Intrusion Detection and Containment in Database Systems. Abhijit Bhosale M.Tech (IT) School of Information Technology, IIT Kharagpur
|
|
- Melina Harrell
- 5 years ago
- Views:
Transcription
1 in Database Systems Abhijit Bhosale M.Tech (IT) School of Information Technology, IIT Kharagpur
2 Topics Intrusion and Intrusion Detection Intrusion Detection in Database Systems Data Mining Approach Intrusion Detection in Real-time Database Systems Misuse Detection System for Database Systems Recovery from Malicious Transactions Malicious Activity Recovery Transaction (MART) Repair using Transaction Dependency Graph in Database Systems 2
3 Intrusion Intrusion: The act of wrongfully entering upon, seizing, or taking possession of the property of another Types of Attacks Outsider : Can be defended using physical protection and strong network security mechanisms. Insider : Usually Harder to defend in Database Systems 3
4 Intrusion Detection Detection Techniques Misuse Detection Detect know patterns of intrusions Anomaly Detection Suspect the anomalous behaviors in Database Systems 4
5 Intrusion Detection in Databases Under threat by insider attacks Intruders get access to database by employing SQL Injection to poorly coded web-based applications or by stealing password of legitimate user Very few existing misuse detection systems have concepts of misuse detection in database systems in Database Systems 5
6 Data Mining Approach Proposed by Yi Hu and Brajendra Panda Uses data dependencies (access correlation) among the data items to generate association rules The rules give dependency of read/write operations of some items on write operations of some items Less sensitive to user behavior changes in Database Systems 6
7 Data Mining Approach (cont.) Definitions Sequence: It s an ordered list of read and/or write operations. E.g. <r(x), w(x),c> Read sequence for data item x is a sequence containing w(x) preceded by all the read operations performed on different data items in the same transaction. E.g. <r(y),r(z),w(x)> Write sequence for data item x is a sequence containing w(x) followed by all the write operations performed on different data items in the same transaction. E.g. <w(x), w(a), w(b)> Weight of Data Dependency : It indicates to what extend a data item x depends on other data items in the red or write sequence. The rweight and wweight denote the weight of read dependency and write dependency respectively. in Database Systems 7
8 Data Mining Approach (cont.) The Methodology Discovering Data Dependency is performed in tree steps Sequential pattern discovery phase : Discover sequential patterns in the database log Sequence set generation phase: Obtain read and write sequence sets. Data dependency rules generation: Read and Write dependency rules The transactions which don t follow the read and write rules are marked as malicious transactions in Database Systems 8
9 Example Sample Transactions Sequential Patterns mined in Database Systems 9
10 Example (cont.) Data Dependency Rules Min confidence = 70% Read and Write Sequence Set in Database Systems 10
11 Intrusion Detection in Realtime Database Systems Proposed by Lee and team Considers Real-time Databases like used for Stock Market Definitions Sensor Transaction: Which are responsible for updating the values of real-time data. Temporal Data objects: values of which change with time Sensor transactions are periodic In every period only one sensor transaction can update temporal data More than one transactions in a period are flagged as malicious transactions in Database Systems 11
12 Misuse Detection System for Database Systems DEMIDS - Proposed by Chung and his team Uses audit logs to generate profiles Profiles are used to detect the misuse behavior Needs to be trained with normal behavior (no intrusion) in Database Systems 12
13 Components of DEMIDS s Architecture in Database Systems 13
14 Recovery from Malicious Transactions Traditional Recovery mechanisms don t address the recovery of malicious transactions Complete rollback and adding compensatory transactions is too time consuming. There can be direct as well as indirectly affected transactions which need to be recovered. in Database Systems 14
15 Intrusion Tolerant Database Systems The systems, which in addition to detect the system, also perform countermeasures to the successful attacks, are called intrusion tolerant systems in Database Systems 15
16 Malicious Activity Recovery Transaction (MART) The flat transaction recovery can only remove direct effect of malicious transactions. MART can solve this problem by nesting the flat transactions under MART. The indirect effect can be removed by doing the roll back of the MART. in Database Systems 16
