数据库管理系统的入侵容忍技术研究进展

传统数据库安全的研究重点是如何防止非授权用户对数据库的恶意干扰和破坏，事实上根本无法阻止所有的攻击。因此．在信息战语义下，更为紧迫的是如何找到有效的措施来缓解或消除恶意用户的攻击．而入侵容忍(即抗恶意用户攻击和攻击后DBMS的恢复能力)是数据库安全最为重要的。本文概述了信息战中数据库入侵容忍技术研究的现状，指出了目前存在的问题和未来的研究方向。     

安全数据库概述与前瞻

安全数据库的基本概念包括可信计算基、主客体分离、身份鉴别、数据完整性、自主访问控制、审计、标记与强制访问控制、数据安全模型形式化和访问监控器等.对于访问控制策略、数据库安全模型、数据库入侵检测和数据库入侵限制及恢复技术是今后研究的重要方向.     

信息战下的数据库安全——我国的特殊需求分析和对策

在国际风云变幻，计算机和通信技术飞速发展的今天，研究如何保卫信息战的核心资源－数据库－显得尤为重要。首先介绍了国外在信息战下数据库安全的研究成果，然后结合我国关键部门数据库的使用现状和需求，指出在信息战的语义下，如何对抗恶意DBMS的威胁是我国数据库安全的首要任务。描述了恶意DBMS的威胁模型，提出了符合我国关键应用的环境安全假设，并在此基础上提出了相应的对抗原则和措施。     

基于影子页面的MMDB的数据恢复方法

内存数据库数据主拷贝常驻内存,活动事务只与内存打交道,而由于内存的易失性,内存数据库的恢复成为内存数据库的核心技术.讨论了内存数据库的恢复技术,考虑所研究的系统环境限制,设计一种利用影子页面技术,并结合事务一致性检查点、模糊检查点思想,加上多版本技术的内存数据库恢复方法.该方法无需额外的硬件支持,解决了现有内存数据库恢复方法的一些问题.通过日志,检查点、恢复等方面来说明所设计的数据恢复方法,讲述它的备份过程和在事务故障和系统故障情况下恢复系统的过程.     

网格环境下的取证研究

网格是构筑在Intemet上的一组新兴技术,它将高速互联网、高性能计算机、大型数据库、传感器和远程设备等融为一体,提供透明的计算、存储功能.随着网络技术的发展,保护网络及其资源不受恶意程序的破坏也就越来越重要,而在针对网格的攻击发生后,安全人员必须具备处理、恢复并且获得证据的能力.本文在讨论计算机网格安全与取证概念的基础上,结合IDS入侵检测技术,通过对网格安全架构与实时取证技术的深入研究,提出了一种网格环境下的取证模型,并进行了相应分析与论证.     

大型差异数据库中入侵路径恢复模型分析

在大型差异数据库中,假设入侵特征存在较大的伪装,将难以形成入侵判断的依据,无法建立入侵路径恢复模型;提出基于敏感性数据挖掘方法的大型差异数据库中入侵路径恢复方法模型;利用主成分分析方法搜索大型差异数据路中的入侵路径,为模型的建立提供准确的数据基础,利用敏感性数据挖掘方法能够检测到入侵路径的特征,从而能够建立准确的入侵路径模型;实验结果表明,利用改进方法进行大型差异数据库中入侵路径恢复,能够提高恢复的准确性,从而保证大型差异数据库的安全。     

数据挖掘与代理技术在入侵检测中的应用研究

移动代理技术提供了一个新的计算方式,即程序以软件代理的形式出现,它能在一台主机上停止对它的执行,通过移动到第一台主机上恢复执行。数据挖掘技术是从大型的数据库或数据仓库中提取隐含的有潜在价值的信息或模式的一种有效方法。文中在深入研究入侵检测与移动代理技术的基础上,提出了一种基于移动代理的入侵检测系统模型,并对数据挖掘技术在系统中的应用作了详细分析和具体实现。     

