RE: IDS for DataBase Systems.

["Ralph Los" <RLos () enteredge com>]

Yes - but that's a scanner, I think what we're looking for is an intrusion
detection system.  ISS's Database Scanner is a vulnerability scanning tool
(and believe me, there are much better out there) - and not an DB_IDS.

I'm not aware of any Database-Type IDSes, perhaps we could start a
development effort to write one?  It would essentially be a compilation (for
MS SQL anyway) of Triggers, SP's, etc if I'm guessing right.  Log scanning,
'anomaly detection', all very important.

Cheers,
  Ralph

::: -----Original Message-----
::: From: Galappatti, Kishantha [mailto:Kishantha.Galappatti () gs com] 
::: Sent: Thursday, November 14, 2002 9:24 AM
::: To: 'Hemant Ramnani'; focus-ids () securityfocus com
::: Cc: Hemant Ramnani
::: Subject: RE: IDS for DataBase Systems.
::: 
::: 
::: ISS has a product called Database Scanner
::: 
::: -----Original Message-----
::: From: Hemant Ramnani [mailto:ramnani () cs umn edu] 
::: Sent: Wednesday, November 13, 2002 12:30 PM
::: To: focus-ids () securityfocus com
::: Cc: Hemant Ramnani
::: Subject: IDS for DataBase Systems.
::: 
::: 
::: Hello Everyone,
::: I have seen a lot of papers, research work and commercial 
::: products for intrusion detection systems in networks. 
::: However I was wondering if the same has been done for 
::: intrusion detection in DATABASE SYSTEMS in particular, 
::: specially those dealing with using data mining techniques 
::: for the same.
::: 
::: Any help would be really appreciated.
::: 
::: Thanks,
::: Hemant.R
::: 
::: Hemant Ramnani
::: Masters student, Computer Science
::: University Of Minnesota, Twin Cities
::: Contact no: 612 379 2807 (R)
:::         612 625 6597 (O)
::: 
::: None
::: 
::: 
::: 
::: 
::: 
:::