Universiti Teknologi Malaysia Institutional Repository

An architectural design for a hybrid intrusion detection system for database

Haratian, Mohammad Hossein (2009) An architectural design for a hybrid intrusion detection system for database. Masters thesis, Universiti Teknologi Malaysia, Faculty of Computer Science and Information System.

[img]
Preview
PDF - Submitted Version
1642Kb
[img] PDF
89Kb
[img] PDF
184Kb
[img] PDF
132Kb

Abstract

In today's business world, information is the most valuable asset of organizations and thus requires appropriate management and protection. Amongst all types of data repositories, database is said to play the role of the heart in the body of IT infrastructure. On the other hand, nowadays, a growing number of efforts have concentrated on handling the vast variety of security attacks. The characteristic of such handling method depends on when we want it to be occurred and how we intent to deal with attack attempts. Generally there are two ways to handle subversion attempts. One way is to equip our systems by security controls. However in reality this is not feasible due to many reasons. Hence, we are interested in detecting the security attacks. Amongst different types of intrusion detection systems (like network-based, host-based and application-based IDS), database intrusion detection systems which are considered as a type of application-based IDS has become a matter of increasing concern. In this paper we proposed the architecture for a hybrid database intrusion detection system (DB-IDS). This architecture consists of several component and sub-components. It encompasses Anomaly Detection and Misuse Detection subcomponents as Detector component. Anomaly detection component works based on the Profiles constructed by Profiler. Suspicious sequence of events which are considered as potential attacks would be detected by Misuse Detector. Data Collector components is responsible for capturing necessary data for profiling. Moreover, the Transformer component is in place to convert the raw log files into an understandable format for Profiler. Finally, Anomaly Detector and Misuse Detector components send alert to Responder component in case of detection any suspicious activity.

Item Type:Thesis (Masters)
Additional Information:Thesis (Sarjana Sains (Keselamatan Maklumat)) - Universiti Teknologi Malaysia, 2009; Supervisor : Assoc. Prof. Dr. Zailani Mohamed Sidek
Uncontrolled Keywords:hybrid database intrusion detection system (DB-IDS), IT infrastructure, security controls
Subjects:N Fine Arts > NA Architecture
Q Science > QA Mathematics > QA76 Computer software
Divisions:Computer Science and Information System (Formerly known)
ID Code:10053
Deposited By: Ms Zalinda Shuratman
Deposited On:02 Aug 2010 07:10
Last Modified:03 Aug 2012 07:11

Repository Staff Only: item control page