Prevention of Malicious Transactions in Database Management Systems

Database Management Systems are a key component in the information infrastructure of most organizations nowadays so security of DBMS has become more crucial. Several mechanisms needed to protect data, such as authentication, user privileges, encryption, and auditing, have been implemented in commercial DBMS. But still there are some ways through which systems may be affected by malicious transactions. Our definition of malicious transaction is that transaction which the user is not authorized to perform. Even the sequence of the operations in the transaction is not to be violated. Existing intrusion detection systems use logs to detect malicious transactions. Logs are the histories of the transactions committed in the database. The disadvantage of using logs is that they require lot of memory. In addition to this sometimes even after a transaction is detected as malicious it cannot be rolled back. In this thesis we present a method by which we can overcome the uses of logs and can detect malicious transactions before they are committed. We use counting bloom filters to store the sequence of commands in a transaction and use a prevention model for instant detection of malicious transactions. Simulation was carried out for a single user providing sequence of queries varying the size of the CBF from 1 to 15 and no. of hashing functions from 1 to 15.It was concluded that by choosing optimal value of size of CBF and number of hashing functions the detector can be made to prevent a malicious transaction with a probability of almost 99.85%

A Review of Security Mechanisms for Detection of Malicious Transactions in Database

Insider attacks formed the biggest threaten against database management systems. There are many mechanisms have been developed to detect and prevent the insider attacks called Detection of Malicious Activities in Database Systems DEMIDS. The DEMIDS consider as one of the last defenses mechanism of the database security system. There are many mechanisms that have been developed to detect and prevent the misuse activities like delete, and update data on the database systems. These mechanisms utilize auditing and profiling methods to detect and prevent the malicious activities. However these mechanisms still have problems to detect the misuse activities such as limit to detect the malicious data on authorized commands. This study will address these problems by propose a mechanism that utilizes dependency relationship among items to detect and prevent the malicious data by calculate a number of relations among data items. If the number of relations among items is not allowed any modification or deletion then the mechanism will detect activity as malicious activity. The evaluation parameters such as detect, false positive and false negative rate use to evaluate the accuracy of proposed mechanism