Policies Based Intrusion Response System for DBMS

Nayeem, Fatima, Vijayakamal, M.

01 December 2012

Relational databases are built on Relational Model proposed by Dr. E. F. Codd. The relational model has become a consistent and widely used DBMS in the world. The databases in this model are efficient in storing and retrieval of data besides providing authentication through credentials. However, there might be many other attacks apart from stealing credentials and intruding database. Adversaries may always try to intrude into the relational database for monetary or other gains [1]. The relational databases are subjected to malicious attacks as they hold the valuable business data which is sensitive in nature. Monitoring such database continuously is a task which is inevitable keeping the importance of database in mind. This is a strategy that is in top five database strategies as identified by Gartner research which are meant for getting rid of data leaks in organizations [2]. There are regulations from governments like US with respect to managing data securely. The data management like HIAPP, GLBA, and PCI etc. is mentioned in the regulations as examples. / Intrusion detection systems play an important role in detecting online intrusions and provide necessary alerts. Intrusion detection can also be done for relational databases. Intrusion response system for a relational database is essential to protect it from external and internal attacks. We propose a new intrusion response system for relational databases based on the database response policies. We have developed an interactive language that helps database administrators to determine the responses to be provided by the response system based on the malicious requests encountered by relational database. We also maintain a policy database that maintains policies with respect to response system. For searching the suitable policies algorithms are designed and implemented. Matching the right policies and policy administration are the two problems that are addressed in this paper to ensure faster action and prevent any malicious changes to be made to policy objects. Cryptography is also used in the process of protecting the relational database from attacks. The experimental results reveal that the proposed response system is effective and useful.

Intrusion detection

intrusion response system

policies

relational database

Design and Implementation of an Efficient Intrusion Response System for 5G RAN Baseband Units / Design och implementering av ett effektivt intrångsresponssystem för 5G RAN-basbandsenheter

Ghazzawi, Mirna, Imran, Adil

January 2023

The 5G Radio Access Network (RAN) is a critical system that must be secured against potential attacks, particularly its Base-Band Unit (BBU), which is a common target for intrusions. Ericsson, which is a big provider of such systems, has placed significant emphasis on implementing Intrusion Detection Systems (IDS) to detect threats. However, the attention given to Intrusion Response Systems (IRS) in general is limited, with current challenges including false alarms, response cost, response time and reliability. Also, the hardware limitations of the BBU present difficulties in designing an effective IRS. To address these challenges, a semi-automated IRS was implemented with a dynamic and cost-based response selection approach. Open Source SECurity (OSSEC), which is a free, open-source endpoint detection and response tool, was employed to execute the selected responses. The effectiveness of the IRS was assessed based on Ericsson's requirements, reliability, response time, response cost and false alarms. The results obtained show that the proposed IRS is reliable as it can handle a huge number of intrusions and has negligible performance overhead in less extreme attack cases. These findings offer valuable insights into addressing intrusions within a system with constrained hardware resources.

Intrusion Response System

Security

OSSEC

Radio Access Network

Baseband Units

Computer Systems

Datorsystem

RSU-Based Intrusion Detection and Autonomous Intersection Response Systems

Yurkovich, Peter Joseph

10 March 2022

Vehicular safety and efficiency has been an ongoing research topic since the creation of the automobile. Despite this, deaths due to vehicular accidents are still extremely common, with driver issues and errors causing a vast majority of them. In order to combat the safety risks, Connected and Autonomous Vehicles (CAV) and other smart solutions have been heavily researched. CAVs provide the means to increase the safety of travel as well as its efficiency. However, before connected vehicles can be deployed and utilized, safe and secure communication and standards need to be created and evaluated to ensure that the introduction of a new safety threat does not overshadow the one that is already being faced. As such, it is integral for Intelligent Transportation Systems (ITS) to prevent, detect and respond to cyberattacks. This research focuses on the detection and response of ITS components to cyberattacks. An Intrusion Detection System (IDS) located on Roadside Units (RSU) was developed to detect misbehavior nodes. This model maintains a 98%-100% accuracy while reducing system overhead by removing the need for edge or cloud computing. A resilient Intrusion Response System (IRS) for a autonomous intersection was developed to protect again sybil attacks. The IRS utilizes adaptive switching between several intersection types to reduce delay by up to 78% compared to intersections without these defenses. / Master of Science / Vehicular safety and efficiency has been an ongoing research topic since the creation of the automobile. Despite this, deaths due to vehicular accidents are still extremely common, with driver issues and errors causing a vast majority of them. In order to combat the safety risks, Connected and Autonomous Vehicles (CAV) and other smart solutions have been heavily researched. CAVs provide the means to increase the safety of travel as well as its efficiency. However, before connected vehicles can be deployed and utilized, safe and secure communication and standards need to be created and evaluated to ensure that the introduction of a new safety threat does not overshadow the one that is already being faced. As such it is integral for Intelligent Transportation Systems (ITS) to prevent, detect and respond to cyberattacks. This research focuses on the detection and response of ITS components to cyberattacks. An Intrusion Detection System (IDS) was created to detect vehicles misbehaving or conducting cyberattacks. The IDS is installed on off-road computers, called Roadside Units (RSU) which prevents the need for a separate server to be created to hold the IDS. The IDS is able to identify misbehavior and attacks at a 98% to 100% accuracy. An autonomous intersection is an intersection where all directions for driving through the intersection are transmitted through wireless communication. A Intrusion Response System (IRS) was developed for an autonomous intersection, to defend against vehicles making multiple reservation requests to pass through the intersection. The IRS reduces vehicle delay through the intersection by 78% compared to an intersection without defenses.

