L Cai,Xh Yang

DOI: https://doi.org/10.1109/ICSMC.2005.1571196

2005-01-01

Abstract:More and more network attacks are focusing on application level vulnerabilities. Recently, several examples of this trend have been highly publicized such as the SQL Slammer and SQL Snake attacks. Traditional firewalls, used for protecting the database, only prevent attacks searching for vulnerabilities. Database firewalls take defense deep into the organization by providing full syntax control and audit of the SQL AN stream before it reaches the database, and enforcing content-driven access to database. This paper proposes a layered reference model for database firewalls by enhancing the capability of COAST Laboratory's model. It separates a database firewall into three layers (network layer, schematic layer and semantic layer) according to the knowledge, computation target, and the control granularity of each layer. Based on this model, a database firewall product had been prototyped It can greatly improve the database security by introducing self-controlled authentication principal mapping, object mapping, and mandatory access control modules.

Sheng Xu,Yongxiang Xia,Hui-Liang Shen

DOI: https://doi.org/10.1109/jsyst.2022.3150576

IF: 4.802

2022-01-01

IEEE Systems Journal

Abstract:In this article, we study how to resist malware attacks in cyber-physical power systems (CPPSs) through cyber protection. A model that incorporates the power flow analysis, the cyber monitoring and control, and the factor of cyber protection is proposed to simulate malware attacks in CPPSs. Meanwhile, an evaluation method is also developed to estimate the effectiveness of different cyber protection strategies. Through simulations, we conduct case studies in a test CPPS generated by coupling the IEEE 118 Bus System with a scale-free communication network. The protection effects of three heuristic cyber protection strategies, namely, target protection, random protection, and acquaintance protection are compared and analyzed. Simulation results reveal that compared with the other two strategies, target protection can suppress malware propagation and resist malware attacks more effectively. Moreover, we also investigate the optimal cyber protection problem in CPPSs and formulate it as a zero-one integer programming problem. We solve the problem by genetic algorithm and find that some low-degree cyber nodes also play a significant role in resisting malware attacks in CPPSs, especially when the protection budget is tight.

YUAN Chun,WEN Zhen-kun,ZHANG Ji-hong,ZHONG Yu-zhuo

DOI: https://doi.org/10.3321/j.issn:0372-2112.2006.11.023

2006-01-01

Abstract:Researchers on security database concern more and more the security threats from DBA(database administrator),for its resulting in increasing crime to internet commercial databases which exist in the mode of ASP(Application service provider) recently,and its theoretic and technical hardness.Traditional access control could not provide enough security for the purpose,cryptographic security database becomes a promising scheme favored by its computing complexity of mathematical difficulties.We analyse various and up to date security threats to distributed database application systems,and give an overview for cryptographic access control and encryption database technology.Each class and approach is described and evaluated with its cryptographic principle,algorithm characters and positive and negative performance.We focus on the term of cryptanalysis of the schemes,which is considered the crucial points of the technology.

Yawei Zhang,Xiaojun Ye,Feng Xie,Yong Peng

DOI: https://doi.org/10.1109/CIT.2009.69

2009-01-01

Abstract:Security mechanisms within DBMSs are far from effective to detect and prevent anomalous behavior of applications and intrusions from attackers. In fact, intrusions executed by unauthorized users to explore system vulnerabilities, and malicious database transactions executed by authorized users, both cannot be detected and prevented by typical security mechanisms. In this paper we proposed a database intrusion detection system architecture based on the database communication content detection mechanism. Implementation strategies for main components are detailed. Besides, we investigate several critical intrusion detection approaches used in the practice.