17 Repair using Transaction Dependency Graph Uses Dependency Graph of bad and suspect transaction and undo the effects of all the bad and suspect transactions Transaction Dependency : Transaction T i is dependent upon T j if T j reads x after it s updated by T i T i does not abort before T j reads x Every transaction that updates x between the time T i updates x and T j reads x is aborted before T j reads x. Every source node in the DG(B) is bad transaction and every non source node is a suspect transaction. If a good transaction is not affected by any bad transaction then than transaction need not be undone in Database Systems 17
18 Repair using Transaction Dependency Graph (cont.) Dependency Graph History log Dependency Graph Dirty Data :A data item is dirty if it s a write set of any bad or suspect transaction. All the dirty data items should be restored to the value they had before the first transaction in DG(B) wrote it. in Database Systems 18
19 References Yi Hu, Brajendra Panda: A data mining approach for database intrusion detection. SAC 2004: Paul Ammann, Sushil Jajodia, Peng Liu, Recovery from Malicious Transactions, IEEE Transactions on Knowledge and Data Engineering, v.14 n.5, p , September 2002 Lee, V. C.S., Stankovic, J. A., Son, S. H. Intrusion Detection in Real-time Database Systems Via Time Signatures. In Proceedings of the Sixth IEEE Real Time Technology and Applications Symposium, Chung, C., Gertz M., and Levitt, K. DEMIDS: A Misuse Detection System for Database Systems. In Third Annual IFIP TC-11 WG 11.5 Working Conference on Integrity and Internal Control in Information Systems, Kluwer Academic Publishers, pages , November in Database Systems 19
20 Questions in Database Systems 20
DAMAGE DISCOVERY IN DISTRIBUTED DATABASE SYSTEMS
DAMAGE DISCOVERY IN DISTRIBUTED DATABASE SYSTEMS Yanjun Zuo and Brajendra Panda Abstract Damage assessment and recovery in a distributed database system in a post information attack detection scenario
More informationDetection of Insiders Misuse in Database Systems
Detection of Insiders Misuse in Database Systems Nahla Shatnawi, Qutaibah Althebyan, and Wail Mardini Abstract Almost all systems all over the world suffer from outsider and insider attacks. Outsider attacks
More informationISeCure. The ISC Int'l Journal of Information Security. A Hybrid Approach for Database Intrusion Detection at Transaction and Inter-transaction Levels
The ISC Int'l Journal of Information Security July 2014, Volume 6, Number 2 (pp. 155 167) http://www.isecure-journal.org A Hybrid Approach for Database Intrusion Detection at Transaction and Inter-transaction
More informationCS122 Lecture 15 Winter Term,
CS122 Lecture 15 Winter Term, 2017-2018 2 Transaction Processing Last time, introduced transaction processing ACID properties: Atomicity, consistency, isolation, durability Began talking about implementing
More informationConcurrency Control & Recovery
Transaction Management Overview CS 186, Fall 2002, Lecture 23 R & G Chapter 18 There are three side effects of acid. Enhanced long term memory, decreased short term memory, and I forget the third. - Timothy
More information6.830 Lecture Recovery 10/30/2017
6.830 Lecture 14 -- Recovery 10/30/2017 Have been talking about transactions Transactions -- what do they do? Awesomely powerful abstraction -- programmer can run arbitrary mixture of commands that read
More informationEnhancing the Cybersecurity of Federal Information and Assets through CSIP
TECH BRIEF How BeyondTrust Helps Government Agencies Address Privileged Access Management to Improve Security Contents Introduction... 2 Achieving CSIP Objectives... 2 Steps to improve protection... 3
More informationINTRUSION DETECTION IN DISTRIBUTED SYSTEMS An Abstraction-Based Approach
INTRUSION DETECTION IN DISTRIBUTED SYSTEMS An Abstraction-Based Approach Library of Congress Cataloging-in-Publication ISBN 978-1-4613-5091-0 ISBN 978-1-4615-0467-2 (ebook) DOI 10.1007/978-1-4615-0467-2
More informationTransaction Management & Concurrency Control. CS 377: Database Systems
Transaction Management & Concurrency Control CS 377: Database Systems Review: Database Properties Scalability Concurrency Data storage, indexing & query optimization Today & next class Persistency Security
More information6.830 Lecture Recovery 10/30/2017
6.830 Lecture 14 -- Recovery 10/30/2017 Have been talking about transactions Transactions -- what do they do? Awesomely powerful abstraction -- programmer can run arbitrary mixture of commands that read
