"We simulated attackers' behaviors on a database and then monitored the response of the database," said Dr. Peng Liu, assistant professor of information sciences and technology. "We can't prevent attackers from getting in, but with this technology, the database can heal itself on-the-fly."
Liu performed the research underlying the technology while a faculty member at the University of Maryland – Baltimore County. He has since established his research team, the Cyber Security Group, in Penn State's School of Information Sciences and Technology. The team's areas of expertise include network security, intrusion detection and masking, survivable systems and attack prediction.
All databases are vulnerable to being breached by unauthorized users, former employees or hackers looking for a challenge. With more databases than ever, experts expect the number of database attacks to continue to rise. That leaves at risk such data-intensive applications as e-commerce, air traffic control, command-and-control, and credit card billing systems.
Although many intrusions can be detected soon after the database is breached, the damage usually doesn't stop with the initial transaction. Subsequent transactions and data updating can spread the damage.
Existing recovery software creates its own problems. Rolling back activity to the initial damage is expensive because the work of many unaffected transactions by good users will be lost, Liu said. Second, for commercial databases, suspending the database to clean up the damage is undesirable, and in many cases, unacceptable. International banks, for instance, need 24-7 access to account data.
The family of algorithms developed by Liu and others can detect single, multiple or simultaneous attacks. But it does more. It isolates malicious transactions, so that many benign ones are preserved from being affected and having to be re-executed. It also repairs the database by containing the set of corrupted data objects and then, by undoing or unwinding the direct and indirect effects of the attack.
The technology has another advantage: The software can be adapted for static and on-the-fly repairs. Because it's dynamic, new transactions can continue even while the database is being repaired. Furthermore, the new technology is intelligent and adaptive.
"The database can adapt its own behavior and reconfigure itself based on the attack," Liu said.
A prototype of this attack-resilient software is being tested by the Cyber Security Group and the U.S. Air Force.
Liu's research was funded by the Air Force and the Defense Advanced Research Projects Agency. Subsequent grants have come from the National Science Foundation, the Air Force, DARPA and the U.S. Department of Energy.
The Penn State researcher and his co-authors, Paul Ammann and Sushil Jajodia, both of George Mason University, published their findings in the paper, "Recovery From Malicious Transactions," in the September issue of IEEE Transactions on Knowledge and Data Engineering.
Journal
IEEE Transactions on Knowledge and Data Engineering