Transaction Dependency Based Approach for Database Damage Assessment Using a Matrix

Transaction Dependency Based Approach for Database Damage Assessment Using a Matrix

Ramzi Ahmed Haraty (Lebanese American University, Beirut, Lebanon), Sanaa Kaddoura (Beirut Arab University, Beirut, Lebanon) and Ahmed Zekri (Beirut Arab University, Beirut, Lebanon)
Copyright: © 2017 |Pages: 13
DOI: 10.4018/IJSWIS.2017040105
OnDemand PDF Download:
$37.50

Abstract

One of the critical concerns in the current era is information security. Companies are sharing vast online critical data, which exposes their databases to malicious attacks. When protection techniques fail to prevent an attack, recovery is needed. Database recovery is not a straightforward procedure, since the transactions are highly interconnected. Traditional recovery techniques do not consider the interconnection between transactions because this information is not saved anywhere in the log file. Thus, they rollback all the transactions starting from the detected malicious transaction to the end of the log file. Hence, both affected and benign transactions will be rolled back, which is a waste of time. This paper presents an algorithm that works efficiently to assess the damage caused in the database by malicious transaction and recovers it. The proposed algorithm keeps track of the transactions that read from one another and store this information in a single matrix. The experimental results prove that the algorithm is faster than any other existing algorithm in this domain.
Article Preview

1. Introduction

Because all information system applications, especially those business-based, are widely based on huge amount of shared data throughout the web, securing data becomes a critical issue to provide the integrity property and durability of database management systems. Information warfare has different definitions. In this paper, we define it as an electronic attack that disrupts computer system. There are many weapons for information warfare like viruses, information collection, service denial, spoofing, worms and chipping (Bernstein, Hadzilacos, & Goodman, 1987).

Defensive information warfare aims to protect computer systems from malicious attacks. It passes through three main phases: prevention, detection and recovery (Bernstein, Hadzilacos, & Goodman, 1987). During the prevention phase, the system works on defending the database against an attack. Nevertheless, the history of data security proves that there is always a successful attack. The detection phase comes next and is handled by an intrusion detection system that works on deciding whether a transaction is malicious or benign. It can prepare a list of all malicious transactions based on the study of the history of transactions. A lot of research has been conducted in this area (Lunt, 1993). However, the detection phase takes time and some benign transactions may become affected if they read data written by malicious transactions. In the third phase, the damage assessment and recovery take place to bring back the database to its consistent state. The consistent state is the state that the database should be in, if a malicious attack did not happen.

In this paper, we are interested in the damage assessment and recovery phase. Database transactions are highly dependent on each other. A data item may be written by one transaction and be read or updated by another one. When a data item that was updated or written by a malicious transaction, is read by a benign transaction, it becomes affected and must be rolled back during the recovery process. To increase the efficiency of the recovery algorithm, its execution time should be minimized to the lowest possible value. Also, the algorithm must only recover affected transactions. In this way, we can ensure the availability of the unaffected part of the database upon conducting the recovery process. The damage assessment phase is a part of the recovery phase.

The damage assessment process is responsible for classifying the database transactions into clean and affected. Alternatively, it can classify data items into clean and affected data items depending on the approach used. There are two approaches for this classification. The first one is the transaction dependency approach that keeps track of any transaction that reads from an affected transaction or a malicious one. Such transactions will be added to the set of affected transactions. The second one is the data dependency approach that keeps track of any data items that are updated by reading malicious or affected data items.

This research presents an innovative database damage assessment approach. The algorithm uses one two-dimensional matrix to store the dependencies between the transactions. Our approach waits for the set of malicious transactions to be sent from the intrusion detection system that is assumed to be available. The algorithm then starts the damage assessment process to identify the affected part of the database. The algorithm will only look at the matrix during damage assessment. There is no need for the log file after building the matrix. In this way, the time needed for the damage assessment process will decrease. The recovery process then recovers only the identified part and leaves the other part of the database available for use. The algorithm considers two important computer resources: execution time and memory. This approach does not use logical operators or “extra” data structures. Only one matrix will hold all the needed information.

The rest of the paper is divided as follows: Section 3 presents a literature review regarding previous works in this domain. In section 4, the proposed database damage assessment and recovery algorithm are discussed in details. In the fifth section, we discuss the experimental results and compare our approach to others. Section 6 presents a conclusion.

Complete Article List

Search this Journal:
Reset
Open Access Articles
Volume 13: 4 Issues (2017)
Volume 12: 4 Issues (2016)
Volume 11: 4 Issues (2015)
Volume 10: 4 Issues (2014)
Volume 9: 4 Issues (2013)
Volume 8: 4 Issues (2012)
Volume 7: 4 Issues (2011)
Volume 6: 4 Issues (2010)
Volume 5: 4 Issues (2009)
Volume 4: 4 Issues (2008)
Volume 3: 4 Issues (2007)
Volume 2: 4 Issues (2006)
Volume 1: 4 Issues (2005)
View Complete Journal Contents Listing