More informationCHAPTER: TRANSACTIONS
CHAPTER: TRANSACTIONS CHAPTER 14: TRANSACTIONS Transaction Concept Transaction State Concurrent Executions Serializability Recoverability Implementation of Isolation Transaction Definition in SQL Testing
More informationConsistency examples. COS 418: Distributed Systems Precept 5. Themis Melissaris
Consistency examples COS 418: Distributed Systems Precept 5 Themis Melissaris Plan Midterm poll Consistency examples 2 Fill out this poll: http://tinyurl.com/zdeq4lr 3 Linearizability 4 Once read returns
More informationA Proficient Way to Avert Malicious Transactions in Database Management System
A Proficient Way to Avert Malicious Transactions in Database Management System Abhishek Mukherjee Department of Computer Science and Engineering Dr.B.C.Roy Engineering College email: abhishekmukherjeee009@gmail.com
More informationCS Review. Prof. Clarkson Spring 2017
CS 5430 Review Prof. Clarkson Spring 2017 Recall: Audit logs Recording: what to log what not to log how to log locally remotely how to protect the log Reviewing: manual exploration automated analysis MANUAL
More informationWeb Security Vulnerabilities: Challenges and Solutions
Web Security Vulnerabilities: Challenges and Solutions A Tutorial Proposal for ACM SAC 2018 by Dr. Hossain Shahriar Department of Information Technology Kennesaw State University Kennesaw, GA 30144, USA
More informationFlowzilla: A Methodology for Detecting Data Transfer Anomalies in Research Networks. Anna Giannakou, Daniel Gunter, Sean Peisert
Flowzilla: A Methodology for Detecting Data Transfer Anomalies in Research Networks Anna Giannakou, Daniel Gunter, Sean Peisert Research Networks Scientific applications that process large amounts of data
More informationTransaction Processing. Introduction to Databases CompSci 316 Fall 2018
Transaction Processing Introduction to Databases CompSci 316 Fall 2018 2 Announcements (Thu., Nov. 29) Homework #4 due next Tuesday Project demos sign-up instructions emailed Early in-class demos a week
More informationCOURSE 1. Database Management Systems
COURSE 1 Database Management Systems Assessment / Other Details Final grade 50% - laboratory activity / practical test 50% - written exam Course details (bibliography, course slides, seminars, lab descriptions
More informationSpecification-based Intrusion Detection. Michael May CIS-700 Fall 2004
Specification-based Intrusion Detection Michael May CIS-700 Fall 2004 Overview Mobile ad hoc networking (MANET) new area of protocols Some old networking solutions work (TCP/IP) but things change with
More informationDatabase Intrusion Detection: Defending Against the Insider Threat
Association for Information Systems AIS Electronic Library (AISeL) AMCIS 2012 Proceedings Proceedings Database Intrusion Detection: Defending Against the Insider Threat Kevin Barton Computer Information
More informationDetecting malicious SQL
Detecting malicious SQL José Fonseca 1, Marco Vieira 2, Henrique Madeira 2 1 ESTG-ISUC, University of Coimbra, Portugal josefonseca@mail.telepac.pt 2 CISUC, University of Coimbra, Portugal {mvieira, henrique}@dei.uc.pt
More informationCSE 444 Midterm Exam
CSE 444 Midterm Exam November 13, 2009 Name Question 1 / 24 Question 2 / 22 Question 3 / 22 Question 4 / 12 Question 5 / 20 Total / 100 CSE 444 Midterm, Nov. 13, 2009 Page 1 of 8 Question 1. SQL (24 points,
More informationIdentifying Stepping Stone Attack using Trace Back Based Detection Approach
International Journal of Security Technology for Smart Device Vol.3, No.1 (2016), pp.15-20 http://dx.doi.org/10.21742/ijstsd.2016.3.1.03 Identifying Stepping Stone Attack using Trace Back Based Detection
More informationOverview of Transaction Management
Overview of Transaction Management Chapter 16 Comp 521 Files and Databases Fall 2010 1 Database Transactions A transaction is the DBMS s abstract view of a user program: a sequence of database commands;
More informationReferences. Transaction Management. Database Administration and Tuning 2012/2013. Chpt 14 Silberchatz Chpt 16 Raghu
Database Administration and Tuning 2012/2013 Transaction Management Helena Galhardas DEI@Técnico DMIR@INESC-ID Chpt 14 Silberchatz Chpt 16 Raghu References 1 Overall DBMS Structure Transactions Transaction
More informationTransactions and Concurrency Control
Transactions and Concurrency Control Computer Science E-66 Harvard University David G. Sullivan, Ph.D. Overview A transaction is a sequence of operations that is treated as a single logical operation.
More informationHKBU: Tutorial 9
COMP7640 @ HKBU: Tutorial 9 Transaction Wei Wang weiw AT cse.unsw.edu.au School of Computer Science & Engineering University of New South Wales November 26, 2014 Wei Wang (UNSW) COMP7640 @ HKBU.tut9 November
More informationIntrusion Detection. Daniel Bosk. Department of Information and Communication Systems, Mid Sweden University, Sundsvall.
Intrusion Detection Daniel Bosk Department of Information and Communication Systems, Mid Sweden University, Sundsvall. intrusion.tex 2093 2014-11-26 12:20:57Z danbos Overview 1 Intruders Intruders Behaviour
More informationIntroduction to Data Management. Lecture #26 (Transactions, cont.)
Introduction to Data Management Lecture #26 (Transactions, cont.) Instructor: Mike Carey mjcarey@ics.uci.edu Database Management Systems 3ed, R. Ramakrishnan and J. Gehrke 1 Announcements v HW and exam
More informationCS 5300 module6. Problem #1 (10 Points) a) Consider the three transactions T1, T2, and T3, and the schedules S1 and S2.
Name CS 5300 module6 Student ID Problem #1 (10 Points) a) Consider the three transactions T1, T2, and T3, and the schedules S1 and S2. T1: r1(x); r1(z); w1(x); T2: r2(y); r2(z); w2(y); T3: w3(x); r3(y);
More informationTraining for the cyber professionals of tomorrow
Hands-On Labs Training for the cyber professionals of tomorrow CYBRScore is a demonstrated leader in professional cyber security training. Our unique training approach utilizes immersive hands-on lab environments
More informationRecoverability. Kathleen Durant PhD CS3200
Recoverability Kathleen Durant PhD CS3200 1 Recovery Manager Recovery manager ensures the ACID principles of atomicity and durability Atomicity: either all actions in a transaction are done or none are
More informationDatabases - Transactions
Databases - Transactions Gordon Royle School of Mathematics & Statistics University of Western Australia Gordon Royle (UWA) Transactions 1 / 34 ACID ACID is the one acronym universally associated with
More informationNOTES W2006 CPS610 DBMS II. Prof. Anastase Mastoras. Ryerson University
NOTES W2006 CPS610 DBMS II Prof. Anastase Mastoras Ryerson University Recovery Transaction: - a logical unit of work. (text). It is a collection of operations that performs a single logical function in
More informationARIES (& Logging) April 2-4, 2018
ARIES (& Logging) April 2-4, 2018 1 What does it mean for a transaction to be committed? 2 If commit returns successfully, the transaction is recorded completely (atomicity) left the database in a stable
More informationTransaction Processing Concepts and Theory. Truong Tuan Anh CSE-HCMUT
1 Transaction Processing Concepts and Theory Truong Tuan Anh CSE-HCMUT 2 Outline Introduction to Transaction Processing Transaction and System Concepts Desirable Properties of Transactions Characterizing
More informationDefensive Execution of Transactional Processes against Attacks
Defensive Execution of Transactional Processes against Attacks Meng Yu, Wanyu Zang Department of Computer Science Monmouth University, 07764 myu@monmouth.edu Peng Liu School of Information Sciences and
More informationImplementing Isolation
CMPUT 391 Database Management Systems Implementing Isolation Textbook: 20 & 21.1 (first edition: 23 & 24.1) University of Alberta 1 Isolation Serial execution: Since each transaction is consistent and
More informationXI. Transactions CS Computer App in Business: Databases. Lecture Topics
XI. Lecture Topics Properties of Failures and Concurrency in SQL Implementation of Degrees of Isolation CS338 1 Problems Caused by Failures Accounts(, CId, BranchId, Balance) update Accounts set Balance
More informationWhy Transac'ons? Database systems are normally being accessed by many users or processes at the same 'me.
