Intrusion Detection and
Database Systems

 
Our Method
  1. A thorough investigation of typical attacks must be made. In this the researchers must exhibit care in detecting commonalities in patterns of attack which will lead to a useful generalized schema design, such that the performance of the system might be acceptable.
  2. A reasonably representative set of attacks must be chosen. These should be of a diverse enough set that a wide range of patterns will be represented in the final schema design.
  3. A schema must be designed that shows both flexibility in the representable set of intrusions and good performance under queries for each type of attack.

Please Note
  1. While performance is an important goal, we do remember that these prototypes are just that: prototypes. We desire to incorporate a large set of functionality, but are aware of the fact that creating this prototype gives us the ability to learn important lessons regarding the marriage of IDS software and RDBMS packages. To that end, we are fully prepared to accept mediocre performance for the time being that we might learn more about the process of uniting these two diverse and complex systems, and furthermore, we are willing to discard an ailing prototype in the interests of advancing our overall task.
  2. We acknowledge that present RDBMS software may not embody the feature set needed to bring this task to fruition. However, we do seek to, if the problem should prove intractable, discover the deficiencies in current IDS and RDBMS software, and provide possible solutions that would advance the state of the art and enable such a marriage of software solutions in the future.