Abstract
In a data sharing system in a cloud computing environment, such as health care system, peers or data sources execute transactions on-the-fly in response to user queries without any centralized control. In this case confidential data might be intercepted or read by hackers. We cannot consider any centralized control for securing data since we cannot assume any central third party security infrastructure (e.g., PKI) to protect confidential data in a data sharing system. Securing health information from malicious attacks has become a major concern. However, securing the data from attacks sometimes fail and attackers succeed in inserting malicious data. Hence, this presents a need for fast and efficient damage assessment and recovery algorithms. In this paper, we present an efficient data damage assessment and recovery algorithm to delete malicious transactions and recover affected transactions in a data source in a health care system based on the concept of the matrix. We compare our algorithm with other approaches and show the performance results.
Similar content being viewed by others
References
Libicki M, Fellow S (1995) What is information warfare? United States Government Printing, United States
Chu J, Zihui G, Huber R, Ji P, Yates J, Yu Y (2012) ALERT-ID: Analyse Logs of the Network Element in Real Time for Intrusion Detection. Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defences
Kurra K, Panda B, Li W, Hu Y (2015) An Agent based approach to perform damage assessment and recovery efficiently after a cyber attack to ensure E-government database security. Proceedings of the 48th Hawaii International Conference on System Sciences
Hutchinsn W (2006) Information warfare and deception. Inf Sci 9:213–223
Hua D, Xiaolin Q, Guineng Z, Ziyue L (2011) SQRM: an effective solution to suspicious users in database. DBKDA 2011: The Third International Conference on Advances in Databases, Knowledge, and Data Applications, St. Maarten, The Netherlands Antilles
Kim T, Wang X, Zeldovich N, Kaashoek M (2010) Intrusion recovery using selective re-execution. Proceedings of the 9th USENIX Symposium on Operating Systems Design and Implementation (OSDI ’10), pp. 89–104
Chakraborty A, Majumdar A, Sural S (2010) A column dependency based approach for static and dynamic recovery of databases from malicious transactions. Int J Inf Secur (ACM) 9(1):51–67
Panda B, Zhou J (2003) Database damage assessment using a matrix based approach: An intrusion response system. Proceedings of the 7th International Database Engineering and Applications Symposium (IDEAS 2003), pp. 336–341
Panda B, Perrizo W Haraty RA (1994) Secure transaction management and query processing in multilevel secure database systems. Proceedings of the Symposium on Applied Computing. Phoenix, AZ, pp. 363–368
Ning P, Jajodia S (2004) Intrusion detection techniques. Internet Encycl 2:355–368
Megan B (1999) Information warfare: What and how? Carnegie Mellon School of Computer Science. Retrieved from http://www.cs.cmu.edu/~burnsm/InfoWarfare.html
Haeni R (1997) Information warfare an introduction. The George Washington University, Washington DC
Panda B, Haque KA (2002) Extended data dependency approach: a robust way of rebuilding database. Proceedings of the 2002 ACM Symposium on Applied Computing, pp. 445–452
Panda B, Gordano J (1998) Reconstructing the database after electronic attacks. Proceedings of the IFIP TC11 WG 11.3 Twelfth International Working Conference on Database Security XII: Status and Prospects
Ammann P, Jajodia S, Liu P (2002) Recovery from malicious transactions. IEEE Trans Knowl Data Eng 14(5):1167–1185
Fu G, Zhu H, Feng Y, Zhu Y, Shi J, Chen M (2008) Fine grained transaction log for data recovery in database system. Third Asia-Pacific Trusted Infrastructure Technologies Conference (IEEE), Washington, DC, USA
Lomet D, Vagena Z, Barga R (2006) Recovery from “Bad” user transactions. SIGMOD, June 27–29, Chicago, Illinois, USA
Ragothaman P, Panda B (2002) Analyzing transaction logs for effective damage assessment. Proceedings of the 16th Annual IFPI WG 11.3 Working Conference on Database and Application Security, pp. 121–134
Haraty RA, Zeitunlian A (2007) Damage assessment and recovery from malicious transactions using data dependency. ISESCO J Sci Technol 3(4):43–50
Zhou J, Panda B, Hu Y (2004) Succinct and fast accessible data structures for database damage assessment. In: Gosh R, Mohanty H (eds) Distributed computing and internet technology. Springer, Berlin, pp 111–119
Zhou J, Panda B (2005) A log independent distributed database damage assessment model. Proceedings of the 2005 I.E. Workshop on Information Assurance and Security, pp. 302–309
Xie M, Zhu H, Feng Y, Hu G (2008) Tracking and repairing damaged databases using before image table. Japan-China Joint Workshop on Frontier of Computer Science and Technology (IEEE), pp. 36–41
Liu P, Yu M (2011) Damage assessment and repair in attack resilient distributed database systems. Assoc Comput Mach (ACM) 33(1):96–107
Lala C, Panda B (2001) Evaluating damage from cyber-attacks: a model and analysis. IEEE Trans Syst Man Cybern 31(4):300–310
Ray I, McConnell R, Lunacek M, Kumar V (2004) Reducing damage assessment latency in survivable databases. In: Howard W, Lachlan M (eds) Key technologies for data management. Springer, Berlin, pp 106–111
Gray J, Reuter A (1993) Transaction processing concepts and techniques. Morgan Kaufmann, San Francisco
Bernstein P, Hadzilacos V, Goodman N (1987) Concurrency control and recovery in database systems. Addison-Wesley, Massachusetts
Microsoft Corporation – Northwind and Pubs Sample Databases for SQL Server 2000 (2015) http://www.microsoft.com/en-us/download/details.aspx?id=23654. Retrieved on 10 Mar 2015
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Haraty, R.A., Zbib, M. & Masud, M. Data damage assessment and recovery algorithm from malicious attacks in healthcare data sharing systems. Peer-to-Peer Netw. Appl. 9, 812–823 (2016). https://doi.org/10.1007/s12083-015-0361-z
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12083-015-0361-z