Transac'ons 1 Why Transac'ons? Database systems are normally being accessed by many users or processes at the same 'me. Both queries and modifica'ons. Unlike opera'ng systems, which support interac'on
More informationCSE 444: Database Internals. Lectures 13 Transaction Schedules
CSE 444: Database Internals Lectures 13 Transaction Schedules CSE 444 - Winter 2018 1 About Lab 3 In lab 3, we implement transactions Focus on concurrency control Want to run many transactions at the same
More informationAccess Controls. CISSP Guide to Security Essentials Chapter 2
Access Controls CISSP Guide to Security Essentials Chapter 2 Objectives Identification and Authentication Centralized Access Control Decentralized Access Control Access Control Attacks Testing Access Controls
More informationThe Gartner Security Information and Event Management Magic Quadrant 2010: Dealing with Targeted Attacks
The Gartner Security Information and Event Management Magic Quadrant 2010: Dealing with Targeted Attacks Mark Nicolett Notes accompany this presentation. Please select Notes Page view. These materials
More information90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on April 16, 2018 15:41 PM O verview 1 90% Compliance About PCI DSS 2.0 PCI-DSS is a legal obligation mandated not by government
More informationChapter 20 Introduction to Transaction Processing Concepts and Theory
Chapter 20 Introduction to Transaction Processing Concepts and Theory - Logical units of DB processing - Large database and hundreds of transactions - Ex. Stock market, super market, banking, etc - High
More informationDatabase Isolation and Filtering against Data Corruption Attacks
Database Isolation and Filtering against Data Corruption Attacks Meng Yu, Wanyu Zang Department of Computer Science Western Illinois University Peng Liu College of Information Sciences and Technology The
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 19: Intrusion Detection Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline Intruders Intrusion detection host-based network-based
More informationA Sense of Self for Unix Processes
A Sense of Self for Unix Processes Stepannie Forrest,Steven A. Hofmeyr, Anil Somayaji, Thomas A. Longstaff Presenter: Ge Ruan Overview This paper presents an intrusion detection algorithm which is learned
More informationNetwork Intrusion Analysis (Hands on)
Network Intrusion Analysis (Hands on) TCP/IP protocol suite is the core of the Internet and it is vital to understand how it works together, its strengths and weaknesses and how it can be used to detect
More informationTransaction Management Overview
Transaction Management Overview Chapter 16 CSE 4411: Database Management Systems 1 Transactions Concurrent execution of user programs is essential for good DBMS performance. Because disk accesses are frequent,
More informationApproaches and Challenges in Database Intrusion Detection
Approaches and Challenges in Database Intrusion Detection Ricardo Jorge Santos CISUC DEI FCTUC University of Coimbra 3030-290 Coimbra Portugal lionsoftware.ricardo@gmail.com Jorge Bernardino CISUC DEIS
More informationA SYSTEM FOR DETECTION AND PRVENTION OF PATH BASED DENIAL OF SERVICE ATTACK
A SYSTEM FOR DETECTION AND PRVENTION OF PATH BASED DENIAL OF SERVICE ATTACK P.Priya 1, S.Tamilvanan 2 1 M.E-Computer Science and Engineering Student, Bharathidasan Engineering College, Nattrampalli. 2
More informationRansomware A case study of the impact, recovery and remediation events
Ransomware A case study of the impact, recovery and remediation events Peter Thermos President & CTO Tel: (732) 688-0413 peter.thermos@palindrometech.com Palindrome Technologies 100 Village Court Suite
More informationA Survey of Self-Protecting Computing Systems
A Survey of Self-Protecting Computing Systems Essien Ayanam The Volgenau School of Engineering George Mason University Fairfax, Virginia, 22030, USA Email: eayanam@gmu.edu Outline Introduction Overview
More informationBuilding a Reactive Immune System for Software Services
