D_DIPS: An Intrusion Prevention System for Database Security

• Published in: Information and Communications Security pp. 481 - 490
• Main Authors: Dai, Jiazhu, Miao, Huaikou
• Format: Book Chapter Conference Proceeding
• Language: English
• Published: Berlin, Heidelberg Springer Berlin Heidelberg 2005; Springer
• Series: Lecture Notes in Computer Science
• Subjects: Applied sciences; Computer science; control theory; systems; Computer systems and distributed systems. User interface; Exact sciences and technology; Information systems. Data bases; Memory and file management (including protection and security); Memory organisation. Data processing; Software; Database; Internet; Distributed system; Transaction processing; Real time; Computer security; Network operating systems; False alarm rate
• ISBN: 3540309349; 9783540309345
• ISSN: 0302-9743; 1611-3349
• DOI: 10.1007/11602897_40

There is a growing security concern on the increasing number of databases that are accessible through the Internet because a variety of attacks do succeed to fool the existed database protection mechanisms in many applications. Defense-in-depth strategies like intrusion prevention is urgently needed for database security. Most of research on intrusion prevention focuses on preventing attacks on operating systems and computer networks. Few efforts have been put on database intrusion prevention. Design and implementation of a database intrusion prevention system D_DIPS is presented. The goal of D_DIPS is to detect attacks caused by malicious transactions and cancel them timely before they succeed. The D_DIPS prototype shows D_DIPS can detect and stop attacks of malicious transaction in real time with low false alarm rate.