Monitoring Mission Critical Data for Integrity and Availability

  • Michael Gertz
  • George Csaba
Part of the IFIP — The International Federation for Information Processing book series (IFIPAICT, volume 124)


Protecting the integrity, confidentiality, and availability of mission critical data is one of the primary objectives of IT departments in industry, government, and research. Standard techniques to realize these objectives are often confined to network- and host-based intrusion detection systems, which are known to be inappropriate for handling security threats caused by insiders. This paper introduces the concept of data monitoring systems as an additional line of defense against external and internal security threats. These systems, which are closely coupled with a database managing mission critical data, provide IT personnel with effective means for specifying, detecting, and responding to anomalous behavior of data and data accesses caused by users and applications.

Key words

data auditing data integrity monitoring anomaly detection 


  1. [1]
    Ant Allan: Intrusion Detection Systems (IDSs): Perspective. Gartner Research Report DPRO-95367, Technical Overview, January 2002.Google Scholar
  2. [2]
    Robert Anderson: RAND Corporation. Research and Development Initiatives Focused on Preventing, Detecting, and Responding to Insider Misuse of Critical Information Systems. Conference Proceedings CF-151-OSD, 1999.Google Scholar
  3. [3]
    Silvana Castano, Mariagrazia Fugini, Giacarlo Martella, Pierangela Samarati: Database Security, Addison-Wesley, 1995.Google Scholar
  4. [4]
    Dorothy E. Denning: An Intrusion-Detection Model. IEEE Transactions on Software Engineering 13(2):222–232, 1987.CrossRefGoogle Scholar
  5. [5]
    Tom Fawcett, Foster J. Provost: Combining Data Mining and Machine Learning for Effective User Profiling. In Proceedings of the Second International Conference on Knowledge Discovery and Data Mining (KDD 1996), 8–13, AAAI Press, 1996.Google Scholar
  6. [6]
    Wenke Lee, Salvatore J. Stolfo: A Framework for Constructing Features and Models for Intrusion Detection Systems. ACM Transactions on Information and System Security 3(4):227–261, 2000.CrossRefGoogle Scholar
  7. [7]
    John McHugh: Intrusion and Intrusion Detection, International Journal of Information Security, 1(1):14–35, 2001.Google Scholar
  8. [8]
    Peter G. Neumann: The Challenges of Insider Misuse. Prepared for the Workshop on Preventing, Detecting,and Responding to Malicious Insider Misuse 16–18 August 1999, at RAND, Santa Monica, CA,
  9. [9]
    Richard Power: 2002 CSIJFBI Computer Crime and Security Survey. Computer Security Issues &Trends, Vol. 8, No. 1, Spring 2002, Computer Security Institute, 2002.Google Scholar
  10. [10]
    Dit-Yan Yeung, Yuxin Ding: User Profiling for Intrusion Detection Using Dynamic and Static Behavioral Models. In Advances in Knowledge Discovery and Data Mining, 6th Pacific-Asia Conference (PAKDD 2002), 494–505, LNCS 2336, Springer, 2002.Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2003

Authors and Affiliations

  • Michael Gertz
    • 1
  • George Csaba
    • 2
  1. 1.Department of Computer ScienceUniversity of California at DavisUSA
  2. 2.IPLocks Inc.Santa ClaraUSA

Personalised recommendations