Mining data relationships for database damage assessment in a post information warfare scenario

Author

Hu, Yi ; Panda, Brajendra

Author_Institution

Arkansas Univ., Fayetteville, AR, USA

fYear

2004

fDate

10-11 June 2004

Firstpage

401

Lastpage

409

Abstract

After the detection of a cyber attack on a database system, the intrusion response team of any organization needs to know the damage profile immediately in order to design an appropriate response strategy. Unfortunately obtaining the precise damage status can take up to hours even days. This is because existing approaches to database damage assessment involve significant amount of work including scanning the log file or other auxiliary data structures. Our approach concentrates on making an estimated damage profile as soon as possible. This model is based exclusively on a priori knowledge of data relationships mined during normal database operation phase. This knowledge can be used during damage assessment phase for faster damage assessment.

Keywords

data mining; data structures; database management systems; security of data; cyber attack detection; data mining; data structure; database damage assessment; database operation phase; intrusion response team; post information warfare scenario; Data mining; Data structures; Database systems; Intrusion detection; Operating systems; Transaction databases; USA Councils;

fLanguage

English

Publisher

ieee

Conference_Titel

Information Assurance Workshop, 2004. Proceedings from the Fifth Annual IEEE SMC

Print_ISBN

0-7803-8572-1

Type

conf

DOI

10.1109/IAW.2004.1437845

Filename

1437845