Cai Liang,Yang Xiao-hu,Dong Jin-xiang

DOI: https://doi.org/10.1631/bf02881838

2002-01-01

Journal of Zhejiang University SCIENCE A

Abstract:How to protect the database, the kernel resources of information warfare, is becoming more and more important since the rapid development of computer and communication technology. As an application-level firewall, database security proxy can successfully repulse attacks originated from outside the network, reduce to zerolevel damage from foreign DBMS products. We enhanced the capability of the COAST's firewall reference model by adding a transmission unit modification function and an attribute value mapping function, describes the schematic and semantic layer reference model, and finally forms a reference model for DBMS security proxy which greatly helps in the design and implementation of database security proxies. This modeling process can clearly separate the system functionality into three layers, define the possible security functions for each layer, and estimate the computational cost for each layer.

Wen Wei-ping,Qing Si-han

DOI: https://doi.org/10.1007/bf02828623

2005-01-01

Abstract:With the explosive growth of network applications, the threat of the malicious code against network security becomes increasingly serious. In this paper we explore the mechanism of the malicious code by giving an attack model of the malicious code, and discuss the critical techniques of implementation and prevention against the malicious code. Theremaining problems and emerging trends in this area are also addressed in the paper.

Cai Liang,Yang Xiao-hu,Dong Jin-xiang

DOI: https://doi.org/10.1631/jzus.2003.0287

2003-01-01

Journal of Zhejiang University SCIENCE A

Abstract:Database Security and Protection System (DSPS) is a security platform for fighting malicious DBMS. The security and performance are critical to DSPS. The authors suggested a key management scheme by combining the server group structure to improve availability and the key distribution structure needed by proactive security. This paper detailed the implementation of proactive security in DSPS. After thorough performance analysis, the authors concluded that the performance difference between the replicated mechanism and proactive mechanism becomes smaller and smaller with increasing number of concurrent connections; and that proactive security is very useful and practical for large, critical applications.

Suorong Hu,Xiaojun Ye,Yong Peng,Feng Xie

2009-01-01

Journal of Computer Research and Development

Abstract:As the database applications become more and more complicated and open due to the development of the network and database technology,database security is not only about the database itself,but also need analyzing,monitoring and auditing from different dimensions for the database.In this paper,a defense-in-depth protection model is proposed for the database security and a solution is given for developing the related automatic analyzing tools.

Alex Zhu,Wei Qi Yan

DOI: https://doi.org/10.4018/ijdcf.2017100106

2017-01-01

International Journal of Digital Crime and Forensics

Abstract:SQLIA is adopted to attack websites with and without confidential information. Hackers utilized the compromised website as intermediate proxy to attack others for avoiding being committed of cyber-criminal and also enlarging the scale of Distributed Denial of Service Attack DDoS. The DDoS is that hackers maliciously turn down a website and make network resources unavailable to web users. It is extremely difficult to effectively detect and prevent SQLIA because hackers adopt various evading SQLIA Intrusion Detection System techniques. Victims may not be even aware of that their confidential data has been compromised for a long time. In this paper, our contribution is that we evaluate several most popular open source SQLIA tools and SQLIA prevention tools with both qualitative and quantitative assessments.

LI Fang-tao,ZHU Xiao-yan,MENG Li-rong

DOI: https://doi.org/10.3969/j.issn.1000-7024.2006.22.037

2006-01-01

Abstract:An integrated database security architecture is proposed.The encryption/authentication component,making use of cryp-tographic knowledge,not only makes the database integrity and confidentiality,but also have the function of detecting and correcting the single error.The single error correction tolerate the transfer's intrusion,and this enables the outer-level intrusion-tolerance.Inner intrusion-tolerant component provides an intrusion-tolerance based database security structure.The flexibility and the ability of protecting from attacks are improved.This system has the functions of not only intrusion-tolerance,but also encryption and authe-ntication.So it can apply to fields where the higher security level is needed.

王德强,张锐,谢立,宋娇

DOI: https://doi.org/10.3969/j.issn.1002-137X.2002.12.004

2002-01-01

Computer Science

Abstract:Being an important part of Information System, Database Security has absorbed much attention fordecades. First, we bring forth the Database Security's contents, properties of data: sensitivity, integrity and availabil-ity. Several access control models to guarantee these properties are described in this paper. Due to the challengesbrought by advanced DBMSs such as OODBMS and ADBMS, we also discuss some security topics in these fields. Atthe end of this paper, the encryption control and inference control are reviewed together with some trend of thedatabase security technology in the future.

