Skip to main content
SpringerLink
Log in

Evaluating the Impact of Intrusion Detection Deficiencies on the Cost-Effectiveness of Attack Recovery

  • Conference paper
Information Security (ISC 2004)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3225))

Included in the following conference series:

Abstract

Traditional secure database systems rely on preventive controls and are very limited in surviving malicious attacks because of intrusion detection deficiencies. ITDB, a Intrusion Tolerant Database prototype system, has been proposed, which can detect intrusions, repair the damage caused by intrusions in a timely manner. In this paper, we evaluate ITDB using TPC-C benchmark. The performance measurements show that ITDB system is cost-effective within reasonable False Alarm Rate and Detection Latency ranges. Our experiment results also indicate that ITDB can achieve good survivability without being seriously affected by various intrusion detection deficiencies. It can provide essential database services in the presence of attacks, and maintain the desired essential (security) properties such as integrity and performance.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Ammann, P., Jajodia, S., Liu, P.: Recovery from Malicious Transactions. IEEE Transactions on Knowledge and Data Engineering 15, 1167–1185 (2002)

    Article  Google Scholar 

  2. Ammann, P., Jajodia, S., McCollum, C.D., Blaustein, B.T.: Surviving information warfare attacks on databases. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 164–174 (1997)

    Google Scholar 

  3. Barbara, D., Goel, R., Jajodia, S.: Using checksums to detect data corruption. In: Proceedings of the 2000 International Conference on Extending Data Base Technology (2000)

    Google Scholar 

  4. Bishop, M., Cheung, S., et al.: The Threat from the Net. IEEE Spectrum 38 (1997)

    Google Scholar 

  5. Graubart, R., Schlipper, L., McCollum, C.: Defending database management systems against information warfare attacks. Technical report, The MITRE Corporation (1996)

    Google Scholar 

  6. Helman, P., Liepins, G.: Statistical foundations of audit trail analysis for the detection of computer misuse. IEEE Transactions on Software Engineering 19, 886–901 (1993)

    Article  Google Scholar 

  7. Jagannathan, R., Lunt, T.: System design document: Next generation intrusion detection expert system (nides). Technical report, SRI International (1993)

    Google Scholar 

  8. Knight, J., Sullivan, K., et al.: Survivability architectures: Issues and approaches. In: Proceedings of the 2000 DARPA Information Survivability Conference & Exposition, pp. 157–171 (2000)

    Google Scholar 

  9. Luenam, P., Liu, P.: ODAR: An On-the-fly Damage Assessment and Repair System for Commercial Database Applications. Proc. 15th IFIP WG 11.3 Working Conference on Data and Application Security (2001)

    Google Scholar 

  10. Lunt, T.F.: A Survey of Intrusion Detection Techniques. Computers & Security 12, 405–418 (1993)

    Article  Google Scholar 

  11. Maheshwari, U., Vingralek, R., Shapiro, B.: How to Build a Trusted Database System on Untrusted Storage. In: Proc. USENIX Symposium on Operating Systems Design and Implementation, OSDI (2000)

    Google Scholar 

  12. McDermott, J., Goldschlag, D.: Towards a model of storage jamming. In: Proceedings of the IEEE Computer Security Foundations Workshop, pp. 176–185 (1996)

    Google Scholar 

  13. Medhi, D., Tipper, D.: Multi-layered network survivability- models, analysis, architecture, framework and implementation: An overview. In: Proceedings of the 2000 DARPA Information Survivability Conference & Exposition, pp. 173–186 (2000)

    Google Scholar 

  14. Mukherjee, B., Heberlein, L.T., Levitt, K.N.: Network Intrusion Detection. IEEE Network, 26–41 (1994)

    Google Scholar 

  15. Liu, P.: Architectures for Intrusion Tolerant Database Systems. In: Proc. 2002 Annual Computer Security Applications Conference, pp. 311–320 (2002)

    Google Scholar 

  16. Stavridou, V.: Intrusion tolerant software architectures. In: Proceedings of the 2001 DARPA Information Survivability Conference & Exposition (2000)

    Google Scholar 

  17. TPC-C benchmark, http://www.tpc.org/tpcc/

  18. Wylie, J.J., Bigrigg, M.W., et al.: Survivable information storage systems. IEEE Computer 8, 61–68 (2000)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Pennsylvania State University, University Park, PA, 16802, USA

    Hai Wang, Peng Liu & Lunqun Li

Authors
  1. Hai Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Peng Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Lunqun Li
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institute of psychology, Chinese Academy of Sciences, 100101, Beijing, P.R. China

    Kan Zhang

  2. Department of Software & Information Systems, The University of North Carolina at Charlotte, 9201 University City Blvd, 28223-0001, Charlotte, NC, USA

    Yuliang Zheng

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Wang, H., Liu, P., Li, L. (2004). Evaluating the Impact of Intrusion Detection Deficiencies on the Cost-Effectiveness of Attack Recovery. In: Zhang, K., Zheng, Y. (eds) Information Security. ISC 2004. Lecture Notes in Computer Science, vol 3225. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30144-8_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-30144-8_13

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-23208-7

  • Online ISBN: 978-3-540-30144-8

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation