Recovery of lost or damaged data in a post-intrusion detection scenario is difficult task since database management systems are not designed to deal with malicious committed transactions. Recovery of lost or damaged initialization vectors for data encryption is also a difficult task since this information is critical to recover for a successful decryption of data. Self-securing data turns data-store solutions into active parts of an intrusion survival strategy. Few existing methods developed for this purpose heavily rely on logs and require that the log must not be purged. This causes the log grow tremendously and, since scanning the huge log takes enormous amount of time, recovery becomes a complex and prolonged process.
In this research, we have used data dependency approach to log only selected database columns and selected fields in flat file records. During damage assessment and recovery, we rely on a secure ‘evidence-quality’ log and skip parts of the log that contain unaffected columns. This paper introduces how self-securing data enhances an administrator’s ability to detect, diagnose, and recover from intrusions. First, data-at-rest intrusion detection offers a new observation point for noticing suspect activity. Second, post-hoc intrusion diagnosis starts with a plethora of normally unavailable information. Finally, post-intrusion recovery is reduced to recover a pre-intrusion data image retained by the server. Combined, these features can improve an organization’s ability to survive successful digital intrusions of critical data items.
Any computer system that is connected to a network is vulnerable to information attacks. In spite of all preventive measures, savvy intruders manage to sneak through and damage sensitive data. Initial damage later spreads to other parts of the database when a legitimate transaction updates valid data…