Intrusion Detection and Database Systems

Intrusion Detection and
Database Systems

The Question

Is it possible to leverage the power of today's commercial RDBMS packages to simplfy the tast of managing and searching intrusion detection data? Can we make it easier for the administrator to archive and manipulate this information, make it easier for the security personel to audit and mine this data, and easier for the manager to interpret this data? If so, can we do it in a way that is inexpensive and performs well?

The Answer

Is it possible. We believe that we can design ways of representing data in the database that can make detecting intrusions not only possible but fast, that we can make it easy to mine old datasets for newly discovered patterns of abuse, and that we can do it in a way that has many benifits for the end user.

Why do we think so? Here's our:: Methodologies; Design Concepts and Schemas; Prototype; Team