Building a Reactive Immune System for Software Services Tobias Haupt January 24, 2007 Abstract In this article I summarize the ideas and concepts of the paper Building a Reactive Immune System for Software
More informationCopyright 2016 Ramez Elmasri and Shamkant B. Navathe
CHAPTER 20 Introduction to Transaction Processing Concepts and Theory Introduction Transaction Describes local unit of database processing Transaction processing systems Systems with large databases and
More informationREORGANIZATION OF THE DATABASE LOG FOR INFORMATION WARFARE DATA RECOVERY
REORGANIZATION OF THE DATABASE LOG FOR INFORMATION WARFARE DATA RECOVERY Rumman Sobhan and Brajendra Panda Computer Science Department. University 0/ North Dakota Abstract: Using traditional logs that
More informationDesign, Implementation, and Evaluation of A Repairable Database Management System
Design, Implementation, and Evaluation of A Repairable Database Management System Tzi-cker Chiueh Dhruv Pilania Rether Networks Inc. 99 Mark Tree Road, Suite 301, Centereach, NY 11720 {chiueh@rether.com
More informationNOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect
NOTHING IS WHAT IT SIEMs: COVER PAGE Simpler Way to Effective Threat Management TEMPLATE Dan Pitman Principal Security Architect Cybersecurity is harder than it should be 2 SIEM can be harder than it should
More informationWhat are Transactions? Transaction Management: Introduction (Chap. 16) Major Example: the web app. Concurrent Execution. Web app in execution (CS636)
What are Transactions? Transaction Management: Introduction (Chap. 16) CS634 Class 14, Mar. 23, 2016 So far, we looked at individual queries; in practice, a task consists of a sequence of actions E.g.,
More informationVolume III, Issue V, May 2014 IJLTEMAS ISSN
Adavance Double Guard System : Detecting & Preventing Intrusions In Multi-Tier Web Applications 1 Ms. Shinde Jyoti R., 2 Asst. Prof. Dabhade Sheetal V., 3 Prof. Pathan S.K. 1, 2, 3 (, Department of Computer
More informationIntruder Alert!: Visual Analysis of Network Intrusion Data. CS 533C Course Project Dustin Lang March 19, 2003
Intruder Alert!: Visual Analysis of Network Intrusion Data CS 533C Course Project Dustin Lang March 19, 2003 The Basic Idea In a security-conscious environment, when a computer is compromised ( cracked
More informationLecture 8: Transactional Memory TCC. Topics: lazy implementation (TCC)
Lecture 8: Transactional Memory TCC Topics: lazy implementation (TCC) 1 Other Issues Nesting: when one transaction calls another flat nesting: collapse all nested transactions into one large transaction
More informationAUTOMATED SECURITY ASSESSMENT AND MANAGEMENT OF THE ELECTRIC POWER GRID
AUTOMATED SECURITY ASSESSMENT AND MANAGEMENT OF THE ELECTRIC POWER GRID Sherif Abdelwahed Department of Electrical and Computer Engineering Mississippi State University Autonomic Security Management Modern
More informationPage 1. CS194-3/CS16x Introduction to Systems. Lecture 8. Database concurrency control, Serializability, conflict serializability, 2PL and strict 2PL
CS194-3/CS16x Introduction to Systems Lecture 8 Database concurrency control, Serializability, conflict serializability, 2PL and strict 2PL September 24, 2007 Prof. Anthony D. Joseph http://www.cs.berkeley.edu/~adj/cs16x
More informationEfficient Network Intrusion Detection System Navaneethakrishnan.P a*,theivanathan.g b
World Journal of Technology, Engineering and Research, Volume 2, Issue 1 (2017) 168-173 Contents available at WJTER World Journal of Technology, Engineering and Research Journal Homepage: www.wjter.com
More informationAdvanced Techniques for DDoS Mitigation and Web Application Defense
Advanced Techniques for DDoS Mitigation and Web Application Defense Dr. Andrew Kane, Solutions Architect Giorgio Bonfiglio, Technical Account Manager June 28th, 2017 2017, Amazon Web Services, Inc. or
More informationEnsure you write your exam number on any sheets which are to be handed in. This paper consists of THREE pages and FOUR questions.