入侵容忍数据库技术研究

随着计算机网络技术的不断发展,数据库的安全问题成为人们研究的重点话题。数据库作为重要的存储中心,受到了前所未有的考验。在数据库中的恶意入侵行为,及时发现了也会对数据库的完整性产生了一定的破坏。为此,介绍了入侵容忍数据库技术的组成和功能,并提出了系统的构成和技术改进意见。     

入侵检测技术在数据库系统的应用研究

传统的防火墙技术已难以满足目前的网络安全需要,针对应用及其后台数据库的应用级入侵已经变得越来越猖撅,如SQL注入、跨站点脚本攻击和未经授权的用户访问等。本文提出一个数据库入侵检测系统,以提高数据库的安全性和健壮性。     

基于影子页面和混合日志的MMDB恢复方法

为了提升内存数据库从各种故障中恢复的速度,提出了基于影子页面技术、混合日志策略以及模糊检查点思想的内存数据库恢复方法。在分析内存数据库运行过程中主要的时间消耗点的基础上建立了内存数据库的系统模型,通过分析事务过程和检查点过程,讨论了该恢复策略的执行过程以及优点,讲述了内存数据库在此系统模型和恢复策略下的事务故障和系统故障的恢复过程以及系统的性能分析。     

Recovery from malicious transactions

Preventive measures sometimes fail to deflect malicious attacks. We adopt an information warfare perspective, which assumes success by the attacker in achieving partial, but not complete, damage. In particular, we work in the database context and consider recovery from malicious but committed transactions. Traditional recovery mechanisms do not address this problem, except for complete rollbacks, which undo the work of benign transactions as well as malicious ones, and compensating transactions, whose utility depends on application semantics. Recovery is complicated by the presence of benign transactions that depend, directly or indirectly, on the malicious transactions. We present algorithms to restore only the damaged part of the database. We identify the information that needs to be maintained for such algorithms. The initial algorithms repair damage to quiescent databases; subsequent algorithms increase availability by allowing new transactions to execute concurrently with the repair process. Also, via a study of benchmarks, we show practical examples of how offline analysis can efficiently provide the necessary data to repair the damage of malicious transactions.     

基于协议分析的网络入侵检测技术

网络协议分析是网络入侵检测中的一种关键技术,当前主要方法是对网络层和传输层协议进行分析。文章基于状态转换进行协议分析和检测,以充分利用协议的状态信息检测入侵,有效地完成包括应用层协议在内的网络各层协议的分析,更加精确地定位了检测域,提高了检测的全面性、准确性和检测效率;这种方法综合了异常检测和误用检测技术,可以更有效地检测协议执行时的异常和针对协议的攻击,并且可检测变体攻击、拒绝服务攻击等较难检测的攻击。     

Transaction Fusion: A Model for Data Recovery from Information Attacks

The escalation of electronic attacks on databases in recent times demands fast and efficient recovery methods. The existing recovery techniques are too time-consuming as they first undo all malicious and affected transactions individually, and then redo all affected transactions, again, individually. In this paper, we propose a method that accelerates the undo and redo phases of the recovery. The method developed involves combining or fusing malicious or affected transactions occurring in groups. These fused transactions are executed during undo and redo phases instead of execution of individual transactions. By fusing relevant transactions into a single transaction, the number of operations such as start, commit, read, and write are minimized. Thus, data items which were required to be accessed multiple times in case of individual transactions are accessed only once in a fused transaction. The amount of log I/O's is reduced. This expedites the recovery procedure in the event of information attacks. A simulation analysis of the proposed model confirmed our claim.     

