1. Field of the Invention
The present invention relates to data processing and, in particular, to a method, apparatus, and program for dynamically weighted analysis for intrusion decision making.
2. Description of the Related Art
Many companies develop or use products that utilize databases. These databases often store sensitive data, such as social security numbers, medical records, financial transactions, and the like. Consequently, database administrators are confronted with maintaining security for these databases. This responsibility may become unwieldy because multiple databases may be located on multiple servers and platforms. In addition, each platform may have a different method of checking database security. Also, security modules/policies constantly change as new vulnerabilities are discovered. New security policies call for new, improved, or updated security checks.
To keep up with changes to security modules and policies, companies must keep their database administrators highly trained, which results in a significant cost to the companies. Furthermore, there is a high risk of human error, because database administrators must keep track of so many databases, security policies, interfaces, etc. Database administrators also have to know and execute the correct security checking of many varying databases in a timely and efficient manner to prevent jeopardizing credibility of products and services.
Current solutions are implemented as scripts that run security checks on a database. However, the security checking is specific to a single database. Also, the scripts only run the checks and do not support resolution of security violations. Scripts also do not easily adapt to the rapidly changing requirements of differing security models/policies or database environments and administration interfaces.
Also, technology is moving toward autonomic computing systems that are self-configuring, self-optimizing, self-healing, and self-protecting with minimal human intervention. However, autonomic computing environments cannot be viable unless the systems are also self-securing. Adequate security must be ensured in an effective manner or autonomic computing will remain only a vision.
An autonomic computing environment may be comprised of several heterogeneously interconnected elements and, in turn, presents many challenges for ensuring sufficient security. One of these challenges involves determining effective criteria and methods for differentiating between normal system failures and those failures that are caused by malicious attacks. Due to such complex challenges, one must first solve how systems can effectively cope with intrusions.
Moreover, computing systems are susceptible to malicious attacks. Imagine a complex autonomic computing system that is linked to several hundreds of elements and unable to cope with a computer virus that corrupts key system functions. The virus could then corrupt vital system functions of the entire autonomic computing environment. Human intervention would result after the damage has completely penetrated the environment and, thus, resolutions would be very time consuming and costly.
Coping with intrusions is difficult in many ways. One important reason is that perspectives of both the victim and the attacker of an intrusion may be involved. Typically, for an intrusion to succeed the attacker has committed a malicious act that can be detected and the victim is subjected to some amount of loss. But when attacks occur that cannot be discovered, deciding what an intrusion is may become quite difficult.