陈旦,杨非,叶晓俊

DOI: https://doi.org/10.3969/j.issn.1001-0548.2015.02.018

2015-01-01

Abstract:According to known and unknown database attacking, we propose an architecture of multi-dimensional attack-aware database activity monitor based on captured SQLs, in which the user database behavior schema set can be constructed in the beginning by monitoring their requests and detect potential attacks by analyzing SQL queries/statements during database running. Based on the SQL’s syntactic structure and semantic feature, we present different user behavior models on SQL schematic and semantic level, session level, and structure for libraries of user behavior patterns. Malicious transactions are detected by means of calculating the structure distance of user database requests with SQLs or SQL sequences in schema matching set of the detection engine.

Xiaohua Li,Gang Wang,Lin Xiao,Maosheng Ding

DOI: https://doi.org/10.1109/TDC.2005.1547134

2005-01-01

Abstract:This paper gives a new more practical software reliability model based on architectures of software components. This model uses semi-Markov chain and can give the quantitative evaluation about the digital protection's software. It analyzes the relation between the material architecture of software's modules and the reliability of software, then changes the model into a semi-Markov one based on the architecture of software's modules. Besides having the characters of the former model, this one have the ability to emulate the reliability in the situation which is the software having complex architecture or the system having the capability about paratactic calculating. Furthermore, the variable parameter method is used to study the sensitivity in order to find the vital factors of reliability. An example is given to demo the proposed techniques. The calculation results prove that the algorithm is viable. © 2005 IEEE.

Yuxia Cheng,Qing Wu,Wenzhi Chen,Bei Wang

DOI: https://doi.org/10.1016/j.jpdc.2018.07.014

IF: 4.542

2018-01-01

Journal of Parallel and Distributed Computing

Abstract:Transmissible cyber threats have become one of the most serious security issues in cyberspace. Many techniques have been proposed to model, simulate and identify threats’ sources and their propagation in large-scale distributed networks. Most techniques are based on the analysis of real networks dataset that contains sensitive information. Traditional in-memory analysis of these dataset often causes data leakage due to system vulnerabilities. If the dataset itself is compromised by adversaries, this threat cost would be even higher than the threat being analysed. In this paper, we propose a new distributed shielded execution framework (Disef) for cyber threats analysis. The Disef framework enables efficient distributed analysis of network dataset while achieves security guarantees of data confidentiality and integrity. In-memory dataset is protected by using a new encrypted key–value format and could be efficiently transferred into Intel SGX enabled enclaves for shielded execution. Our experimental results showed that the proposed framework supports secure in-memory analysis of large network dataset and has comparable performance with systems that have no confidentiality and integrity guarantees.

Ke Chen,Gang Chen,Jinxiang Dong

DOI: https://doi.org/10.1007/11563952_79

2005-01-01

Abstract:Database intrusion detection has been an important research area in database security. It focuses on malicious transaction attacks, which cannot be handled by traditional database security mechanisms, such as authorization, access control, integrity control, and so on. Although there have appeared some intrusion detection systems, current researches on malicious transaction detection are limited in accuracy and efficiency. Inspired by natural immune system, we propose a novel immunity-based intrusion detection solution for database system in this paper. It provides an additional layer of defense against DBMS misuse, especially malicious transactions. The ability to learn and to adapt to the environment dynamically entitles the system to detect both known and unknown malicious transaction intrusions efficiently. Simulations show that the database intrusion detection system based on data immunity can accelerate detection of malicious transaction attacks and improve its accuracy without causing any other performance penalty.

