The Design And Implementation Of Audit And Intrusion Detection In Secure Database

Database Management System (DBMS) has been used widely and gone deep into every field along with the development of information industry. As one of the most widely used software which involves mass of information, database security is highly regarded. And thatis why the 0SCARSEC is issued. As one of the important part of secure database, the auditing center is highly recognized in controlling users behavior, examining the secure events and analyzing afterwards.The security of the traditional DBMS is safeguarded by access control, user authentication, accredit control and so on. But actually we cannot guarantee that no intrusion will be occurred, that is the reason why the database intrusion detection exists. Facing with the problem of lacking of information and semantic blur, we involve the IDS in the auditing center.Firstly, this paper analyses the status and standard of information security. And then study deeply in database audit and intrusion detection. Latterly, this paper introduces the secure model of OSCARSEC and the requirement for the audit system, we analyzes this model in the aspect of traditional security analysis paradigm. By studying these requirements, this paper introduces the framework of the auditing center, and analyzed every module of auditing center deeply on design and implementation.This paper has studied the model and methods of common system's audit subsystems. Combining the characteristic of the secure database, this paper discusses the design of storage, the entrance of log, and so on. Moreover, the audit system easier configured, viewed and managed by introducing the audit switch and threshold.In this paper, we research the IDS inside the auditing center, there are two kinds of IDS: anomaly intrusion and misuse intrusion. Anomaly intrusion has a lower distort percentage, but can not detect the unknown intrusion. While the misuse intrusion has the ability to detect the unknown intrusion, but has a higher distort percentage. The auditing center implements both of the intrusion detection. So we can both affirm an anomaly intrusion and detect some unusually system behavior. It is this paper's latter job to combine these two detection method and make a self-configured intrusion detection system.