Vehicle ad hoc Network

Intrusion Detection System

Autonomous Intersection

Intrusion Response System

RESPOSTAS AUTOMÁTICAS PARA MELHORIA DA SEGURANÇA EM SISTEMAS DE DETECÇÃO DE INTRUSOS / AUTOMATIC ANSWERS FOR IMPROVEMENT OF THE SECURITY IN DETECTION SYSTEMS OF INTRUDERS

SANTOS, Glenda de Lourdes Ferreira dos

21 November 2003

Made available in DSpace on 2016-08-17T14:52:54Z (GMT). No. of bitstreams: 1 Glenda de Lourdes Ferreira dos Santos.pdf: 972743 bytes, checksum: 111a2522d029325d266db2465a430638 (MD5) Previous issue date: 2003-11-21 / The development of approaches for proving fast reactions against intruders and attackers have been one of the most important requirements in the critical defense of computer networks, since the intrusion occur quickly, demanding reactions without human intervention. These approaches should be able to, autonomously, respond to attacks and deal with several important aspects of the computer security problem in order to reduce the system administrator s workload Such approaches can offer larger reliability and effectiveness in the detection and response processes, a higher rate of security to private networks, better defense possibilities and, in addition, minimize the intruder's change of success. This research work deals with the specification of a society of intelligent agents for assessment and enhancement of intrusion response systems in computer networks. The proposal of the model of intrusion response system (IRS) be based on in several available architectures, in order to look for better solutions for the problems faced in the modelling of a system of that level. With that, was modeled a system to approach the main desirable functionalities for a system of active answers. The system, as part of the NIDIA (Network Intrusion Detection System based on Intelligent Agents) (Lima, 2001), is formed by a society of agents that are responsible for the functions of identification of the characteristic of the attack, choice of the best reaction strategy and for the execution of the response.The society is composed by agents able to determine and apply automatically corrective actions against attacks classified according to a given severity taxonomic model. In the proposed model was looked for to define response to intrusions for abuse and for anomaly to guarantee a lower robustness to the system. / O desenvolvimento de mecanismos para reações rápidas contra intrusos tem sido um dos mais importantes requisitos na defesa crítica de redes de computador, visto que estes agem rapidamente exigindo reações sem intervenção humana. Tais mecanismos devem estar habitas a, automaticamente, responder um ataque e lidar com o vários aspectos do problema de seguança de computadores, e com isso reduzir a carga de trabalho do administrador do sistema. Semelhantes características podem oferecer confiança e efetividade no processo de detecção e resposta, alta taxa de segunça a redes privadas, melhores possibilidades de defesa e, ainda, minimizar as chances do intruso. Essa dissertação trata da especificação de uma sociedade de agentes para a avaliação e aprimoramento de sistema de resposta de intrusão em redes de computadores. A proposta de um modelo de sistema de resposta de intrusao(IRS) é baseada em várias arquiteturas disponíveis na procura da melhor solução para os problemas encontrados na modelagem de um sistema deste nível. Com isso, foi modelado um sistema que contenha as principais funcionalidades desejáveis para um de respostas ativas. O sistema, que faz parte do NIDIA(Network Intrusion Detection System based on Intelligent Agents) (Lima, 2001), é formado por uma sociedade de agentes que são responsáveis pelas funções de identificação das características do ataque, escolha da melhor estratégia de reação a pela execução resposta.A sociedade é composta por agentes artificiais aptos em determinar e aplicar automaticamente ações, corretivas e preventivas, contra ataques classificados de acordo com um modelo taxonômico de severidade. No modelo proposto procurou-se definir respostas de intrusoes por abuso e por anomalia para garantir maior robustes ao sistema.

sistema de resposta de intrusão

detecção de intrusos

segurança de redes de computadores

sistemas multiagentes

redes neurais

intrusion response system

intrusion detection

multi-agents systems

neural networks