Bai Wen-yang

2010-01-01

Abstract:The development of modern information technology and digitalization of the daily lives brings security database new challenges. It is necessary for a security database to provide access control and privacy protection mechanism to ensure the legal use of data and to prevent privacy breach. This paper introduced an integrated security model which could provide the functions of privacy protection and access control simultaneously by building the connection between the validity of query in parameterized authorization view model and the suspiciousness of a conjunctive select-project-join query in online query audit model, it also designed a polynomial time detecting algorithm and two incorporating frameworks for the integrated model to provide higher performance and fine-grained access control in modern database systems.

ZHOU Yong-lu,WU Hai-yan,JIANG Dong-xing

DOI: https://doi.org/10.3969/j.issn.1671-0428.2012.05.004

2012-01-01

Abstract:As traditional security techniques fail to protect web applications from attacks,more research has focus on intrusion detection for web applications.Access logs are the most important data source for intrusion detection.However,log files usually contain a huge quantity of records.Without effective methods,it is not feasible for administrator to inspect and locate intrusions.Misuse detection and anomaly detection models have been proposed to solve this problem.This paper conducts intrusion detection over a real web application based on statistical anomaly-based models.The result shows these models can effectively detect attacks like SQL injection.

Yijia Cao

2008-01-01

Abstract:According to the development trend and present condition of security protection of power enterprise information integration,a security protection architecture of power enterprise information integration based on the technology of distributed intrusion tolerance with multi-level defense line is proposed.The intrusion tolerance strategies of the proposed architecture consist of following items:(A) the firewall is used as the fundamental protective measures;(B) at key nodes in non-realtime application network,the mobile agents are configured to implement on-line detection and tracking of internal and external intrusions;(C) after the intruder is successfully confirmed by intrusion detection system,according to the requirement of system security the honeypot technology based intrusion inducting system directionally inducts the locked invading flow,and the active defensive mode protects the legitimate system from invasion;(D) by means of slicing-scattering based distributed document management style,the resilient file system serves as the last defense line of enterprise memory system.Moreover,the key security protection problems pertinent to transverse and longitudinal information integration as well as the application of the technologies,such as mobile agents,honeypot,resilient file system and so on,in security protection system are analyzed.Finally,the application of the proposed secure protection architecture is briefly presented.

Yuwei Yao

DOI: https://doi.org/10.1109/iciscae52414.2021.9590714

2021-09-24

Abstract:The computer database that handles big data efficiently has created convenience for modern society, but it has gradually exposed more potential safety hazards in the application process. Computer databases storing massive data are prone to information loss, content tampering and other problems in the face of various attacks. With the development of the Internet and the continuous breakthrough of network technology, there are more and more hidden dangers that undermine network security, and the level and scope of damage are also increasing. This paper mainly describes the related concepts of intrusion detection technology, and puts forward the effective implementation of computer database intrusion detection technology based on virtualization technology, as well as the related strategies of fully optimizing computer database intrusion detection technology, so that the computer database can be effectively protected. Diversified intrusion detection system technology is widely used, which can not only ensure the safe and normal operation of database system, but also prevent the loss of important information and the destruction of structural integrity.

Chun Lei Wang,Qing Miao,Lan Fang,Yi Qi Dai

DOI: https://doi.org/10.4028/www.scientific.net/amr.765-767.1936

2013-01-01

Advanced Materials Research

Abstract:industrial Control System (ICS) performs the tasks of supervisory control and data acquisition of critical infrastructures. With the widely application of computer and network techniques, ICS suffers serious security threats, and malicious codes are one of the most serious security problems. However, there is absent of analysis methods specific for ICS malicious code behaviors in current times. In this paper, a framework for ICS malicious code analysis is presented. Firstly, the ICS attack graph model is established based upon the hierarchical structure of industrial control system and the suffered security threats, which formalizes the attack process of ICS malicious code. Secondly, the runtime information of ICS malicious code is detected and collected for analyzing and assessing the attack behaviors and the resulted impacts. Finally, the ICS simulation environment for malicious code analysis is constructed based upon the framework and the experimental analysis of ICS malicious code is performed which preliminary validates the effectiveness of the proposed framework.