Building semantic kernels for cross-document knowledge discovery using Wikipedia

The age of Internet technology has introduced new types of attacks to new assets that did not exist before. Databases that represent information assets are subject to attacks that have malicious intentions, such as stealing sensitive data, deleting records or violating the integrity of the database. Many counter measures have been designed and implemented to protect the databases and the information they host from attacks. While preventive measures could be overcome and detection measures could detect an attack late after damage has occurred, there is a need for a recovery algorithm that will recover the database to its correct previous state before the attack. Numerous damage assessment and recovery algorithms have been proposed by researchersIn this work, we present an efficient lightweight detection and recovery algorithm that is based on the matrix approach and that can be used to recover from malicious attacks. We compare our algorithm with other approaches and show the performance results.     

An appraisal and design of a multi-agent system based cooperative wireless intrusion detection computational intelligence technique

The deployment of wireless sensor networks and mobile ad-hoc networks in applications such as emergency services, warfare and health monitoring poses the threat of various cyber hazards, intrusions and attacks as a consequence of these networks’ openness. Among the most significant research difficulties in such networks safety is intrusion detection, whose target is to distinguish between misuse and abnormal behavior so as to ensure secure, reliable network operations and services. Intrusion detection is best delivered by multi-agent system technologies and advanced computing techniques. To date, diverse soft computing and machine learning techniques in terms of computational intelligence have been utilized to create Intrusion Detection and Prevention Systems (IDPS), yet the literature does not report any state-of-the-art reviews investigating the performance and consequences of such techniques solving wireless environment intrusion recognition issues as they gain entry into cloud computing. The principal contribution of this paper is a review and categorization of existing IDPS schemes in terms of traditional artificial computational intelligence with a multi-agent support. The significance of the techniques and methodologies and their performance and limitations are additionally analyzed in this study, and the limitations are addressed as challenges to obtain a set of requirements for IDPS in establishing a collaborative-based wireless IDPS (Co-WIDPS) architectural design. It amalgamates a fuzzy reinforcement learning knowledge management by creating a far superior technological platform that is far more accurate in detecting attacks. In conclusion, we elaborate on several key future research topics with the potential to accelerate the progress and deployment of computational intelligence based Co-WIDPSs.     

基于簇的传感器网络节点复制攻击检测

当传感器节点布置在敌方区域并遭到敌人捕获时,敌方有能力破解传感器节点而得到其中所存储的重要信息.敌人一旦掌握这些信息,便可以复制一系列这样的节点且将其布置到网络中为进一步开展攻击作准备,这种入侵活动被称为传感器网络节点复制攻击.节点复制不同于诸如路由攻击一类的外部攻击,它直接危害传感器节点,破坏力强,给网络带来严重影响.在现有的分布式检测方法基础上提出一种基于簇结构的传感器网络节点复制攻击检测方案.仿真实验表明,改进的方案能对节点复制攻击做出有效判断,而且传输开销较现有检测方案要小.     

一种基于代理的分布式抗攻击的入侵检测体系结构

提出了一种基于代理(Agent)的入侵检测体系结构。该体系克服了当前入侵检测系统(IDS)的部分缺陷，具有分布式检测、响应入侵的能力，并能对单一主机、检测区域和整个网络进行多层次的检测。利用移动代理，整个检测体系可以灵活、动态地配置和方便地扩展。针对IDS日益成为攻击目标的现状，结合现有保护IDS的研究成果，给出了相应的方法，使该体系能有效地抵抗攻击，有更强的生存能力。     

计算机网络攻击分析及防范技术

本文主要阐述计算机信息网络攻击和入侵的特点、方法以及其安全防范手段和技术。分析了计算机网络信息安全的基本对策     

基于多级入侵容忍的数据库安全体系结构

多级入侵容忍数据库采用多级安全体系结构,将冗余和多样性技术相结合,采用整体安全策略及面向服务的入侵容忍技术,实现数据库的可生存性、可用性及关键数据的机密性、完整性。与其他入侵容忍数据库相比,文中提出的数据库安全体系结构能有效抵御来自于OS级、DBMS级以及事务级的恶意攻击,同时降低了安全成本。