{"title":"A novel intrusion detection system model for securing web-based database systems","authors":"Shu Wenhui, Daniel T. H. Tan","doi":"10.1109/CMPSAC.2001.960624","DOIUrl":null,"url":null,"abstract":"Intrusion detection (ID) has become an important technology for protecting information resources and databases from malicious attacks and information leakage. This paper proposes a novel two-layer mechanism to detect intrusions against a web-based database service. Layer one builds historical profiles based on audit trails and other log data provided by the web server and database server. Pre-alarms will be triggered if anomalies occurred. Layer two makes further analysis on the pre-alarms generated from Layer one. Such methods integrates the alarm context with the alarms themselves rather than a simple \"analysis in isolation\". This can reduce the error rates, especially false positives and greatly improve the accuracy of intrusion detection, alarm notification and hence more effective incident handling.","PeriodicalId":269568,"journal":{"name":"25th Annual International Computer Software and Applications Conference. COMPSAC 2001","volume":"469 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2001-10-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"34","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"25th Annual International Computer Software and Applications Conference. COMPSAC 2001","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CMPSAC.2001.960624","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 34
Abstract
Intrusion detection (ID) has become an important technology for protecting information resources and databases from malicious attacks and information leakage. This paper proposes a novel two-layer mechanism to detect intrusions against a web-based database service. Layer one builds historical profiles based on audit trails and other log data provided by the web server and database server. Pre-alarms will be triggered if anomalies occurred. Layer two makes further analysis on the pre-alarms generated from Layer one. Such methods integrates the alarm context with the alarms themselves rather than a simple "analysis in isolation". This can reduce the error rates, especially false positives and greatly improve the accuracy of intrusion detection, alarm notification and hence more effective incident handling.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
