execution of further authentication steps. A tainted request is marked as a potential suspicious request resulting in further monitoring of the user and possibly in the suspension or dropping of subsequent requests by the same user.
HARDWARE REQUIREMENTS
• System : Pentium IV 2.4 GHz.
• Hard Disk : 40 GB.
• Monitor : 15 VGA Color.
• Ram : 512MB
SOFTWARE REQUIREMENTS
• Operating system : Windows XP Professional.
• Coding Language : C#.NET
• Data Storage : My Sql