Design and Implementation of Adaptive Intrusion Management Systems

Data-intensive applications exhibit increasing dependability on database systems. With the growing cyber security threats to government and commercial infrastructures, the need to develop high assurance database systems is becoming increasingly important. The objective of this project is to develop a highly resilient database system by incorporating an adaptive intrusion management mechanism throughout the life cycle of such system from design through recovery from attacks. In this proposal, we plan to extend the functionality of an existing database intrusion management system, titled Partition-based Intrusion Management System (PIMS), which has been recently introduced by the PI. We plan to develop an efficient intrusion detection system and integrate it with PIMS. The proposed intrusion detection system will improve the performance of PIMS by reducing false positive rate and detection time delay. Furthermore, in this project, we will address few challenging problems in the current design of PIMS. In particular, PIMS uses a novel design concept of formation of Intrusion Boundaries (IBs), which allow isolation of comprised/damaged portion(s) of the database and restore integrity of data, while maintaining high availability and throughput during response and recovery phases. However, the current IB design in PIMS is static. In real-world applications, cyber-systems need to support dynamic environments that can come in various forms. In database contexts, database transactions may exhibit time varying dependencies among data objects that can create "hotspots", which represent high demand data clusters in the database. Furthermore, a database may employee an access control mechanism which may influence the formation of IBs. In this project, we plan to extend PIMS functionality by proposing a novel dynamic IB configuration that takes into consideration access control roles and emerging hotspots objects to develop a highly adaptive architecture.