UNIVERSITY OF HERTFORDSHIRE Academic Year: 2012/13 Semester: B SCHOOL OF COMPUTER SCIENCE [Click here and type Department Title] 7COM1010 SECURE SYSTEMS PROGRAMMING DURATION OF EXAM: 2 Hours THE FOLLOWING
More informationTransaction Management: Introduction (Chap. 16)
Transaction Management: Introduction (Chap. 16) CS634 Class 14 Slides based on Database Management Systems 3 rd ed, Ramakrishnan and Gehrke What are Transactions? So far, we looked at individual queries;
More informationIntroduction to Network Security Missouri S&T University CPE 5420 Anomaly Detection
Introduction to Network Security Missouri S&T University CPE 5420 Anomaly Detection Egemen K. Çetinkaya Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of Science
More informationInsider Threats. Nathalie Baracaldo. School of Information Sciences. March 26 th, 2015
Insider Threats Nathalie Baracaldo Ph.D. Candidate date School of Information Sciences March 26 th, 2015 1 Insider Attacks According to CERT insider attackers are defined as: Currently or previously employed
More informationDatabase Management Systems Reliability Management
Database Management Systems Reliability Management D B M G 1 DBMS Architecture SQL INSTRUCTION OPTIMIZER MANAGEMENT OF ACCESS METHODS CONCURRENCY CONTROL BUFFER MANAGER RELIABILITY MANAGEMENT Index Files
More informationIntrusion Detection Systems (IDS)
Intrusion Detection Systems (IDS) Presented by Erland Jonsson Department of Computer Science and Engineering Contents Motivation and basics (Why and what?) IDS types and detection principles Key Data Problems
More informationHow Breaches Really Happen
How Breaches Really Happen www.10dsecurity.com About Dedicated Information Security Firm Clients Nationwide, primarily in financial industry Services Penetration Testing Social Engineering Vulnerability
More informationtransaction - (another def) - the execution of a program that accesses or changes the contents of the database
Chapter 19-21 - Transaction Processing Concepts transaction - logical unit of database processing - becomes interesting only with multiprogramming - multiuser database - more than one transaction executing
More informationSPECIAL ISSUE, PAPER ID: IJDCST-09 ISSN
Digital Forensics CH. RAMESH BABU, Asst.Proffessor, Dept. Of MCA, K.B.N.College, Vijayawada Abstract: The need for computer intrusion forensics arises from the alarming increase in the number of computer
More informationApplication-Level Isolation Using Data Inconsistency Detection
Application-Level Isolation Using Data Inconsistency Detection Amgad Fayad, Sushil Jajodia, and Catherine D. McCollum The MITRE Corporation 1820 Dolley Madison Boulevard McLean, Virginia 22102 {afayad,
More informationCS298 Report Schemes to make Aries and XML work in harmony
CS298 Report Schemes to make Aries and XML work in harmony Agenda Our project goals ARIES Overview Natix Overview Our Project Design and Implementations Performance Matrixes Conclusion Project Goals Develop
More informationPrevention Of Cross-Site Scripting Attacks (XSS) On Web Applications In The Client Side
www.ijcsi.org 650 Prevention Of Cross-Site Scripting Attacks (XSS) On Web Applications In The Client Side S.SHALINI 1, S.USHA 2 1 Department of Computer and Communication, Sri Sairam Engineering College,
More informationWork Report: Lessons learned on RTM
Work Report: Lessons learned on RTM Sylvain Genevès IPADS September 5, 2013 Sylvain Genevès Transactionnal Memory in commodity hardware 1 / 25 Topic Context Intel launches Restricted Transactional Memory
More informationLectures 8 & 9. Lectures 7 & 8: Transactions
Lectures 8 & 9 Lectures 7 & 8: Transactions Lectures 7 & 8 Goals for this pair of lectures Transactions are a programming abstraction that enables the DBMS to handle recoveryand concurrency for users.
More informationWeb Gate Keeper: Detecting Encroachment in Multi-tier Web Application
Web Gate Keeper: Detecting Encroachment in Multi-tier Web Application Sanaz Jafari Prof.Dr.Suhas H. Patil (GUIDE) ABSTRACT The Internet services and different applications become vital part of every person
More informationIntrusion Detection Systems
Intrusion Detection Systems Dr. Ahmad Almulhem Computer Engineering Department, KFUPM Spring 2008 Ahmad Almulhem - Network Security Engineering - 2008 1 / 15 Outline 1 Introduction Overview History 2 Types
More informationIntruders, Human Identification and Authentication, Web Authentication
Intruders, Human Identification and Authentication, Web Authentication David Sanchez Universitat Pompeu Fabra 06-06-2006 Lecture Overview Intruders and Intrusion Detection Systems Human Identification
More informationFirewalls, Tunnels, and Network Intrusion Detection
Firewalls, Tunnels, and Network Intrusion Detection 1 Intrusion Detection Systems Intrusion Actions aimed at compromising the security of the target (confidentiality, integrity, availability of computing/networking
More informationBehavior-based Authentication Systems. Multimedia Security
Behavior-based Authentication Systems Multimedia Security Part 1: User Authentication Through Typing Biometrics Features Part 2: User Re-Authentication via Mouse Movements 2 User Authentication Through
More informationMcPAD and HMM-Web: two different approaches for the detection of attacks against Web applications
McPAD and HMM-Web: two different approaches for the detection of attacks against Web applications Davide Ariu, Igino Corona, Giorgio Giacinto, Fabio Roli University of Cagliari, Dept. of Electrical and
More informationEvolution Of Cyber Threats & Defense Approaches
Evolution Of Cyber Threats & Defense Approaches Antony Abraham IT Architect, Information Security, State Farm Kevin McIntyre Tech Lead, Information Security, State Farm Agenda About State Farm Evolution
More informationUNIT 9 Crash Recovery. Based on: Text: Chapter 18 Skip: Section 18.7 and second half of 18.8
UNIT 9 Crash Recovery Based on: Text: Chapter 18 Skip: Section 18.7 and second half of 18.8 Learning Goals Describe the steal and force buffer policies and explain how they affect a transaction s properties
More informationData Mining for Intrusion Detection: from Outliers to True Intrusions
Data Mining for Intrusion Detection: from Outliers to True Intrusions Goverdhan Singh 1, Florent Masseglia 1, Cline Fiot 1, Alice Marascu 1, and Pascal Poncelet 2 1 INRIA Sophia Antipolis, 2004 route des
More informationCprE 458/558: Real-Time Systems. Lecture 17 Fault-tolerant design techniques
: Real-Time Systems Lecture 17 Fault-tolerant design techniques Fault Tolerant Strategies Fault tolerance in computer system is achieved through redundancy in hardware, software, information, and/or computations.
