Databases can heal themselves on-the-fly
An innovative new software can detect and correct a database impaired by an attack while the database system continues to process transactions, says a Penn State researcher.
“We simulated attackers behaviors on a database and then monitored the response of the database,” said Dr. Peng Liu, assistant professor of information sciences and technology. “We cant prevent attackers from getting in, but with this technology, the database can heal itself on-the-fly.”
Liu performed the research underlying the technology while a faculty member at the University of Maryland – Baltimore County. He has since established his research team, the Cyber Security Group, in Penn States School of Information Sciences and Technology. The teams areas of expertise include network security, intrusion detection and masking, survivable systems and attack prediction.
All databases are vulnerable to being breached by unauthorized users, former employees or hackers looking for a challenge. With more databases than ever, experts expect the number of database attacks to continue to rise. That leaves at risk such data-intensive applications as e-commerce, air traffic control, command-and-control, and credit card billing systems.
Although many intrusions can be detected soon after the database is breached, the damage usually doesnt stop with the initial transaction. Subsequent transactions and data updating can spread the damage.
Existing recovery software creates its own problems. Rolling back activity to the initial damage is expensive because the work of many unaffected transactions by good users will be lost, Liu said. Second, for commercial databases, suspending the database to clean up the damage is undesirable, and in many cases, unacceptable. International banks, for instance, need 24-7 access to account data.
The family of algorithms developed by Liu and others can detect single, multiple or simultaneous attacks. But it does more. It isolates malicious transactions, so that many benign ones are preserved from being affected and having to be re-executed. It also repairs the database by containing the set of corrupted data objects and then, by undoing or unwinding the direct and indirect effects of the attack.
The technology has another advantage: The software can be adapted for static and on-the-fly repairs. Because its dynamic, new transactions can continue even while the database is being repaired. Furthermore, the new technology is intelligent and adaptive.
“The database can adapt its own behavior and reconfigure itself based on the attack,” Liu said.
A prototype of this attack-resilient software is being tested by the Cyber Security Group and the U.S. Air Force.
Lius research was funded by the Air Force and the Defense Advanced Research Projects Agency. Subsequent grants have come from the National Science Foundation, the Air Force, DARPA and the U.S. Department of Energy.
The Penn State researcher and his co-authors, Paul Ammann and Sushil Jajodia, both of George Mason University, published their findings in the paper, “Recovery From Malicious Transactions,” in the September issue of IEEE Transactions on Knowledge and Data Engineering.
Media Contact
More Information:
http://www.psu.edu/All latest news from the category: Information Technology
Here you can find a summary of innovations in the fields of information and data processing and up-to-date developments on IT equipment and hardware.
This area covers topics such as IT services, IT architectures, IT management and telecommunications.
Newest articles
Innovative 3D printed scaffolds offer new hope for bone healing
Researchers at the Institute for Bioengineering of Catalonia have developed novel 3D printed PLA-CaP scaffolds that promote blood vessel formation, ensuring better healing and regeneration of bone tissue. Bone is…
The surprising role of gut infection in Alzheimer’s disease
ASU- and Banner Alzheimer’s Institute-led study implicates link between a common virus and the disease, which travels from the gut to the brain and may be a target for antiviral…
Molecular gardening: New enzymes discovered for protein modification pruning
How deubiquitinases USP53 and USP54 cleave long polyubiquitin chains and how the former is linked to liver disease in children. Deubiquitinases (DUBs) are enzymes used by cells to trim protein…