More informationCSC 261/461 Database Systems Lecture 21 and 22. Spring 2017 MW 3:25 pm 4:40 pm January 18 May 3 Dewey 1101
CSC 261/461 Database Systems Lecture 21 and 22 Spring 2017 MW 3:25 pm 4:40 pm January 18 May 3 Dewey 1101 Announcements Project 3 (MongoDB): Due on: 04/12 Work on Term Project and Project 1 The last (mini)
More informationInvestigative Data Warehousing and Mining for Database Security
Association for Information Systems AIS Electronic Library (AISeL) AMCIS 2006 Proceedings Americas Conference on Information Systems (AMCIS) December 2006 Investigative Data Warehousing and Mining for
More informationFailure Diagnosis and Cyber Intrusion Detection in Transmission Protection System Assets Using Synchrophasor Data
Failure Diagnosis and Cyber Intrusion Detection in Transmission Protection System Assets Using Synchrophasor Data Anurag Srivastava, Bo Cui, P. Banerjee Washington State University NASPI March 2017 Outline
More informationAPPLICATION OF INTRUSION DETECTION SOFTWARE TO PROTECT TELEMETRY DATA IN OPEN NETWORKED COMPUTER ENVIRONMENTS.
APPLICATION OF INTRUSION DETECTION SOFTWARE TO PROTECT TELEMETRY DATA IN OPEN NETWORKED COMPUTER ENVIRONMENTS. Item Type text; Proceedings Authors Kalibjian, Jeffrey R. Publisher International Foundation
More informationDETECTION AND PREVENTION OF MALICIOUS ACTIVITIES OFRELATIONAL DATABASE MANAGEMENT SYSTEMS (RDBMS)
DETECTION AND PREVENTION OF MALICIOUS ACTIVITIES OFRELATIONAL DATABASE MANAGEMENT SYSTEMS (RDBMS) ARAFAT MOHAMMED RASHAD ALDHOQM A projectreport submitted in partial fulfillment of the requirements for
More informationMotivating Example. Motivating Example. Transaction ROLLBACK. Transactions. CSE 444: Database Internals
CSE 444: Database Internals Client 1: SET money=money-100 WHERE pid = 1 Motivating Example Client 2: SELECT sum(money) FROM Budget Lectures 13 Transaction Schedules 1 SET money=money+60 WHERE pid = 2 SET
More informationTransactions. Silberschatz, Korth and Sudarshan
Transactions Transaction Concept ACID Properties Transaction State Concurrent Executions Serializability Recoverability Implementation of Isolation Transaction Definition in SQL Testing for Serializability.
More informationepldt Web Builder Security March 2017
epldt Web Builder Security March 2017 TABLE OF CONTENTS Overview... 4 Application Security... 5 Security Elements... 5 User & Role Management... 5 User / Reseller Hierarchy Management... 5 User Authentication
More informationCS System Security 2nd-Half Semester Review
CS 356 - System Security 2nd-Half Semester Review Fall 2013 Final Exam Wednesday, 2 PM to 4 PM you may bring one 8-1/2 x 11 sheet of paper with any notes you would like no cellphones, calculators This
More information